Computer underground Digest Thu Mar 6, 1997 Volume 9 : Issue 16 ISSN 1004-042X Editor: Jim Thomas (cudigest@sun.soci.niu.edu) News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu) Archivist: Brendan Kehoe Shadow Master: Stanton McCandlish Shadow-Archivists: Dan Carosone / Paul Southworth Field Agent Extraordinaire: David Smith Ralph Sims / Jyrki Kuoppala Ian Dickinson Cu Digest Homepage: http://www.soci.niu.edu/~cudigest CONTENTS, #9.16 (Thu, Mar 6, 1997) File 1--another CDA brief... File 2--imapd and ipop3d hole (fwd) File 3--Hacker Challenges Dark Side Book (fwd) File 4--Hacking and international law File 5--Bell-Atl NYNEX Mobile See's 70% Decrease In Fraud Losses File 6--Higher & Deeper: John Seabrook's CSi book tour File 7--Novell & Microsoft Win Piracy Suit with Final Frontier BBS File 8--Cu Digest Header Info (unchanged since 13 Dec, 1996) CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN THE CONCLUDING FILE AT THE END OF EACH ISSUE. --------------------------------------------------------------------- Date: Tue, 25 Feb 1997 21:10:21 -0600 From: Jon Lebkowsky Subject: File 1--another CDA brief... FOR IMMEDIATE RELEASE Jon Lebkowsky, an Austin-based Internet activist and author, and SiteSpecific Inc., a New York City new media company, have filed a friend of the court brief with the United States Supreme Court, supporting the findings of the District Court in ACLU v. Reno, the Communications Decency Act (CDA) case. "We believe the lower court was completely correct in finding that the CDA was unconstitutional," Lebkowsky said. In their brief, filed on their behalf by attorney Jamie Stecher of New York City (212-355-4000), the parties argue that the Court has erred in recent years by refusing to find that the printing press is the right "metaphor" for electronic media such as the Internet. "The Court has always proceeded by analogy in deciding how to regulate new media," Stecher commented. "For example, in the last century, it held that the telephone was like the telegraph--and by picking the right metaphor, it resolved the legal questions before it. However, the Court went seriously astray last June when it decided an important case pertaining to free speech on cable television, Denver Area Coalition v. FCC, without specifying whether cable is to be treated like broadcast, print media, or something else. It is hard to see how you can specify *how* to regulate something without first deciding *what* it is." Lebkowsky agreed. "The Internet is entitled to the highest protection available for any medium, and print has traditionally received the highest protection. A holding that the Internet is analogous to print will help resolve future legal and legislative disputes before they come to a boil, i.e. any dispute over Internet censorship could then be resolved easily by asking how we treat print media. If the CDA or any similar law would be unconstitutional if applied to books and magazines, it shouldn't be constitutional for the Net, either." Jonathan Wallace, co-author of Sex, Laws and Cyberspace (Henry Holt, 1996) and a plaintiff in ACLU v. Reno, welcomed the filing of the brief. "In the book, we say that 'Cyberspace is a constellation of printing presses and bookstores,'" Wallace noted. "This brief helps to address a gap in the government's logic. Would you really treat Catcher in the Rye differently between paper covers and in electronic format? That's what one Congressman suggested, the day the CDA passed. Finding that the Internet is a form of print media will forestall that possibility." The Supreme Court will hear arguments in ACLU v. Reno on March 19th. -- Jon Lebkowsky * jonl@onr.com * www.well.com/~jonl - Austin conference, Electric Minds (www.minds.com) - Electronic Frontiers Forum, HotWired (www.hotwired.com/eff) - Vice President, EFF-Austin (www.eff-austin.org) ------------------------------ Date: Mon, 3 Mar 1997 01:17:48 -0500 (EST) From: "noah@enabled.com" Subject: File 2--imapd and ipop3d hole (fwd) Source -Noah ---------- Forwarded message ---------- Date--Sun, 2 Mar 1997 21:42:14 -0700 From--David Sacerdote Secure Networks Inc. Security Advisory March 2, 1997 Buffer Overflow in imapd and ipop3d A vulnerability exists within Mark Crispin's mail server toolkit that will allow arbitrary individuals to obtain root access to servers running imapd and ipop3d. This vulnerability is present in both the POP3 and IMAP2bis servers included in the PINE distribution, as well as the IMAP2bis and IMAP4 servers included in Mr. Crispin's IMAP toolkit. Technical Details ~~~~~~~~~~~~~~~~~ The vulnerable mail servers call a library routine to affect a Unix "login", authenticating the user against it's password. A stack overrun exists in this routine. In essence this will allow any client with the ability to attempt a login to enter an overly long username to cause arbitrary machine code to execute. Both the POP and IMAP servers Mr. Crispin distributes discard supervisory privileges sometime after this authentication phase. Unfortunately, the overflow occurs before this happens, and the vulnerability will thus allow an attacker superuser access. The problematic routine is server_login(), which is in "log_xxx.c" in the OS-dependent code tree of the server source distribution. The problem occurs due to the routine's attempt to allow a case insensitive match on the username, which it does by copying the username provided to the routine into an automatic variable in the routine's stack. The username buffer is MAILTMPLEN long, which defaults to 1024 bytes. Unfortunately, the server's input buffer is greater than this, allowing a remote client to feed the routine a username greater than 1024 bytes. If the excess characters in this username contain a valid virtual memory address, the routine will overwrite it's stack frame when copying the username, causing the return from the routine to jump to an unexpected location. Interestingly, the buffer is converted to lowercase after being copied. This provides a slight technical challenge, as the machine code required to take over the server contains uppercase characters. However, modifications to the "standard" stack overrun exploit code to reverse the affects of this lowercasing were trivial. On i386 4.4BSD, the VM address required to redirect server_login()'s return need not contain uppercase characters. The flawed code reads: long server_login (char *user, char *pass, int argc, char *argv[]) { char tmp[MAILTMPLEN]; struct passwd *pw = getpwnam (user); /* allow case-independent match */ if(!pw) pw = getpwnam (lcase (strcpy (tmp, user))); } Impact ~~~~~~ Remote individuals, who do not have a valid username and password for the mail server, can obtain root access to systems running a vulnerable IMAP or POP server. Vulnerable Systems ~~~~~~~~~~~~~~~~~~ Any system running Mark Crispin's POP or IMAP server, of a release earlier than 4.1beta is vulnerable. To determine whether your system is vulnerable, telnet to ports 109, 110, 143 and 220. If you see a banner looking like: * OK example.com IMAP2bis Service 7.8(92) at Mon, 3 Mar 1997 12:00:00 -0500 (EST) or: * OK example.com IMAP4 v10.00 server ready or: +OK example.com POP3 3.0(10) w/IMAP client (Report problems in this server to MRC@CAC.Washington.edu) at Mon, 3 Mar 1998 12:00:00 -0500 (EST) Then your system is vulnerable. If you see "POP3 3.3" or "IMAP4rev1" or later, your POP or IMAP server is not vulnerable. POP servers not derived from Mark Crispin's code, including the somewhat confusingly named "pop3d" from the University of California at Davis are not vulnerable to the attack described in this advisory. Similarly, the University of California at Berkeley popper, and derived POP servers, including the Qualcomm popper, are not vulnerable to this attack. Fix Information ~~~~~~~~~~~~~~~ As a temporary workaround, you can disable the POP and IMAP services in /etc/inetd.conf, and then kill and restart inetd. You can fix the problem in the source yourself, by changing the server_login() function to read: char tmp[MAILTMPLEN]; struct passwd *pw = getpwnam (user); if(!pw) { strncpy(tmp, user, MAILTMPLEN - 1); pw = getpwnam(lcase(tmp)); Or, as a final option, you can switch to the IMAP 4.1 beta distribution, which can be found at ftp://ftp.cac.washington.edu/mail/imap.tar.Z. Additional Information ~~~~~~~~~~~~~~~~~~~~~~ If you have any questions about this advisory, feel free to contact me, by sending mail to davids@secnet.com If you wish to encrypt your messages to me, feel free to use the following PGP public key. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAzJ4qJAAAAEEAOgB7mooQ6NgzcUSIehKUufGsyojutC7phVXZ+p8FnHLLZNB BLQEtj5kmfww2A2pR29q4rgPeqEUOjWPlLNdSLby3NI8yKz1AQSQLHAwIDXt/lku 8QXClaV6pNIaQSN8cnyyvjH6TYF778yZhYz0mwLqW6dU5whHtP93ojDw1UhtAAUR tCtEYXZpZCBTYWNlcmRvdGUgPGRhdmlkc0BzaWxlbmNlLnNlY25ldC5jb20+ =LtL9 -----END PGP PUBLIC KEY BLOCK----- Further information about the Interactive Mail Aaccess Protocol can be found in RFCs 1731, 1732, 1733, 2060, 2061, 2062, 2086, 2087, 2088, and 2095. Further information about the Post Office Protocol can be found in RFCs 1939 and 1957. Copies of RFCs can be found at http://ds.internic.net/rfc/rfcXXXX.txt For further information about Secure Networks Inc, including product information, past advisories, and papers, see http://www.secnet.com If you wish to obtain Secure Networks advisories via our mailing list, please send mail to sni-advisories-request@secnet.com, with a single line reading: subscribe sni-advisories Copyright ~~~~~~~~~ The contents of this advisory are Copyright (C) 1997 Secure Networks Inc, and may be distributed freely provided that no fee is charged for distribution, and that proper credit is given. imapd and ipop3d fall under the following license: Copyright 1997 by the University of Washington Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appears in all copies and that both the above copyright notice and this permission notice appear in supporting documentation, and that the name of the University of Washington not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. This software is made available "as is", and THE UNIVERSITY OF WASHINGTON DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, WITH REGARD TO THIS SOFTWARE, INCLUDING WITHOUT LIMITATION ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, AND IN NO EVENT SHALL THE UNIVERSITY OF WASHINGTON BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, TORT (INCLUDING NEGLIGENCE) OR STRICT LIABILITY, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ------------------------------ Date: Fri, 28 Feb 1997 17:13:03 -0600 (CST) From: Computer underground Digest Subject: File 3--Hacker Challenges Dark Side Book (fwd) ((MODERATORS' NOTE: TELECOM Digest is an electronic journal devoted mostly but not exclusively to telecommunications topics. It is circulated anywhere there is email, in addition to various telecom forums on a variety of public service systems and networks including Compuserve and America On Line. It is also gatewayed to Usenet where it appears as the moderated newsgroup 'comp.dcom.telecom'. Subscriptions are available to qualified organizations and individual readers. Write and tell us how you qualify: * ptownson@massis.lcs.mit.edu * ====== TELECOM Digest Mon, 24 Feb 97 09:07:00 EST Volume 17 --Issue 51 Date--Mon, 24 Feb 1997 00:48:43 PST From--tad@ssc.com (Tad Cook) Hacker challenges `dark side' book By Simson Garfinkel Special to the Mercury News KEVIN Poulsen was one of the most talented "dark side hackers" ever to phreak a phone call. For more than two years, Poulsen lived the life of a fugitive as part of the seedy Los Angeles underground. He made money by reprogramming Pacific Bell's computers for pimps and escort services, re-activating old telephone numbers and building a voice-mail network pairing prostitutes with their johns. And he cleaned up by messing with the phones used by Los Angeles radio stations, rigging their call-in contests so that he would always win the big bucks or the car. But Poulsen got caught and he spent more than five years in jail. Behind bars in 1993, Poulsen did what any phone phreak would do: He picked up the pay phone and started making collect calls. But these calls where different: they went to Jonathan Littman, a journalist in Mill Valley who had just published a magazine article about Poulsen's crimes and exploits and was about to write a book on the same topic. Poulsen wanted to make sure that Littman got the story right. He felt that Littman had made a lot of mistakes in the magazine article. Today, Poulsen feels somewhat betrayed by the journalist to whom he gave total access. After reading an advance copy of Littman's book, Poulsen says Littman has twisted the truth in order to make a more compelling story. "Most of my complaints about Littman's book are small things," said Poulsen, who is on parole and living in Sherman Oaks, a Los Angeles suburb. "He has major events right but then he changes the meaning of them by changing minor events and making up quotes." Littman stands by his work. The book, "The Watchman: The Twisted Life and Crimes of Serial Hacker Kevin Poulsen," is due to be published next month by Little, Brown and Co. It's an insider's look at the world of a criminal computer hacker, one of the most detailed yet published. "He was one of the first to hack the Internet and get busted for it," said Littman, referring to Poulsen's 1984 arrest for breaking into university computers on the ARPAnet, predecessor to today's Internet. "They decided not to prosecute him because he was 17" when he was arrested, Littman said. Instead, Poulsen was hired by a Silicon Valley defense contractor. "It was every hacker's dream -- to commit a crime and instead of going to jail, to get a job with what was a top think tank and defense contractor," Littman said. Soon, however, Poulsen was back to his old tricks -- with a vengeance, according to the book. He started physically breaking into Pacific Bell offices, stealing manuals and writing down passwords. Much of what he found went into a storage locker. But Poulsen couldn't handle his finances, and got behind in his rent. When the locker company broke open Poulsen's lock his stash was discovered and a trap was laid. As the FBI closed in, Poulsen left town, a fugitive on the run. Guilty plea He was caught June 21, 1991, and spent nearly three years in pre-trial detention. On June 14, 1994, in federal court in Southern California, he pleaded guilty to seven counts of computer fraud, interception of wire communications, mail fraud, money laundering and obstruction of justice. He was then transferred to Northern California to face a spying charge, based on his possession of material the government called classified. He pleaded guilty to fraud, possession of unauthorized access devices and fraudulent use of a Social Security number, and was released June 4, last year. The Watchman is Littman's second book on the computer hacker underground. His first, "The Fugitive Game," followed the exploits of hacker Kevin Mitnick, who was on the run and eventually caught by computer security expert Tsutomu Shimomura and New York Times reporter John Markoff. Shimomura and Markoff wrote their own book describing the chase, and they both objected to Littman's version of the events. For his part, Poulsen seems most angry about the implication of the new book's title -- that he was somehow obsessed with eavesdropping and largely acted alone. Only two wiretaps In the book, Littman has Poulsen listening to dozens of conversations -- even wiretapping the telephones of people trying to sell used equipment through newspaper classified ads, to see if they are being honest with their prices. Poulsen insists that he wiretapped the telephones of only two people: another hacker who was also an FBI informant and his high-school girlfriend. "He also reports that I obsessively followed the details of every escort date, including details of the tricks," Poulsen says, among other complaints. "He made that up. Totally made that up." Littman denies making up quotes, and insists that everything in the book was told to him by one of the participants. "I've written a book about a very complicated story about controversial people who had very different versions of what happened," Littman said. "I've done the best I can to view them objectively. Somebody else might view them differently, and the participants obviously have a subjective perspective. My views are in the book." But Poulsen says that Littman's fundamental premise is flawed. "John had a problem in writing this book," Poulsen said. "He wanted to sell it as the troubled loner-hacker-stalker guy. The problem is I had five co-defendants and it is hard to portray someone as a troubled loner when you have five other people making it happen." Not a loner Ron Austin, Poulsen's friend and co-conspirator, agrees. "Littman has to write an interesting book, I guess," he said. "He downplays the role of a lot of people, but I think that's because he is writing a book about Kevin. My role is downplayed." Austin also said the role of Justin Petersen, a hard-rocking hacker and co-conspirator is underplayed. Austin, also on parole, said he is concerned that the controversy regarding Littman's portrayal of Poulsen might obscure some of the more important issues raised by Littman's book: That the FBI engaged in widespread wiretapping of foreign consulates in the San Francisco area, the FBI's apparent hiring of an informant to commit illegal acts on the agency's behalf, and that the FBI's apparent ability to decrypt files on Poulsen's computer that had been encrypted with the U.S. government's Data Encryption Standard, a popular data-scrambling algorithm. The FBI office in Los Angeles declined to comment on the Poulsen case. A representative of the FBI's Washington office said, "We normally do not comment on books that are coming out until we have had an opportunity to review the book." As a condition of his plea bargain, Poulsen is prohibited from discussing FBI wiretaps. Littman said he feels "lucky as a writer to have been able to spend some time with Poulsen and these other characters in the story." "One thing about Poulsen is he really had a very highly developed ethical model that he believed in," Littman said. "He found it challenged by his circumstances and the people he associated with. I found it fascinating to see how he resolved this age-old computer hacker ethic with a changing world." ------------------------------ Date: Wed, 26 Feb 1997 13:12:42 +0100 (MET) From: Felipe Rodriquez Subject: File 4--Hacking and international law Hi, I thought you'd be interested in this message I got: >From--"Ivo Skoric" Problem: Last week three teenage high school students from Zadar, Croatia, hacked into some Pentagon secret files (Anderson nuclear facility being the one among claimed by DoD). Just for fun, as hackers do. Croatia is still in its early years of cyberspace: government did not yet realize the powers of the Net, and those who are, are young mischievous political moderates. Students' teacher, their parents, their school, their town - they are all very proud of their children exceptional computer prowess. School's message board boldly displays a mock flier offering Pentagon secrets at discount. Price is set after Pentagon came forward claiming that this was not an innocent "no damage done" hacking: they say that there is approximately half a million dollars damage done, and they sent their lawyers to Croatia to collect. The kids, their parents, their school or even their town can't pay that sum. Here in the U.S. Pentagon downplays the event and the abundance of American free media stays silent. Nevertheless, they requested through Interpol that Croatian police seize the hardware from teenage hackers, if not outright arrest them - although hacking into computers is not illegal in Croatia (and hackers unpunished broke into Croatian DoD several times). They were not arrested, but their equipment was seized. Question: Can the U.S. enforce its law abroad? Are non-U.S. citizen mandated to follow the U.S. law in their own countries of origin? Evaluation: If the U.S. is allowed it's law abroad, becoming the world district attorney (the natural development from its previous title - the world policeman), then other countries are already in a quasi-colonial position. If a U.S. citizen broke some Croatian law in the U.S. in a way to cause damage to some Croatian government institution, American media might remind us of how Croatian government is essentially an undemocratic, authoritarian structure, who, lets hint, might have deserved the intrusion. This sends a signal around the world that each country sovereignty is limited by the laws of the only remaining superpower. However, if the U.S. is not allowed to enforce it's law abroad in such situations like this one, then every hacker in every corner of the world will go for that highest prize: the U.S. military and intelligence computers. Solutions: a) The U.S. can take Croatia as the 51st state, making its citizens liable for breaking an American law. Also, with the same living standard, people of Croatia might be more receptive to American law. b) The U.S. may launch a TOCHL, a TOEFL like Test Of Computer Hacking Language, to be administered at embassies and consulates. The INS would then unconditionally give green cards to those who placed in the top 3% every year (that might be also better for the U.S. economy than the immigration lottery which often brings over people who don't know what to do with their prize). After a few years this would male all the top world hackers answer to American law. c) The U.S. may forgive them one or two war criminals at The Hague if Croats let them have the damn kids. d) Pentagon may promise Croatian President to keep him in power until he dies of his lymph nodes cancer (for which he is already occasionally treated at American military hospitals), if he pays the proposed fee of half million. e) The U.S. government may propose and host (I bet this idea is already circulating) an international convention to impose it's cyber-cop policies on others by threatening them with techno-sanctions should they not abide - yet this may backfire to the host. ------------------------------ Date: Mon, 3 Mar 1997 18:16:14 -0500 (EST) From: "noah@enabled.com" Subject: File 5--Bell-Atl NYNEX Mobile See's 70% Decrease In Fraud Losses From -Noah ---------- Forwarded message ---------- Date--Mon, 3 Mar 1997 17:17:22 -0500 From--Bell Atlantic Thanks To High-Tech Solutions NEWS RELEASE ********************************************************* ******************************************* BELL ATLANTIC NYNEX MOBILE FOR IMMEDIATE RELEASE CONTACT: March 3, 1997 Maggie Aloia Rohr (908)306-7757 maloia@mobile.bam.com BELL ATLANTIC NYNEX MOBILE SEES 70% DECREASE IN FRAUD LOSSES THANKS TO HIGH-TECH SOLUTIONS Aggressive Work with Law Enforcement Nets More Than 390 Arrests CTIA WIRELESS '97 SAN FRANCISCO -- The implementation of Authentication and RF Fingerprinting technology has led to significant decreases in cellular fraud for Bell Atlantic NYNEX Mobile. Since May of 1996, when the company led the industry in launching Authentication service, Bell Atlantic NYNEX Mobile has seen an overall fraud decrease of 70 percent month over month; specifically, a 74 percent decrease in home fraud and a 57 percent decrease in roaming fraud. In addition, Bell Atlantic NYNEX Mobile works with law enforcement agencies to pursue and prosecute cloners and distributors of cloned phones and equipment. Last year, the company's efforts netted more than 390 arrests, and the recovery of more than 110,000 stolen cellular phone number/serial number combinations. The company also assists in prosecuting cellular thieves to the fullest extent of the law. One case resulted in a six year federal jail sentence and more than $97,000 in ordered restitution to Bell Atlantic NYNEX Mobile and other carriers. "While we are extremely encouraged by the decreases we've seen, we cannot eliminate fraud on our own, especially roaming fraud," said Nick Arcuri, vice president-fraud control. "We are actively encouraging our roaming partners to join us in the fight by exchanging fraud information and by implementing solutions such as networking of authentication and RF Fingerprinting systems." Bell Atlantic NYNEX Mobile's aggressive fraud prevention plan is based on a three-pronged approach -- prevention, detection, and prosecution. Fraud prevention centers around implementing network solutions to stop fraud before it affects the customer. Authentication and RF Fingerprinting technology deployments are the cornerstones of this approach. Since last May, the company has rolled out Authentication and RF Fingerprinting technology in all its major markets. Nearly two million Bell Atlantic NYNEX Mobile customers are protected by Authentication and RF Fingerprinting when in the Bell Atlantic NYNEX Mobile footprint or when roaming in markets where the company has interconnected its fraud protection services with other carriers. The second approach to fighting cellular fraud is early detection. The company's in-house fraud task force uses sophisticated fraud-detection software to alert customers and shut down cloners quickly. Lastly, Bell Atlantic NYNEX Mobile aggressively pursues cellular cloners and dealers of stolen equipment. The company provides training, support, and assistance to local, state, and federal law enforcement officials and employs private investigation firms to jointly combat the problem. Bell Atlantic NYNEX Mobile is the largest wireless service provider on the East Coast and the second largest in the United States. The company owns and operates the most extensive network in the east, covering 111,000 square miles, and the largest chain of wireless retail outlets offering a full range of wireless personal communications services, including voice, data and paging. Based in Bedminster, NJ, Bell Atlantic NYNEX Mobile has 4.4 million customers and 6,500 employees in the Northeast, mid-Atlantic, Southeast, and, through a separate subsidiary, in the Southwest. The company was formed in July, 1995, by combining the cellular operations of Bell Atlantic Mobile and NYNEX Mobile. ------------------------------ Date: Thu, 13 Feb 1997 20:24:42 -0600 (CST) From: Crypt Newsletter Subject: File 6--Higher & Deeper: John Seabrook's CSi book tour To set the right stage for the following bit of news on author and New Yorker reporter John Seabrook, it's necessary for Crypt News to steal outright from Eric Alterman's description of the pundit Morton Kondracke in "Sound & Fury," an analysis of the Beltway political punditocracy. Alterman likened Kondracke disparagingly to Ayn Rand's Lancelot Clokey, a social critic in "The Fountainhead" whose literary celebrity was purely the creation of the people he worked for. Like Morton Kondracke, John Seabrook is another Lancelot Clokey -- cyberspace's. In the past, he's been memorable for overwrought features in New Yorker magazine on swapping e-mail with Bill Gates and being flamed by David Sternlight. The latter incident apparently so unnerved Seabrook, he momentarily believed he'd been attacked by a computer virus. Like Lancelot Clokey, John Seabrook is an author -- "Deeper: My Two-Year Odyssey in Cyberspace" (Simon & Schuster). In the months to come you can expect Seabrook's book, like Clokey's "The Gallant Gallstone," to be praised to the heavens by critics who assuredly know better. Soon thousands and thousands of copies of "Deeper" will sell and the name "Seabrook" will be on the lips of all the wired kingdom's digerati. Like Clokey, Seabrook will believe his reviews, lose all perspective (actually, he's already in this phase if the following interview is an indicator), and live the life of the brilliant social critic and public philosopher when in reality he's done "nothing more outstanding than sleeping, eating and chatting with neighbors." On the p.r. junket for "Deeper," Seabrook came to CompuServe this week and talked on-line for about an hour in front of an audience of five -- six or seven if you count his mother plus the handler from People magazine, the outlet sponsoring the conference. It didn't matter that there weren't many real questions, Seabrook had answers: cliches as quips, contradictory statements, whizz-bang "hey-even-I-coulda-thought-of-that" pronouncements and some clowning. Here then, a sampling of Seabrook quote from the interview -- To no one in particular: "Pop culture is a weird thing." On why the Net is sometimes "nasty:" "There is a nasty side to lots of people, but some people do a better job of keeping it civilized -- which is good. On-line lowers the curtain of civilization. But sometimes it's good to be nasty. It gets the nastiness out that would otherwise be used in the real world." On the ["mountain men and pioneers"] of the Internet: "They [the mountain men] are going to have to figure out how to get along. The frontier is over. Now it's the next phase. It's more like the town than the frontier now. The mountain men are probably feeling a little blue." On journalism and reporting from the Internet: "If I had to do my reporting work on the Net, I'd be fucked. [But not _too fucked_ for the New Yorker gig and book tour. -- Crypt News] I never use the Net for information gathering -- it's lousy for that. The public library in NYC is much better." On Bill Gates and how the jig's up for the master of Microsoft: "It's amazing Gates caught onto the Net at all. He is about one man alone with his machine, not connectivity. He's faking it now -- I don't think he's [going to] survive for long." And then, contradicting himself in the same breath, how Gates will conquer Netscape: ". . . as to Netscape, I think it will end up like Apple. Microsoft has already successfully copied Netscape, just as it did Apple. It will slowly market it out of business." The next one is quite original. Wouldn't you want to read a book by an author who had this to say about America On-Line in early 1997: "AOL sucks!" Again on Bill Gates, the one-time subject of a lengthy Seabrook/New Yorker treatise: "I don't exchange e-mail with him. I don't have that much to say to him, I guess. If I really wanted to talk to him, I'd e-mail him, but I doubt he'd e-mail me back. Fuck him." On the Internet, again, this time parroting the People magazine handler who asked if the Internet was a "giant time sink:" "The Net is a giant time sink." On what he's writing about now: "Now I am writing a story about a young would-be rock star." And on writing about the Net, again: "Actually I don't think I'll be writing about computers or the Net again for awhile, maybe never. I feel like I said everything I have to say . . . or what I haven't, I'll say on the book tour gigs." Near the end, Seabrook's handler asked how his book could do well in a time when Net books are classed as "failed" because they're Net books (Nope, I'm not making this up.) The answer, of course, was Seabrook's Net book is _different_ because it's not really a Net book: ["Deeper"] is sort of different though. It's not really about the Net, it's about one man's experience of the Net. It's more of a memoir of Net use than a book about the Net." George Smith Crypt Newsletter ------------------------------ Date: Mon, 24 Feb 1997 08:38:59 -0800 From: unknown@garbled.header Subject: File 7--Novell & Microsoft Win Piracy Suit with Final Frontier BBS ((MODERATORS' NOTE: The first few lines of the header were garbled. We apologize to the poster(s) who sent the following)) FOR IMMEDIATE RELEASE --- February 24, 1997 Novell and Microsoft Win Ruling in Lawsuit With the Final Frontier BBS OREM, Utah * February 24, 1997 * Novell, Inc. and Microsoft announced they have received a crucial ruling in their lawsuit against The Final Frontier Bulletin Board System (BBS). The United States Bankruptcy Court for the District of Arizona ruled that the system operator for The Final Frontier is responsible for damages to the software companies. Microsoft and Novell first became aware that The Final Frontier was dealing in illegal software when investigators were able to log onto the board using an alias and download the illegal software. Further investigation revealed that The Final Frontier was a member of two groups specializing in illegal software. The two groups, Nokturnal Trading Alliance (NTA) and Rise in Superior Couriering (RISC) are well known in the BBS world. Investigators from Novell and Microsoft were able to verify 146 improper downloads in a very short period of time. The Bankruptcy Court awarded $73,000.00 to Microsoft and Novell based upon the number of illegal downloads of each company's software. In its ruling the court stated, *The economic reality is that any amount awarded is the functional equivalent of an economic death sentence to this debtor.....if the debtor's financial circumstances were better or the violations had been for profit, the award would have been larger*. Harrison Colter, attorney for Novell, stated * The judges words *economic death sentence' send a very powerful message. I hope others get the message so that they do not suffer the same fate for their illegal activities.* *Although we are competitors in the marketplace, the damaging effects of software piracy greatly harm both of our companies and ultimately the entire software industry and its consumers,* commented Jim Lowe, Microsoft Corporate Attorney. *Neither Microsoft nor Novell will stand by while bulletin boards illegally offer our products to download.* Novell has established an anti-piracy group and telephone hot line for reporting illegal use of Novell software or making related inquiries. Call 1-800-PIRATES (800-747-2837) or send e-mail to pirates@novell.com. Consumers with questions about the legitimacy of Microsoft products should call the Microsoft Anti-piracy Hotline at 1-800-RU-LEGIT or e-mail piracy@microsoft.com. To receive more information about software piracy, call the Business Software Alliance (BSA) Anti-piracy Hotline at 1-888-NO-PIRACY or e-mail software@bsa.org. Founded in 1983, Novell (NASDAQ: NOVL) is the world's leading provider of network software. The company offers a wide range of network solutions for distributed network, Internet, intranet and small-business markets. Novell education and technical support programs are the most comprehensive in the network computing industry. Information about Novell's complete range of products and services can be accessed on the World Wide Web at http://www.novell.com. Founded in 1975, Microsoft (NASDAQ: *MSFT*) is the worldwide leader in software for personal computers. The company offers a wide range of products and services for business and personal use, each designed with a mission of making it easier and more enjoyable for people to take advantage of the full power of personal computing every day. ### Novell is a trademark of Novell, Inc. Microsoft is a trademark of Microsoft, Inc. Microsoft Contact: Karen Porter Phone: (206) 936-5992 Fax (206) 936-7412 Internet: karenpor@microsoft.com Novell Contact: Steve Kirk Phone: (801) 228-8801 Fax (801) 228-8875 Internet: skirk@novell.com ------------------------------ Date: Thu, 15 Dec 1996 22:51:01 CST From: CuD Moderators Subject: File 8--Cu Digest Header Info (unchanged since 13 Dec, 1996) Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically. CuD is available as a Usenet newsgroup: comp.society.cu-digest Or, to subscribe, send post with this in the "Subject:: line: SUBSCRIBE CU-DIGEST Send the message to: cu-digest-request@weber.ucsd.edu DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS. The editors may be contacted by voice (815-753-0303), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115, USA. To UNSUB, send a one-line message: UNSUB CU-DIGEST Send it to CU-DIGEST-REQUEST@WEBER.UCSD.EDU (NOTE: The address you unsub must correspond to your From: line) Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on RIPCO BBS (312) 528-5020 (and via Ripco on internet); and on Rune Stone BBS (IIRGWHQ) (860)-585-9638. CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. EUROPE: In BELGIUM: Virtual Access BBS: +32-69-844-019 (ringdown) In ITALY: ZERO! BBS: +39-11-6507540 In LUXEMBOURG: ComNet BBS: +352-466893 UNITED STATES: etext.archive.umich.edu (192.131.22.8) in /pub/CuD/CuD ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/ aql.gatech.edu (128.61.10.53) in /pub/eff/cud/ world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/ wuarchive.wustl.edu in /doc/EFF/Publications/CuD/ EUROPE: nic.funet.fi in pub/doc/CuD/CuD/ (Finland) ftp.warwick.ac.uk in pub/cud/ (United Kingdom) The most recent issues of CuD can be obtained from the Cu Digest WWW site at: URL: http://www.soci.niu.edu/~cudigest/ COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ------------------------------ End of Computer Underground Digest #9.16 ************************************