Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
In its 7th year, the annual conference of Chaos Computer Club was held in
Hamburg (Germany) in the last week of December. A broad spectrum of themes was
offered, dominated by networking, but also covering legal aspects, ecological
computing, freedom of information, female computer handling, psychology of
hackers and others. Among the more than 300 participants, only few people from
European countries (Netherland, Italy) and USA participated. The Congress
newspaper (covering reports about most sessions, available as *.DOC or *.TXT
files, see below) is only in German. Though the printed (DTP-ed) version of it
looks more professionally, some essential discussions (e.g. female computer
handling, computer viruses, the new German Information Security Agancy, GISA)
are missing; quality and readibility of articles is rather mixed. As there
were only few spectacular themes (phreaking, copying bank cards), public
interest and coverage in newsmedia, as compared to CCC'89 (the year, when the
KGB hack was published) was moderate.
Among the spectacular themes, a group HACK-TIC from Netherland demonstrated a
machine (about 1,500$) to copy credit and Eurocheque cards (EC); according to
Wau Holland (co-founder of CCC), this was arranged "to demonstrate the
insecurity of these plastique cards". While the speaker of Hamburg's saving
bank (HASPA, which was the victim of CCC's famous "Btx/HASPA-attack") said that
this is impossible, a journalist of BILD (a German boulevard newspaper)
received a printout of his account with a copy of his card, but when trying to
order money from a teller machine, his card was collected.
The most spectacular event was a workshop on (phone) "Phreaking". Experiences
and methods how "to call as far as possible with as many phreaks as possible at
lowest possible price" were described in some detail (few of which were
written). Tricks with German PTT's 130-number (and connection to US' 700/800
numbers) as well as with the (PTT-internal) test number 1177 to establish
low-cost (at least for the phreaks) teleconferences and voice mailboxes were
discussed. It is surprising to hear from a US phreak that the old tricks (2,600
MHz, red boxes to simulate the coins' click) even work today; some new
experiences esp. tricks with Calling Cards (due to missing expiration date on
some cards or delayed update of MCI databank) were added to "help fight the
excessive telephone costs". Dutch phreaks informed about "use" of 008-numbers;
a hotel reservation service at a large airport doesnot check the validity of
credit cards (file: PHREAK.DOC). The workshop was not concerned with legal
aspects of Phreaking.
Several sessions were devoted to networking. Chaos Computer Club runs a
network ("Zerberus") with gateways to international networks and a growing
number of regional mailbox systems. Despite mixed (or even bad) experiences
with new mailbox systems and gateways (the gateway group emailed invitation to
this workshop; 50% of the invitations came back, essentially with "error-mail";
file NETWCHAoS.DOC), several sessions were devoted to introductions into
networking (file WSI-NET.DOC covering a detailed INTERNET survey; several files
on GATOR, a GATEway ORientation guide to regional and international
communication and gateways). A special report was devoted to communication of
graphic and sound data, where special standards, command languages and software
are under development (file SCF.DOC). Special discussions were devoted to
applications of mailboxes for ecological purposes (file UMWE-DFU.DOC) and as
infrastructure for publications (file Med-DFU.DOC), as well as to aspects of
(German) publication laws (file PRESRECH.DOC).
One session was devoted to CCCs idea to aid the former GDR (now "5 new federal
countries") in establishing a citizen computer network "DDRNET". Despite of
significant aid by computer dealers (who spontaneously donated PCs, software
and modems in significant numbers) and despite of the interest of local groups
and parties (New Forum, essential force in the East-German revolution), tax and
organisation problems finally stopped the project when German reunification
happened. The document (file: DDRNET.DOC) gives a lively example of good ideas
and plans being killed by hostile bureaucracy.
Following earlier CCC' discussions on sociological aspects of hacking, a
student (Tommy) described his examination thesis (diplom work) relating
Psychology and Computing (file PSYCHO.DOC, thesis in compacted form: PSYCH.LZH
in 109kBytes). According to Tommy, hackers exhibit their self-consciousness as
an elite by their techno-speak. "Ordinary" people of same age with no
understanding of computing are rather suspicious about hackers, even more as
computers appear as threats to their civil rithts and working places. In such
controversies, hackers seems to flee reality, mostly unconsciously, and they
live in simulated worlds such as Cyberspace ("not as dangerous as other
drugs"). Anonymous or technically depersonalized communication (e.g.
mailboxes) lowers the threshold of moral scruples, resulting in communication
garbage and flames. Btw: as in previous years, a special workshop on Cyberspace
demonstrated EEG-coupled graphical devices and software (file: CYBER.DOC); the
sub-culture (as initiated by Gibson's book "Neuromancer") developing around
this techno-drug has it's first European magazines (Decoder, Cyberpunk).
A special discussion developed on computer "viruses". Two speakers working
with Ralph Burger (author of the "Big Book of Computer Viruses", also
publishing virus code in German, English and Russian) described his work to
classify new viruses and to establish a databank of virus code. In their
classification, the group starts with a specific model of virus mechanisms
including self-encryption; this model is in some contradiction with other
classification (e.g. as a virus in their model must always have an effect,
parent viruses like DONOTHING having no effect would not be a virus while their
descendants are), and stealth mechanisms other than encryption are not
foreseen. The speakers argued that information on virus details should be
easily accessible to all relevant parties.
A controversial discussion arose when the author of this report informed about
the establishment of CARO (=Computer Antivirus Research Organisation, cofounded
by V.Bonchev/Sofia, Ch.Fischer/Karlsruhe, F.Skulason/Rejkjavik, A.Solomon/UK,
M.Swimmer/Hamburg, M.Weiner/Vienna and the author) to establish a database with
virus specimen and procedures to quickly analyse new viruses and distribute the
disassemblies for verification and antivirus developmernt. As the number of
viruses grows significantly (more than 400 MsDos viruses known, plus new
developments visible in Soviet Union, Hungary etc) with advanced stealth
methods and more sophisticated damage, restrictions in the access to such virus
specimen based on concepts of "trusted persons" and "need to know" are
presently discussed (also controversially). In contrast to such concepts,
CCC'90 participants and the speakers expressed their view that such virus
specimen should be accessible to any interested party.
Summary: apart from the session on phone phreaking, Chaos Computer Club visibly
demonstrated its distance to criminal activities which dominated the last
conferences (e.g. KGB hack). In discussing themes of technical and related
interests, they return to the list of items which were described in their
foundation document (file THESEN.TXT, October 1981). Themes related to civil
rights (e.g. "Freedom of Information") are visibly of more interest than
classical hacking techniques. As CCC didnot discuss any consequences of the
KGB case (after the trial in March 1990) for its members or related persons,
CCC omitted the opportunity to prepare for it's role in future hacks in it's
environment. While their annual conference was less chaotically organised than
last year, it's structure and future developments remain as the name indicates:
chaotic and computer-minded, yet with a sense for new ideas and applications.
Last year, as many as 8700 San Francisco property owners did not receive their annual tax bill (normally arriving by 1 November). A "computer glitch" in the tax collector's office was blamed for not sending bills to owners in the "default" category (as a result of having missed or been late on a previous payment). [Source: San Francisco Chronicle, 14 Dec 1990. I finally got around to entering this item, even though it is now old-hat. However, I haven't seen anything further about the problem being fixed, although it presumably has by now. Surprisingly, the Tax Collector was quoted as saying he did not think they would lose money because of the delay! Not much interest in getting it fixed? I would think there would be interest LOST from NOT getting it fixed.]
>From the Glasgow Herald, 18 January 1991: Superloos reveal all by Graeme Smith ******************** *************** Vandals who tangle with a new (pounds) 50,000 superloo in Aberdeen face the prospect of having their misdemeanours revealed to all. Apparently the most advanced convenience in the world allows undesirables just 1.7 seconds of misbehaviour before it throws open its door to reveal their misdemeanours and sprays them with violet coloured dye which will remain on their skin for at least five weeks. If, however, you are there for legitimate purposes it will allow you 15 minutes of luxury for just 10p. The air is perfumed, as well as heated, there is background music to help you relax and there are special facilities for the disabled and for baby changing. When you have completed your business and safely departed the superloo spruces itself up for the next customer. The walls, floor and WC automatically wash themselves down and when the disinfecting cycle is completed the WC is dried with warm air. It is careful to ensure that thrifty Aberdonians do not try to sneak in two at a time to half the cost, or for any other purpose. It will happily allow a mother with children and a pram to enter but if two adults step inside, the computerised equipment which the importers claim is sensitive enough to tell the size of your shoes, will prevent the door closing. Three have been commissioned in Aberdeen this week, one in Byron Square in Northfield, one in a layby on the Stonehaven road on the outskirts of the city, and the third at North Deeside Road. (Any Aberdeen readers brave enough to try changing their shoes in one? - jack) Jack Campin, Computing Science Department, Glasgow University
It is with great interest that I read the referenced article. Of all the police departments in the state of California, I would have thought that the Long Beach Police were the least capable of being given a "bum rap", least of all by a computer program. Unless things have changed drastically in the last few years, the Long Beach Police Department is the most likely to deserve a "bum rap". They had a policy (unofficial, of course) many years ago of not investigating crimes which they considered to be unimportant, even when they knew who the perpetrator(s) were and that there was evidence of same. Perhaps this was limited to the low-rent areas with high Hispanic concentrations in the population or other poor areas of the city, but this happened over and over again during the late 70s and early 80s (last I checked). Furthermore, the Long beach Police Department is the one wherein seven police officers were sued for the wrongful death of a man who was murdered by LBPD officers in a case of mistaken identity. This was fairly well-documented in the press at the time. Summary: four police cars with seven police officers were called to a house late in the evening to apprehend a suspect in a series of crimes. The suspect was taken out to the police cars where he was beaten to death by the police despite the fact that, according to witnesses, he did not resist the arrest in any way nor was he armed. It turns out the man was the _wrong_ person, selected (I think) incorrectly from a partial license plate and his slight resemblance to the real suspect. Brutality and refusals to enforce of the above nature used to be common in Long Beach. I don't know if they still are, but I would be greatly surprised if not. Thus, I find it difficult to believe that the computer programs actually gave them a bum rap. In fact, it wouldn't surprise me if the LBPD actually abandoned cases they couldn't solve within one month, hence the reporting. Mark A. Hull-Richter, ICL North America, 9801 Muirlands Blvd Irvine, CA 92713 (714)458-7282x4539 UUCP: ccicpg!mhr
So Lotus will withdraw its product, and everyone will go home happy and satisfied that they have preserved their privacy. Well, as faculty at the University of Wisconsin - Madison and elsewhere have told me informally, these people are wrong. Everything that Lotus was offering on CD-ROM is already available at "substantially" the same price and conditions; these academics say they are puzzled about the uproar, since in their opinion Lotus offered nothing new. If we want to truly change things it will take new laws and new attitudes in the business community concerning what information it is acceptable to gather and use. Halting this one form of marketing won't change anything by itself, but it can be the opening skirmish in the necessary public relations war.
> A man identifying himself as Warren informed me that they could not provide me > with a copy of the sales receipt, and the only way to address this matter was > for me to write a letter (to Julia) explaining that the charge was incorrect. This sounds bizarre. In the 20 years I've been a MasterCard holder, I've had this problem twice. Each time I was told that they would indeed send me a copy of the slip [shich they are legally bound to keep for some number of years]. However, if it turned out to be mine legitimately, then I would be charged a ~$6 processing fee. If it was indeed not mine, no charge would be incurred. (In both cases, it was not my charge!) So, I believe your "Warren" is simply misinformed, or the laws protecting consumers in the US are seriously worse than those here in Canada. However, there still remains an irk: I got no reimbursement for the money that they had forced me to pay while the credit was being processed. This I find rather despicable. I was told by my "Warren" that if I didn't pay the amount as due, I would be charged interest on it, and, EVEN IF it were not mine, hell would freeze over before I got the interest credit. So, even though the charge was erased, I was out of pocket, without compensation, for the approximately 8 weeks this all took. On ~$200 at the then-current rate of 10% savings account interest, that represents about $3! Steve Pozgaj @ Digital Media (steve@dmntor)
It is worth nothing that almost all issues relating to charges, errors, credits, etc. on VISA and MASTERCARD statements are under the control of the particular bank/financial institution issuing the particular card and/or merchant account in question. VISA and MASTERCARD themselves are primarily umbrella organizations for properly allocating purchase charges and credits among the member financial institutions. While VISA and MASTERCARD do have umbrella security regulations, the sorts of problems mentioned by a recent writer to RISKS should be addressed to the financial institution directly. Since policies on such matters vary widely between institutions, blaming VISA or MASTERCARD themselves is probably a misdirected effort.
Please report problems with the web pages to the maintainer