Chaos Digest Lundi 8 Fevrier 1993 Volume 1 : Numero 7 Editeur: Jean-Bernard Condat (jbcondat@attmail.com) Archiviste: Yves-Marie Crabbe Co-Redacteurs: Arnaud Bigare, Stephane Briere TABLE DES MATIERES, #1.07 (8 Fev 1993) File 1--De l'origine du premier e-journal francais, ChaosD File 2--Comment ecrire a Clinton a la Maison Blanche? File 3--ICVC'93: Premiere conference bulgare sur les CPA's File 4--Proposition de nouvel "C2 Orange Book" aux USA File 5--Phreacking: Est-ce realisable? File 6--Attention au CCCF (Reprint) File 7--Re: NTPASS, module chargeable sous NetWare File 8--Reaction sur "The Little Black Book of Computer Virus" Chaos Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost from jbcondat@attmail.com. The editors may be contacted by voice (+33 1 40101775), fax (+33 1 40101764) or S-mail at: Jean-Bernard Condat, Chaos Computer Club France [CCCF], 47 rue des Rosiers, 93400 St-Ouen, France Issues of Chaos-D can also be found on some French BBS. Back issues also may be obtained from the mail server at jbcondat@attmail.com: all incoming messages containing "Request: ChaosD #x.yy" in the "Suject:" field are answered (x is the volume and yy the issue). CHAOS DIGEST is an open forum dedicated to sharing French information among computerists and to the presentation and debate of diverse views. ChaosD material may be reprinted for non-profit as long as the source is cited. Some authors do copyright their material, and they should be contacted for reprint permission. Readers are encouraged to submit reasoned articles in French, English or German languages relating to computer culture and telecommunications. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Chaos Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ---------------------------------------------------------------------- Date: Tue Feb 2 08:01:27 EST 1993 From: 441495@ACADVM1.UOTTAWA.CA (MICHAEL STRANGELOVE ) Subject: File 1--De l'origine du premier e-journal francais, ChaosD I find it amazing that the first e-serial in France should only just appear in 1993, considering the size and age of Minitel. Does anyone have any comments on why this should be so? Michael Strangelove Department of Religious Studies University of Ottawa BITNET: 441495@Uottawa Internet: 441495@Acadvm1.Uottawa.CA S-Mail: 177 Waller, Ottawa, Ontario, K1N 6N5 CANADA Voice: (613) 747-0642 FAX: (613) 564-6641 +++++ Date: Tue Feb 2 13:34:36 EST 1993 From: JQRQC%CUNYVM.BITNET@VTVM1.CC.VT.EDU (Joe Raben ) It just seems to me, Michael, that French >academics< are less turned on to netting than other nationalities, and they may not see Minitel as a meaningful >scholarly< medium. While SCHOLAR had at latest count 67 subscribers in Britain, 83 in Canada, 49 in the Netherlands, 31 in Australia, and 18 in Japan, only 6 have signed up so far in France, and my associates there ask me to send them faxes! +++++ Date: Thu Feb 4 08:54:04 EST 1993 From: guedon@ERE.UMontreal.CA (Guedon Jean-Claude ) There is a second answer to Joe Raben's: to publish on Minitel, one had to have a periodical number, which explains why so many initial Minitel services were connected with well known publications such as Le Monde, etc... This was in response to the newspapeprs's fear of being faced with unfair competition from the new electronic medium and, in fact, some went so far as to claim that this was a plot to destroy freedom of the press by destroying the newspapers themselves. In order to reassure them, the government forced initial publishers on Minitel (I am using the word "publisher" in an extrapolated meaning, of course) to be connected with an existing publication. I don't know if this policy is still in force. ------------------------------ Date: Wed, 20 Jan 93 05:32 GMT From: 0004381897@mcimail.com (David Daniels ) Subject: File 2--Comment ecrire a Clinton a la Maison Blanche? It is only fitting that this happened on the eve of tomorrow's presidential inauguration: I sent a message today to the Clinton Transition Team and got the following response. Does this mean that they are not keeping up with their e-mail? So much for electronic democracy!!! :-) TO: * David Daniels / MCI ID: 438-1897 Subject: Non delivery notification Message [...] sent Tue, Jan 19, 1993 07:16 PM EST, could not be delivery to: To: Clinton Transition Team EMS: CompuServe MBX: [75300,3115] for the following reasons: Mail Delivery Failure. No room in mailbox. ----- Returned message ----- +++++ Date: Thu, 28 Jan 1993 18:12:46 GMT From: barrett@forge.gatech.edu (James Barrett ) > Mail Delivery Failure. No room in mailbox. This is because Jock Gill who handles Email for Clinton was at the inauguration and not near his computer for a week. The link is back up and generating *lots* of mail (press releases) from Clinton. +++++ Date: Fri, 29 Jan 1993 20:32:42 GMT From: schneier@chinet.chi.il.us (Bruce Schneier ) The White House is on-line. Send mail to them at: 75300.3115@Compuserve.COM Bruce **************************************************************************** * Bruce Schneier * * Counterpane Systems For a good prime, call 391581 * 2_216193 - 1 * * schneier@chinet.chi.il.us * **************************************************************************** +++++ Si les americains ne cessent de discuter de l'etat de sante des boites-aux- lettres electroniques de Bill Clinton (ici dans RISKS #14-29/30 et dans "Computer Privacy Digest" #2.013, Thierry Platon, dans un papier "Download et e-Mail: la tour de Babel" de son dossier _Les BBS_ ("InfoPC", decembre 1992, no. 87, page 208) ecrit beaucoup mieux: Aux Etats-Unis toutefois, on n'utilise pas de code de pays, mais plutot des codes correspondant au type de message: .com s'il provient d'une entreprise commerciale, .edu pour une universite ou une ecole, .org pour une organisation non commerciale, .mil pour l'armee, . gov pour le gouvernement (Bill.Clinton@whitehouse.gov est une adresse va- lable!), etc. Nous n'avons pas manque de transmettre nos felicitations a Bill Clinton par un message chaleureux a l'adresse indique. Il nous est revenu avec un commentaire: Your mail to whitehouse.gov is undeliverable. whitehouse.gov: unknown host Mais l'auteur, soucieux de ne pas laisser le lecteur dans une douce ignorance recidive de plus belle: [...] Certains types de BBS commerciaux americains peuvent relier ce type de e-Mail. C'est le cas de CompuServe, par exemple, ou un utili- sateur reference 72241,407 aura pour code 72241,407@Compuserve.com. Thierry Platon n'a jamais utilise de messageries reliees a InterNet. Dans le cas cite, l'adressage exact pour la plupart des routeurs est particulier. Sur ATT-Mail, la syntaxe aurait ete: mhs!csmail!72241.4079 Il saurait aussi que les virgules sont interdites en adressage... et qu' Atlas400 de Transpac n'est pas connecte a InterNet. Qui me dira pourquoi? ------------------------------ Date: Tue, 02 Feb 93 17:48:55 +0000 From: icvc93@acmbul.bg (Organizing Comitee ) Subject: File 3--ICVC'93: Premiere conference bulgare sur les CPA's C A L L F O R P A P E R S ACMBUL's FIRST INTERNATIONAL COMPUTER VIRUS PROBLEMS AND ALTERNATIVES CONFERENCE 5-8 April, 1993 - Varna, Bulgaria The purpose of the 1993 International Computer Virus Conference is to provide a forum for anti-virus product developers, researchers and academicians to exchange information among themselves, students and the public. ICVC'93 will consist of open forums, distinguished keynote speakers, and the presentation of high-quality accepted papers. A high degree of interaction and discussion among Conference participants is expected, as a workshop-like setting is promoted. Because ICVC'93 is a not-for-profit activity funded primarily by registration fees, all participants are expected to have their organizations bear the costs of their expenses and registration. Accomodations will be available at reduced rates for confernece participants. WHO SHOULD ATTEND The conference is intended for computer security researchers, managers, advisors, EDP auditors, network administrators, and help desk personnel from government and industry, as well as other information technology professionals interested in computer security. CONFERENCE THEME This Conference, devoted to advances in virus prevention, will encompass developments in both theory and practice. Papers are invited in the areas shown and may be theoretical, conceptual, tutorial or descriptive in nature. Submitted papers will be refereed, and those presented at the Conference will be included in the proceedings. Possible topics of submissions include, but are not restricted to: o Virus Detection o Virus Trends and Forecast o Virus Removal o Virus Prevention Policies o Recovering from Viruses o Incident Reporting o Viruses on various platforms o Emergency Response (Windows, Unix, LANs, WANs, etc.) o Viruses and the Law o Virus Geneology o Education & Training THE REFEREEING PROCESS All papers and panel proposals received by the submission deadline and which meet submission requirements will be considered for presentation at the Conference. All papers presented at ICVC'93 will be included in the Conference proceedings, copies of which will be provided to Conference attendees. All papers presented, will also be included in proceedings to be published by the ACMBUL. INSTRUCTIONS TO AUTHORS [1] Two (2) copies of the full paper, consisting of up-to 20 double-spaced, typewritten pages, including diagrams, must be received no later than 28 February 1993. [2] The language of the Conference is English. [3] The first page of the manuscript should include the title of the paper, full name of all authors, their complete addresses including affiliation(s), telephone number(s) and e-mail address(es), as well as an abstract of the paper. IMPORTANT DATES o Full papers to be received in camera-ready form by the Organizing Committee by 28 February 1993. o Notification of accepted papers will be mailed to the author on or before 10 March 1993. o Conference: 5-11 April 1993, St. Konstantine Resort, Varna, Bulgaria WHOM TO CONTACT Questions or matters relating to the Conference Program should be directed to the ACMBUL: ICVC'93 Attn: Mr. Nickolay Lyutov ACMBUL Office Varna University of Economics 77 Boris I Blvd, 9002 P.O.Box 3 Varna Bulgaria Phone/Fax: (+35952) 236-213 E-mail: ICVC93@acmbul.bg icvc93@acmbul.bg (Organizing Comitee) ACMBUL -- Bulgarian Chapter of ACM icvc93@acmbul.bg (Organizing Comitee) ACMBUL -- Bulgarian Chapter of ACM ------------------- Date: Thu Feb 4 10:31:32 EST 1993 From: lynch@csmes.ncsl.nist.gov (nicki lynch ) Subject: File 4--Proposition de nouvel "C2 Orange Book" aux USA CONTACT: Nickilyn Lynch Computer Scientist, National Computer Systems Laboratory National Institute of Standards and Technology (NIST) The **PRELIMINARY DRAFT** of the U.S. Federal Criteria for Information Technology Security (FC) (which will eventually replace the "Orange Book") is available on-line. The files are located on the NIST Computer Security Bulletin Board. When printed out, both volumes of the document total approximately 280 pages double-sided. By the second week of February, the FC (without the figures) should be available in ASCII format at that site. The figures will also be available individually in postscript form. What follows are instructions on how to download the files from the site, how to register your name for announcements, and how to send in comments. +++++ TO DOWNLOAD THE FILES FROM NIST'S BBS The following information is on obtaining the draft Federal Criteria from the NIST BBS in electronic form. Please use these instructions for obtaining the files: You can obtain the files three ways: * anonymous ftp (PostScript): ftp to csrc.nist.gov (129.6.54.11) user anonymous password cd pub/nistpubs get fcvol1.ps, get fcvol2.ps quit * e-mail (PostScript) Send the following message only to docserver@csrc.nist.gov (no subject line necessary, use lower case): send fcvol1.ps send fcvol2.ps The files will be e-mailed to your account. [Moderateur: J'ai fait la demande par un simple message internet et j'ai recu 3 fichiers: un accuse de reception de ma demande de 1,3K et deux fichiers PostScript de 1012K et 894K] * via a BBS and a modem (PostScript compressed w/ PKZIP) Set parameters to 8 bit characters, no parity, 1 stop bit. For 9600 BPS, dial 1-301-948-5140 For 2400 BPS, dial 1-301-948-5717 If not a registered user, follow instructions for registering. Go to Files section, follow instructions for Downloading, file names are fcvol1.zip, fcvol2.zip (files are compressed using the PKZIP utility, which can also be downloaded here, filename is pkz110.exe) +++++ REGISTERING YOUR NAME When you receive an electronic copy of the draft FC, please send us you name, mailing address, telephone, and e-mail address to the e- mail address listed below and state that you have an electronic copy of the FC. If you distribute the document to additional people in your organization, please send us the same information on those people as well. We will put the names into our database for any further announcements, meeting notices, draft announcements, etc., related to the effort. NIST will be sending out a LIMITED NUMBER of hard copies, but due to the substantial expense of sending out such a large document--even at book rate, we would prefer people to receive the document electronic means. Therefore, by sending us your name and the names of those in your organization who have the downloaded copies of the document, it saves us from having to send additional hard copies. +++++ COMMENTS We are soliciting TECHNICAL, SUBSTANTIVE comments on the document. The deadline for comments is: March 31, 1993 All those who contribute substantive comments will be invited to a two-day workshop at the end of April 1993 to resolve the comments. The workshop will be held in the Washington-Baltimore area in a to-be-announced location. Please send your comments to: lynch@csmes.ncsl.nist.gov or, if you prefer, you can send us a 3.5" or 5.25" diskette in MSDOS or UNIX format (please indicate which) to: Federal Criteria Comments ATTN: Nickilyn Lynch NIST/CSL, Bldg 224/RM A241 Gaithersburg, MD 20899 We would prefer to receive electronic copies of comments and/or name registrations, but we will also receive hardcopy comments/name registrations at this same address. You can also contact us via the following fax: FAX: (301) 926-2733 (please note that this number will be active starting in March) Thank you in advance for your interest in this effort. Federal Criteria Group National Institute of Standards and Technology -------------------- Date: Tue Feb 2 11:41:25 EST 1993 From: TAWED%ETSU.bitnet@CUNYVM.CUNY.EDU (Ed Street ) Subject: File 5--Phreacking: Est-ce realisable? Hey!!!! I just recently came up with a way that we here could hack our way into the telephone system. It involves dialing a long distance number and placing a counter on the calling card number, if the card number is valid then there is silence, if it's invalid then it returns a busy line. I think that a computer with a modem could be programed to dial a selected number and then place a counter on the calling card number, dial the two and see if it's busy or not. If it's busy then cycle to the next card number. A very simple algorithm. I was talking to one of my friends that works for the press and he asked if it was realistic. I think that it would be. But the only problem is that there is 9 digits to the calling card number. :-( That's 999,999,999 possibilities! this part seems that it would be unrealistic. What do you think?? Think that it could take a long time or a short time. I even thought about getting together a hacking squad, assign a range to each one to break up the time that it would take. My friend in the press said that for anyone to believe it I would need proof, a few simple numbers would sufice. Any comments?? ed. East Tennessee State University -------------------- Date: Mon Dec 28 22:36:51 -0500 1992 From: server@stormking.com (Storm King ListServ Account ) Subject: File 6--Attention au CCCF (Reprint) Copyright: Phrack, Inc., 1992 ==Phrack Inc.== Volume Four, Issue Forty-One, File 2 of 13 +++++ From: Synaps a/k/a Clone1 a/k/a Feyd Date: September 2, 1992 Subject: Remarks & Warning! Hi, I've been a regular reader of Phrack for two years now and I approve fully the way you continue Phrack. It's really a wonderful magazine and if I can help its development in France, I'll do as much as I can! Anyway, this is not really the goal of my letter and excuse me for my English, which isn't very good. My remarks are about the way you distribute Phrack. Sometimes, I don't receive it fully. I know this is not your fault and I understand that (this net sometimes has some problems!). But I think you could provide a mail server like NETSERV where we could get back issues by mail and just by MAIL (no FTP). Some people (a lot in France) don't have any access to international FTP and there are no FTP sites in France which have ANY issues of Phrack. I did use some LISTSERV mailers with the send/get facility. Could you install it on your LISTSERV? My warning is about a "group" (I should say a pseudo-group) founded by Jean Bernard Condat and called CCCF. In fact, the JBC have spread his name through the net to a lot of people in the Underground. As the Underground place in France is weak (the D.S.T, anti-hacker staff is very active here and very efficient), people tend to trust JBC. He seems (I said SEEMS) to have a good knowledge in computing, looks kind, and has a lot of resources. The only problem is that he makes some "sting" (as you called it some years ago) operation and uses the information he spied to track hackers. He organized a game last year which was "le prix du chaos" (the amount of chaos) where he asked hackers to prove their capabilities. It was not the real goal of this challenge. He used all the materials hackers send him to harass some people and now he "plays" with the normal police and the secret police (DST) and installs like a trade between himself and them. It's really scary for the hacking scene in France because a lot of people trust him (even the television which has no basis to prove if he is really a hacker as he claims to be or if he is a hacker-tracker as he IS!). Journalists take him as a serious source for he says he leads a group of computer enthusiasts. But we discovered that his group doesn't exist. There is nobody in his group except his brother and some other weird people (2 or 3) whereas he says there is 73 people in his club/group. You should spread this warning to everybody in the underground because we must show that "stings" are not only for USA! I know he already has a database with a lot of information like addresses and other stuff like that about hackers and then he "plays" with those hackers. Be very careful with this guy. Too many trust him. Now it's time to be "objective" about him and his group! Thanks a lot and goodbye. Synaps a/k/a Clone1 a/k/a Feyd ------------------------------ Date: Fri Feb 5 06:12:29 GMT 1993 From: Chantal CARTON, Novell (fax: 146989461) Subject: File 7--Re: NTPASS, module chargeable sous NetWare Cher Monsieur, Le programme NTPASS pour lequel vous nous demandez notre avis est un NLM, c'est a dire un module chargeable dynamiquement de NetWare v3.11. Pour l' installer, il faut donc suivre le processus suivant. - Il faut tout d'abord avoir acces physique au serveur. Nous tenons a vous rappeler que les normes de securite C2 exigent que l'acces au ser- veur soit protege et tout administrateur de reseau qui assure la securite de son reseau met un acces physique sur les serveurs. - Il faut ensuite avoir un acces logique au serveur: NetWare permet de verrouiller la console par un mot de passe. Encore une fois cette fonc- tionnalite est utilise par tous les administrateurs et superviseurs de reseau quotidiennement. - Il faut ensuite appeler "AccessData" qui demande le numero de serie de NetWare et le numero de serie de NT PASS et qui alors, finalement, deli- vre une cle d'acces. Ceci permet de changer (et non de restituer comme semble le faire croire l'article) tous les mots de passe: ceci fait une difference fondamentale car toute personne du reseau s'en rend compte im- mediatement. Qui, dans une societe, connait le numero de serie du systeme d'exploita- tion NetWare a l'exception de l'administrateur ou du superviseur? Donc, en resume, un utilisateur, a partir de son porte NE PEUT PAS ins- taller ce logiciel et briser la securite de NetWare. Si les normes de securite les plus elementaires sont respectees (surtout la premiere), ce logiciel n'est pas utilisable. Par contre, l'objectif initial de ce produit est respecte. En effet, il permet a un administrateur qui aurait oublie le mot de passe superviseur et qui n'aurait pas cree d'equivalent superviseur (et cela arrive...) de se recreer un nouveau mot de passe pour retrouver l'acces a son serveur. En esperant que ces elements repondent a votre question et restant a vo- tre disposition pour tout renseignement complementaire, je vous prie de croire, Monsieur, a l'expression de mes sentiments les meilleurs. Chantal CARTON-DEMAZURE Directrice du Marketing ------------------------------ Date: Sun Jan 10 13:00:58 -0500 1993 From: jbcondat@ATTMAIL.COM (Chaos Computer Club France ) Subject: File 8--Reaction sur "The Little Black Book of Computer Virus" Copyright: ComputerWorld, 1992 Virus fighters fume over little black book Debate rages over merits of publishing codes Byline: James Daly, CW Staff Journal: Computerworld Page Number: 4 Publication Date: June 29, 1992 A little book is rattling a lot of chains in the computer security business these days. A little black book, to be exact. Only two weeks after being picked up by a small publishing house, The Little Black Book of Computer Viruses has initiated as nasty and divisive a free speech battle as this community has seen. That is because the 178-page ebony volume is chock full of the necessary source code for creating potentially destructive viruses. And for $15, the less technically inclined can simply send in a coupon and order floppy disks already loaded with compiled and executable virus programs. Anger flames Professional virus fighters such as Alan Solomon at S&S International are madder than angry hornets over the publication. They are encouraging anti-black book campaigns that include picketing author Mark Ludwig's house, boycotting shops that sell the book, petitioning Congress and even bringing in lawyers. Others said the book is relatively harmless because any hacker who really wants to get virus source code only has to dial up one of the innumerable hacker bulletin boards to quickly and easily download dozens of viruses. Critics dismissed Ludwig's First Amendment defense as the computational equivalent of yelling ''fire'' in a crowded movie theater. Inherently 'evil' ''Any virus, by its nature, is evil, and Ludwig presents sample after sample of ways to go about writing damaging code,'' said David Stang, chairman of the International Computer Security Association in Washington, D.C. ''The fundamental attraction of computers is that we can understand, control and predict what they do,'' he added. ''We do not want that data messed with, but Ludwig seems to think it's okay.'' Not true, according to Ludwig, who claimed the purpose of the book is not destructive but educational. ''Computer viruses are not evil, and programmers have a right to create them, possess them and experiment with them,'' Ludwig said. ''These viruses are designed so that security people can see what a virus looks like and how it behaves. How can anyone realistically be in charge of security without having ever seen a virus?'' The book's jacket cautions that those who misuse its viruses can be held legally liable, even if the misuse is unintentional. Additionally, Ludwig said, the viruses in the book are protected by copyright law and anyone who uses them without his permission will be subject to both civil and criminal prosecution. Stang has suggested that if Ludwig's altruistic claims are true, then he should offer to donate the proceeds from The Little Black Book of Computer Viruses to a fund that would fight the spread of damaging computer viruses. Others have suggested that Ludwig should have included ''pseudo-code'' versions of the viruses, which contain enough information to illustrate a point without providing a full working virus. First in a series The book is scheduled to be the first in a series of three books about computer viruses. Ludwig first published the book himself last year and became its primarily salesman after it was reportedly turned down by a succession of publishers. The Upland, Pa.-based Diane Publishing Co. picked up the distribution rights to The Little Black Book of Computer Viruses earlier this month. ''We see nothing wrong with it,'' Diane Publishing President Herman Baron said. ''We put it out for the simple reason that it fits in with our catalog of computer security books.'' ------------------------------ End of Chaos Digest #1.07 ************************************