Der Weltanschauung (The WorldView) Origin: HOUSTON, TEXAS USA %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % % % Editor: The Desert Fox * FTP: ftp.eff.org % % Co-Editor: Cyndre The Grey * pub/cud/wview % % % % T H E W O R L D V I E W M A G A Z I N E % % % %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% June 25, 1992 Volume 2, Issue 5 (*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*) Material Written By Computer And Telecommunications Hobbyists World Wide Promoting the publication of Features, Editorials, and Anything Else.... To submit material, or to subscribe to the magazine contact this address: request@fennec.sccsi.com "Let us arise, let us arise against the oppressors of humanity; all kings, emperors, presidents of republics, priests of all religions are the true enemies of the people; let us destroy along with them all juridical, political, civil and religious institutions." -Manifesto of anarchists in the Romagna, 1878 @-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@ _________________________________________________________ ***** PLEASE NOTE THE NEW ADDRESS OF THE EDITORS AND REQUESTS!! ***** ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ The World View Staff: InterNet Address: The Desert Fox [Editor] root@fennec.sccsi.com Cyndre The Grey [CoEditor] root@ashpool.sccsi.com Subscription Requests request@fennec.sccsi.com FOR SUBSCRIPTION REQUESTS, PLEASE MAIL IT TO: request@fennec.sccsi.com WORLD VIEW NEWSGROUP: wv@taronga.com FTP Sites: ftp.eff.org pub/cud/wview @-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@ TABLE OF CONTENTS 1) News/Updates/Etc.....................................Editor(s) 2) Bubba's Bits.........................................Bill Mattison 3) The Antitrust Reform Act of 1992.....................Brain On A Stick 4) Victim Of Circumstance...............................Brain On A Stick 5) CERT Advisory........................................CERT 6) Around The Virtual Town..............................Gerard Van der Leun 7) Final FaCtOiD........................................Unknown @-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@ News/Updates/Etc... Dfox/Cyndre Sorry for the late issue. I had to take care of some business that would not let us release any earlier than now. It is our understanding that the FTP site - chsun1.spc.uchicago.edu is going down sometime soon. Would someone please let us know. If this does happen, all back issues will still be available from - ftp.eff.org @-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@ Bubba's Bits By Bill Mattison In an effort to keep our users and up-to-date in our everchanging environment, certain ground rules must be met. We must all speak the same language. Although this file is fairly easy to understand, some of the "new people" may not totally grasp it. Seasoned veterans please be patient. Who knows...you may even learn something. For instance, did you know that 100% compatible means that software written for your IBM PC will run on a clone too? ...that is if it is configured properly and has similar graphic characteristics and is tilted 20 degrees forward on the second Friday of the first full moon in the Vernal Equinox... If you didn't know this, please read on. But keep in mind that this list is by no means complete. BOOT, POWER UP - To flip the 'ON' switch. WARM BOOT - To fake the computer out by making it think you flipped the 'ON' switch. BYTE - One character, Eight Bits, or Two Nibbles. BIT - 1/8 of a byte, 1/4 of a nibble. GULP - Several bits. INTERFACE - Talking to a friend (about computers) BUG - A small insect that is attracted to magnetic media. (note: if your program ain't workin', you got one.) VAPOR-WARE - A product that everyone keeps talking about, but never happens. (i.e. 128k Jackintosh) REDUNDANT-WARE - Another database for the IBM or music program for the Amiga. KITCHENSINK WARE - Software that does everything...(Spreadsheet, database, word process, graph, chop, slice, dice, mince...) KLUDGE - Computerese for Bondo and duct tape. PUBLIC DOMAIN - Software that doesn't do anything! People collect it to impress their friends. GLITCH - Unwanted garbage that crashes your system. SNIVITZ - A small glitch COOKIE - Industry slang for 'disk'. @-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@ The Antitrust Reform Act of 1992 By Brain On A Stick (brain@fannec.sccsi.com) Several Weeks ago I saw a message posted on a local BBS. All it said was "Call 1-800-54-PRIVACY now! Stop the Bells from taking over." Since I was someone who was active in the telecommunications arena and this seemed to pertain to my hobby, I decided to give it a call. After leaving some information about myself I received a letter in the mail containing information on two bills being introduced in Congress; House bill 3515 and Senate bill 2112. These bills are designed to limit the power of the regional Bell telephone companies. This information was covered pretty extensively in Phrack issue 38, available at the same FTP sites as this publication. I would like to encourage all of you to either call the above number and receive the same information or download Phrack 38 which contains a full transcript of the letter they send out. The purpose of this article is to discuss a second letter that I received. This one concerns HR 5096 otherwise known as the Antitrust Reform Act of 1992. Rather than try to explain what it says, I thought it would be better to simply include the entire letter within this article. This letter follows in its entirety. -------------------------------------------------------------------------- A while ago, you received a letter from Cathie Black in response to your calling our 1-800-PRIVACY phone line. We sent that letter to you (and 6000 other callers) because you expressed an interest in contacting your U.S. Representative and Senators about important legislation that would keep the telecommunications industry competitive and prevent the telephone company from invading your privacy. We need you to write Congress again. Within a week or two, the House Judiciary Committee will be voting on a new bill, the Antitrust Reform Act of 1992 (HR 5096), otherwise known as the Brooks bill. This bill, introduced by House Judiciary Committee Chairman Jack Brooks of Texas, would encourage new services, help protect your privacy and, most important of all, help stop your local Bell monopoly from exploiting you and other telephone ratepayers with inflated phone bills. In other words, passing this bill would help stop the phone company from ripping you off. Our organization, the Consumer Federation of America, estimates that the seven regional Bell telephone monopolies have overcharged consumers some $30 billion over the past eight years. What's more, the Bells are now asking ratepayers to finance an extravagant and unnecessary $400 billion of telephone network investment. We're not alone in supporting this important legislation. Other supporters include the National Association of State Utility Consumer Advocates, the American Association of Retired Persons, and more than 1400 other groups representing consumers, small businesses, and large businesses. The Brooks bill would establish a national telecommunications policy based upon the historically accepted practice of separating monopolies from competitive markets. In the telephone industry, the Bell monopolies have been prohibited from entering several businesses in which they could exploit their monopoly position--publishing electronic information, manufacturing telephone equipment, and providing long distance service. But the Bells have spent seven years and many millions of dollars on an intensive lobbying campaign to get these prohibitions lifted. In the past year alone, a U.S. District Judge reluctantly reversed the long-standing ban on the Bells entering the information services business. In addition, the U.S. Senate has approved legislation allowing the Bells into the manufacturing of equipment. Plus, the Bells are desperately trying to find ways to get into the long distance business. The only way to stop them is through Congressional action. The Brooks bill would provide for phased-in entry of the Bells into the electronic information, manufacturing, and long distance businesses in order to promote competition in these industries. The bill also would protect phone users by establishing safeguards to prevent the use of telephone ratepayer proceeds from subsidizing competitive business ventures. Finally, the bill would prevent the Bells from using their control of telephone lines to discriminate against competitors. Simply put, the Brooks bill is fair to everyone--consumers, other businesses, and the Bells. This bill may be the last chance to stop phone company exploitations of the ratepaying public. If that's important to you, let your U.S. Representative know. A hand-written letter stating your views is the best way of reaching elected officials. It is positive proof that you are deeply concerned about this issue. When you write to your Representative, please send your letter to him or her at the following address: U.S. House of Representatives, Washington, D.C. 20515. If you are not sure who your U.S. Representative is, please call our information desk at the following toll-free number to find out: 1-800-765-4247. You may wish to use some or all of the following points in your letter: * Congressional action, in the from of the Brooks bill, will ensure a competitive telecommunications industry and help stop the Bells from overcharging consumers. * The Consumer Federation of America, the nation's leading consumer group, estimates that the seven Bell monopolies have overcharged consumers $30 billion in the past eight years. Plus, they're now asking ratepayers to finance an extravagant and unnecessary $400 billion of phone network investment. * The Brooks bill sets a rational timetable for the Bells' entry into new businesses and is, therefore, fair to everyone. * The Brooks bill is pro-consumer and assures that Americans will enjoy an increasingly diverse selection of products and services. * The Brooks bill would create a competitive marketplace in which existing and new companies could provide a wide variety of products and services without the threat of monopolization by the Bells. * By promoting competition, the Brooks bill will help create many new telecommunications jobs. Your Representative may be considering right now how to vote on this bill. If you act immediately, there's still time to make a real difference. Congress is very sensitive to your opinion and to the opinions of your friends, family, and co-workers. Again, thank you for your support. Sincerely, Gene Kimmelman Legislative Director P.S. Once you've written your letter, please help us track the overall response to Congress on HR 5096 by calling us at 1-800-765-4247 to let us know your letter has gone out. ---------------------------------------------------------------------------- That's the entire letter. Remember, it's not enough just to be informed, you must take action. Write your congressmen today and let them know how you feel on this matter. @-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@ Victim of Circumstance By Brain On A Stick (brain@fennec.sccsi.com) Username: brain Password: xxxxxxxx User authorization failure The first thought that crossed my mind was, "Shit, somebody's gone in and changed my password." I figured somebody with my account information was playing a practical joke on me. Hell, I used to do it all the time to my friends. This time was different though. I didn't have any idea who it could have been since several people had access to my user id and password. It was one of those, "Hey, can I use your account to Telnet/ftp?" kinda things. "Yeah, sure, here's the info." After that it became like that old shampoo commercial...they told two friends, and so on, and so on...you know the one. Before I knew it, several people had access to my account. I didn't mind though, I thought that they would be cool about it, and they were until then. All I had to do to wrest control back was visit my local sysadmn and tell him somebody changed my password, right? I called the main computing center at my university and told them that I thought somebody had hacked my account and changed my password since I couldn't seem to get back into it. They asked the usual questions like what's your name and student id number, what was the account id, etc. When I had given them this information, they informed me that I needed to come in person. "Makes sense," I thought, "I have to prove it's really me." I went to the computing center and was greeted by one of the managers over there. He brought me into a small conference room and told me to have a seat. He sat down with another guy on the other side of the table. There was a fairly big stack of printouts between them. They didn't say anything for awhile. This was when I first suspected that everything was not as I thought it was. "Your password was not changed, your account was seized because it was used to harass a user on another system." Shit. I then went through roughly 30 minutes of interrogation, just like in the old cop movies. The two guys sitting across from me were asking all sorts of questions, "What do you know about IRC?" "What do you use your account for?" "Do you know anybody on System X?" Throughout this whole ordeal they were rifling through the printouts looking for new things to ask me. They wouldn't let me look at them but I was sure that it contained everything in my account at the time, including sensitive email. Finally, after playing dumb and telling them that I had an easily hackable password, they decided that I had nothing to do with it. Great, now I get my account back. Wrong. Since it looked like my account was hacked, the whole investigation moved up a level. The two guys quizzing me now informed me that I had to talk to their boss, the director of computing. They set a telephone down in front of me and left the room. Geez, how much more like Dragnet can you get? I called this guy and he informed me that several accounts were under investigation for the same thing, that it was a serious offense and that I needed to contact the professor who assigned the account in order to get it back. This I did on the very same day. I expected to be back in the saddle within three or four days. Several days and many phone calls later, I find that they were blaming the whole thing on a friend of mine. I didn't think that this guy would go through so much trouble to harass somebody so I called him up. "Wasn't me," he said, "They did the same thing to my account." It looked like he was getting set up to take the fall. The next time I contacted the director, about a week and a half after it started, he said that the whole thing was nearly resolved. That's when my friend contacted a lawyer and threatened to sue the university. Suddenly, things got weird. I found out that the university had dropped all charges against him and that he had control of his accounts again. Thinking that the whole thing was over I called to see when I would be getting control of my account again. "The case against you is still under investigation." "What case against me???" I asked. Suddenly I was the focus of attention again. At this time I still didn't know exactly what it was that I was being investigated for. I was told that some hate mail directed at a user on another system left my account. Not only that but the origin of the letter was changed by some method he would not disclose to look like it came from somewhere else. He also told me that the university has a log set up that automatically records vital information on a user when they use this method. This log was now exhibit A in the case against me. Furthermore, this whole affair was being presented to the Dean of Students in order to officially prosecute me under some sort of university law. Things were definitely getting out of hand. It was time to play my trump card. Lucky for me, the person who filed the complaint was a friend of the editor of this publication, The Desert Fox. I asked the director of computing what would happen if I got this person to state that I didn't have anything to do with this incident. He said that all charges would be immediately dropped. Three days and several phone calls later, I was cleared. It had been about three weeks since I first walked into that office and my account had since expired. I was denied a renewal but was cleared for future access. There are a couple of things to be learned here. First, don't let anybody use your VAX account or you'll end up like me. It looks as though they tried to keep me out of trouble by covering their trail (changing the origin of the message) but in the end that just made things worse. Second, that university system administrators are a fickle bunch. One day I was a victim, the next day I'm a perpetrator. That just goes to show you what a little pressure on these guys can do to make them change their minds. Every account I have from now on will probably be monitored to make sure that I'm not screwing up. I can no longer trust that my doings are private. My email is probably being scanned along with all file transfers and any news groups that I'm following on the net. All of this is because of some stupid prank and some radical administrators who like to believe that their system is secure from any kind of horseplay. Yeah right. To everyone reading this, just make sure you know exactly what's going on with your account or you'll end up in the interrogation room staring down a couple of guys with a stack of paper you know nothing about. @-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@ CERT Advisory May 27, 1992 SunOS Environment Variables and setuid/setgid Vulnerability The Computer Emergency Response Team/Coordination Center (CERT/CC) has received information concerning a vulnerability involving environment variables and setuid/setgid programs under Sun Microsystems Computer Corporation SunOS. This vulnerability exists on all Sun architectures running SunOS 4.0 and higher. In-house and third-party software can also be impacted by this vulnerability. For example, the current versions of rnews, sudo, smount, and npasswd are known to be vulnerable under SunOS. See the Description section of this advisory for details of how to identify software which may be vulnerable. The workaround detailed in this advisory can be used to protect vulnerable software on SunOS operating system versions for which patches are unavailable, or for local or third party software which may be vulnerable. Sun has provided patches for SunOS 4.1, 4.1.1, and 4.1.2 programs which are known to be impacted by this vulnerability. They are available through your local Sun Answer Center as well as through anonymous ftp from the ftp.uu.net (137.39.1.9) system in the /systems/sun/sun-dist directory. Fix PatchID Filename Checksum login and su 100630-01 100630-01.tar.Z 36269 39 sendmail 100377-04 100377-04.tar.Z 14692 311 Note: PatchID 100630-01 contains the international version of /usr/bin/login. PatchID 100631-01 contains the domestic version of /usr/bin/login and is only available from Sun Answer Centers for sites that use the US Encryption Kit. Please note that Sun will occasionally update patch files. If you find that the checksum is different please contact Sun or the CERT/CC for verification. --------------------------------------------------------------------------- I. Description A security vulnerability exists if a set-user-id program changes its real and effective user ids to be the same (but not to the invoker's id), and subsequently causes a dynamically-linked program to be exec'd. A similar vulnerability exists for set-group-id programs. In particular, SunOS /usr/lib/sendmail, /usr/bin/login, /usr/bin/su, and /usr/5bin/su are vulnerable to this problem. II. Impact Local users can gain unauthorized privileged access to the system. III. Solution A. Obtain and install the patches from Sun or from ftp.uu.net following the provided instructions. B. The following workaround can be used to protect vulnerable binaries for which patches are unavailable for your SunOS version, or for local or third party software which may be vulnerable. The example given is a workaround for /usr/lib/sendmail. 1. As root, rename the existing version of /usr/lib/sendmail and modify the permissions to prevent misuse. # mv /usr/lib/sendmail /usr/lib/sendmail.dist # chmod 755 /usr/lib/sendmail.dist 2. In an empty temporary directory, create a file wrapper.c containing the following C program source (remember to strip any leading white-space characters from the #define lines). /* Start of C program source */ /* Change the next line to reflect the full pathname of the file to be protected by the wrapper code */ #define COMMAND "/usr/lib/sendmail.dist" #define VAR_NAME "LD_" main(argc,argv,envp) int argc; char **argv; char **envp; { register char **cpp; register char **xpp; register char *cp; for (cpp = envp; cp = *cpp;) { if (strncmp(cp, VAR_NAME, strlen(VAR_NAME))==0) { for (xpp = cpp; xpp[0] = xpp[1]; xpp++); /* void */ ; } else { cpp++; } } execv(COMMAND, argv); perror(COMMAND); exit(1); } /* End of C program source */ 3. As root, compile the C program source for the wrapper and install the resulting binary. # make wrapper # mv ./wrapper /usr/lib/sendmail # chown root /usr/lib/sendmail # chmod 4711 /usr/lib/sendmail 4. Steps 1 through 3 should be repeated for other vulnerable programs with the appropriate substitution of pathnames and file names. The "COMMAND" C preprocessor variable within the C program source should also be changed to reflect the appropriate renamed system binary. --------------------------------------------------------------------------- The CERT/CC wishes to thank the following for their assistance: CIAC, PCERT, and in particular Wietse Venema of Eindhoven University, The Netherlands, for his support in the analysis of and a workaround for this problem. We also wish to thank Sun Microsystems Computer Corporation for their prompt response to this vulnerability. --------------------------------------------------------------------------- If you believe that your system has been compromised, contact CERT/CC or your representative in FIRST (Forum of Incident Response and Security Teams). Internet E-mail: cert@cert.org Telephone: 412-268-7090 (24-hour hotline) CERT/CC personnel answer 7:30 a.m.-6:00 p.m. EST(GMT-5)/EDT(GMT-4), on call for emergencies during other hours. Computer Emergency Response Team/Coordination Center (CERT/CC) Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Past advisories, information about FIRST representatives, and other information related to computer security are available for anonymous ftp from cert.org (192.88.209.5). @-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@ Around the Virtual Town Notes by van@eff.org With the advent of June weather in Cambridge its time to see what has been happening in the EFF office and out on the Net in the past few weeks. Mitchell Kapor has been trying, with some success, to cut back on his hectic schedule of meetings for and speeches about EFF and its activities to groups around the country. But as this domestic schedule begins to lessen, he is preparing for an extended trip to Japan at the middle of this month. In Japan, Kapor will meet with key people in telecom. He just finished an online stint at EFFSIG, the new EFF Forum on CompuServe, fielding CIS users questions and comments. The Washington office continues to take on more and more projects. A large part of the effort of Berman and Company is the development of the EFF Open Platform proposal for making digital voice, data, and video communications possible on public switched telephone, cable and other networks using technologies like ISDN as a transition to fiber optics. Another item at the top of Washington's agenda is continued coalition building among industry and public-interest groups to oppose the FBI's digital telephony proposal; a proposal with could slow down the development of advanced communications technology as well as threaten the privacy of groups and individuals. EFF has also testified against HR191, legislation which would allow the government to copyright software developed by the government and which could impede public access to government information. With the able assistance of Shari Steele, Daniel Weitzner, Andrew Blau and Craig Neidorf, the Washington office is also keeping up with filings and motions and general tracking of issues such as business rate charges for home BBS services, 900 number legislation, video dialtone, common carriage, and first amendment questions. In their spare time, the Washington office discuss current electoral politics, and win bets on primary outcomes from Cambridge staff members. John Barlow, as if he didn't have enough to do in Cyberspace, has just been made a member of the Board of Directors of the Whole Earth 'Lectronic Link (The WELL) at a crucial moment in that system's evolution. EFF/Publications recently finished the first issue of our members newsletter, "@eff.org" and are working on the second for later this month. This publication is mailed to the "formal" members of EFF to keep them apprised of what the various people here are doing. We will be publishing this short newsletter monthly, so if you are an EFF member, look for it in a non-virtual mailbox near you soon. We have also just produced an update of the EFF General Information brochure, as well as new pamphlets such as CRIME & PUZZLEMENT by John Barlow, and BUILDING THE OPEN ROAD by Mitchell Kapor and Jerry Berman. All of these are free for the asking by writing to us here in Cambridge. Adam Gaffin, the writer of The EFF Guide to the Net has been bombarding us with chunks of copy for weeks now. It looks like we have that rarest of all book projects, one that is ahead of schedule. We still have a long way to go however. Look for this in the late Fall at the earliest. Print is slow you know. Also in pre-production is the next issue of EFFECTOR, our main printed journal designed to present longer articles. EFFECTOR 3 will be in magazine format and will feature such writers as Howard Rheingold, John Barlow, Mike Godwin and others. The topics will range from "Innkeeping in Cyberspace" to a "History of Women on the Internet" as well as an interview with Cliff Figallo, departing manager of the WELL. It will also be illustrated (sorry, no color as yet). In keeping with EFF policy, this will be available as a PostScript file via ftp. So look for it around the end of July. Chris Davis and Helen Rose keep expanding and improving our Internet node, eff.org, in so many ways that it is impossible to track them. Recent improvements are the expansion of our WAIS archive (Yes, Virginia, EFF is a WAIS site), and overseeing the installation of a new 56kbps line to the Washington Office to enhance communication. They are also continually tweaking the Sun SPARC stations in order to handle EFF's ever increasing ftp load smoothly and transparently. In addition, they keep up with a mail load that would sink the U.S. Post Office and handle IRC! If you are going to USENIX next week, the dynamic duo will be there representing the EFF at the BOF and in the halls. Look for them. They'll be wearing EFF t-shirts and probably looking for a place to jack their Powerbooks into the Net in order to login and read mail. Mike Godwin, Staff Counsel, is currently hiding out for the first part of the day studying for the Massachusetts Bar. During his remaining 30 minutes of consciousness, he is also managing to be among the top 25 posters to USENET, *and* carry on discussions on CompuServe and the WELL at the same time. Mike is already a member of the bars of Texas and Washington, D.C. Last month, he made a trip to New York and spoke to the NYACC on civil-liberties and the new technologies (see below). Rita Rouvalis? Rita has taken a vacation break from all this and is currently spelunking in various caves near St. Louis. She still logs in and checks her mail twice a day from down there. No, we don't know how. @-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@ FINAL FaCtOiD! New York City is the only city in America where someone can throw a stick up in the air and it's guaranteed to come down on a police car or an ambulance. -Unknown @-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@-==-@