CyberPatrol sues cryptanalysts who revealed flaws in its software

[Declan McCullagh]

Background:
   http://www.politechbot.com/cgi-bin/politech.cgi?name=cyberpatrol

If you want to download the software before the injunction hits:
   http://hem.passagen.se/eddy1/reveng/cp4/cp4break.html

If anyone sets up a mirror site, please let me know.

-Declan



>Date: Wed, 15 Mar 2000 21:11:27 -0500
>From: Ted Bridis <[EMAIL PROTECTED]>
>Subject: Cyber Patrol lawsuit
>To: [EMAIL PROTECTED]
>
>Declan,
>
>Didn't know if you saw this yet.
>
>http://www.sjmercury.com/svtech/news/breaking/ap/docs/321750l.htm
>
>Software Co. sues hackers
>
>BY TED BRIDIS
>AP Technology Writer
>
>WASHINGTON (AP) -- A company that makes popular software to block children
>from pornographic Internet sites filed an unusual lawsuit late Wednesday
>against two computer experts who developed a method for kids to deduce their
>parents' password and access those Web sites.
>
>Microsystems Software Inc. of Framingham, Mass., which sells the widely used
>Cyber Patrol, asked U.S. District Judge Edward F. Harrington for a temporary
>restraining order requiring Eddy L. O. Jansson and Matthew Skala to stop
>distributing their ``cphack'' program immediately.
>
>Skala, a Canadian graduate student in computer science, and Jansson,
>believed to be living in Sweden, published over the weekend on the Internet
>and in e-mail details about how to circumvent the filter technology in Cyber
>Patrol, which sells for about $30 and is widely used in many of the nation's
>elementary schools and libraries.
>
>They also offered a small ``cphack'' utility for ``people oppressed by Cyber
>Patrol'' that, when run on a parent's computer, reveals the password that
>blocks questionable Web sites -- and also discloses the product's entire
>list of more than 100,000 Internet sites deemed unsuitable for children.
>
>``I oppose the use of Internet filtering software on philosophical
>grounds,'' Skala said in a telephone interview with The Associated Press.
>``The issue here was to see what does Cyber Patrol actually block. Parents
>have a right to know what they're getting and without our work they wouldn't
>know.''
>
>In its legal filings, Microsystems said it suffered ``irreparable harm''
>from the publication of the bypassing software, which it said sought to
>destroy the market for its product by rendering it ineffective.
>
>``The practical effect is that ... children may bypass their parents efforts
>to screen out inappropriate materials on the Internet,'' the lawsuit said.
>
>Skala, a cryptography buff who attends the University of Victoria in British
>Columbia, said he spent about six weeks analyzing Cyber Patrol with
>Jansson's help via e-mail from Sweden.
>
>``One could well question how much force of law (the legal filings) have in
>Sweden or in Canada,'' Skala said.
>
>In an unusual legal strategy, Microsystems alleged that Skala and Jansson
>violated U.S. copyright law when they reverse-engineered Cyber Patrol to
>analyze it, which the company said is expressly prohibited in its license
>agreements.
>
>Skala, who learned about the legal filings in Massachusetts from the AP,
>said he planned to speak with a lawyer but suggested that his work may be
>protected under a ``fair use'' clause of copyright law.
>
>Microsystems also asked the judge to order the Swedish Internet company
>where the bypass utility is published to turn over records identifying
>everyone who visited the Web site or downloaded the program.
>
>The company's lawyer, Irwin Schwartz, said damage to its product is ``at
>least at a minimum'' now because relatively few people were believed to have
>downloaded the bypass software.
>
>--
>
>On the Net: http://www.cyberpatrol.com

Re: New York teen-ager win $100,000 with encryption research (3/14/2000)

[Bram Cohen]

On Tue, 14 Mar 2000, Bill Stewart wrote:

> http://slashdot.org/comments.pl?sid=00/03/14/1924204&cid=39
> 
> Here's the first paragraph, and some of the other respondents had
> good commentary:
> 
> > I don't know how much of this is the reporting, 
> > either by the judges or the press, vs. how much is the 
> > winner's understanding of the technology involved 
> > (it sounds like it's her mistake, and the judges didn't understand it.)
> > The idea of stashing messages in DNA is cool, 
> > and doing the actual work to build it is definitely cool stuff 
> > for a high-school student. But the crypto isn't correct. 

No surprise there. The scientific merit of Westinghouse winners (I guess
they're Intel winners now) has always been dubious at best, and major
flaws in winning projects turn up all the time.

The competition doesn't seem to care. It's run as a marketing show, and
the ethics of promoting such an incredibly careless and political approach
to science are no concern of theirs.

-Bram Cohen

Re: Bill Joy suggests limits to freedom and research.

[Bram Cohen]

On Wed, 15 Mar 2000, Trei, Peter wrote:

> http://www.wired.com/wired/archive/8.04/joy.html.
> 
> Briefly, he argues that current advances in biotech,
> computers and robotics are creating such powerful
> instrumentalities that either we'll make machines smarter
> than ourselves, which will take over, or some nut will unleash
> a nanotech self-replicator or an engineered micro-organism
> to doom the human race.

It would have to compete with these already highly competitive nanotech
self-replicators we call 'bacteria'.

-Bram Cohen

Re: Bill Joy suggests limits to freedom and research.

[Richard Thieme]

Bill Joy certainly has reputation capital to burn,  but it is in the domain
of computer science (as he himself says) and not philosophical inquiry.
This article contains opinions and book reviews, not deep thinking into the
issues it merely suggests. It if *were* deep thinking, Wired would never
publish it.

The article is a swiftly moving river of name-dropping and a list of "books
I have read." The books are invoked in serial fashion from popular Silicon
Valley culture, but the critical implications and ideas are not integrated
into a synthesis, that is, these ideas are not digested and integrated into
a comprehensive insightful exploration. Yes, Bill Guy has done some great
work, but his critical thinking could use an assist from other disciplines
like the humanities with which he is not very familiar. One added quote
from Nietzsche does not count.

Why? Because an inquiry into what it means to be human requires an
understanding of culture and how symbols define our identities and very
selves, and a historical perspective that shows awareness of how identities
have shifted in the past, how values and cultures function in the human
equation, and how the older word for psyche - "soul" - can still play a
part in illuminating the possibilities for being human. I do not mean that
in any simplistic sense but as a distinction or domain that refers to a
distinctly human field of subjectivity. Joy may have had a drink with John
Searle (in one of the earlier meeting-dropping party-dropping name-dropping
indulgences) but he does not seem to have understood his analysis of
artificial intelligence.

So I disagree with your assessment of this article. It is very shallow and
continues the New Wired tradition of righteous Silicon Valley name-dropping
a la People magazine as a substitute for deep thinking and clear exposition.

Richard Thieme





At 11:20 AM 03/15/2000 -0500, Trei, Peter wrote:
>I'd like to suggest that people take a serious look at Bill Joy's 
>"Why the future doesn't need us",  the cover article 
>in the current Wired magazine. It can be found online at
>http://www.wired.com/wired/archive/8.04/joy.html.
>
>Bill (one of the Great Old Men of the Internet, with vi, BSD,
>Java, and Jini to his credit) it not a nut. He has reputation
>capital to burn. He's talking about the possible imminent end 
>of the human species.
>
>Briefly, he argues that current advances in biotech,
>computers and robotics are creating such powerful
>instrumentalities that either we'll make machines smarter
>than ourselves, which will take over, or some nut will unleash
>a nanotech self-replicator or an engineered micro-organism
>to doom the human race.
>
>Bill suggests that perhaps we need to consider if there are 
>technological areas where we should not venture, because 
>of the potential danger of the knowledge. 
>
>This article is important, not only for what it says, but also 
>how people are going to use it. It is manna from heaven to 
>those who would further centralize and tighten control over
>people, and will undoubtedly be cited by those who would
>restrict privacy and anonymity.
>
>This article is partially a dystopic response to Kurzweil's
>"In the Age of Spiritual Machines", a book which I found
>provocative, if flawed.
>
>Peter Trei
>
>
>
Richard Thieme 


  ThiemeWorks ... professional speaking and
  business consulting:
ThiemeWorks
P. O. Box 170737the impact of computer technology
Milwaukee Wisconsin on people in organizations:
53217-8061  helping people stay flexible 
voice: 414.351.2321 and effective
fax: 414.351.5779   during times of accelerated change.
cell: 414.704.4598

http://www.thiemeworks.com
http://www.richardthieme.com  - for information on Professional Speaking

$50 FREE $50 FREE $50 FREE $50 FREE $50 FREE $50 FREE

[real_deal0]

  N E E D   I   S A Y   M O R E ?
   
  O K A Y . . . . .


  H U R R Y   B E F O R E   T H I S   O F F E R   E N D S !

S E N D  A  B L A N K  E M A I L  H E R E:

mailto:[EMAIL PROTECTED]?subject=$50_FREE!




To be removed send blank email here:

mailto:[EMAIL PROTECTED]?subject=Remove_Please

An ICQ Greeting from Joanne Smith

[Joanne Smith]

You have a greeting from Joanne Smith waiting for you at:

   http://icq.americangreetings.com/cgi-bin/greetings/read.pl5?msg=384430&id=1007 

 Be creative!
 Create your own ICQ Greetings at http://www.icq.com/greetings/ 
 If you don't have ICQ you can download it at http://www.icq.com 
 For more greetings visit here: 
http://www.icq.com/redirect/partner/ag/gallery/email.html

MG's Daily Security Brief

[mean-green]

(MSNBC, 9 March) According to MSNBC, a group of Internet activists is
set to release its own software tool designed to cripple Web sites.  The
distributed denial of service attack tool to be released by the
"Electrohippies" group will allow thousands of protesters to aim their
computers at a single Web site, effectively jamming a company's Internet
presence. But the attacks will be fundamentally different from last
month's crippling of Yahoo, eBay and other major sites. The victims will
be warned before the attacks, according to the tool's authors. Described
as a virtual sit-in, online protesters will gather via modems and work
together to disrupt a company with policies they want to protest.  The
group reportedly has yet to decide on its exact victim, but the protest
will be focused on genetic modification of food crops.  Last November,
the Electrohippies staged a protest of the World Trade Organization
using this technique.


(Boston Globe, 9 March)  The Boston Globe is reporting that a hacker
broke into an MIT computer system and altered the grades of 22 students
in a biology class, institute officials said yesterday. The grades of 20
of 120 students in an undergraduate cell biology class were reportedly
lowered, while two others were given higher marks. The professor and
teaching
assistants for the class declined to talk about the investigation, but
an institute spokesman said officials have identified someone from
outside the class as the culprit. The spokesman would not say whether
the person was a student at MIT.


(Internet News, 9 March) Curador, the cracker who has stolen credit
cards from at least eight
small e-commerce sites and then posted them online, is growing more
brazen by the minute. In
an interview with InternetNews Wednesday, Curador claimed he has hit
five new Web firms and
will soon publish hundreds more stolen credit card numbers at a new
site, which he said he
registered using one of the stolen cards. "Law enforcement couldn't hack
their way out of a wet
paper bag. They're people who get paid to do nothing. They never
actually catch anybody," said
Curador. After hitting his first on 31 January, Curador has so far
eluded arrest.


(CNET News, 9 March) Microsoft today confirmed a security hole in
Windows 95 and Windows 98 that could result in problems for Web surfers
or users of particular email programs. The hole could also potentially
be used to create more significant system damage, experts say. The
vulnerability, which was just discovered, works by forcing a computer to
process a certain
sequence of characters. A user could encounter this situation in several
instances: when
downloading a Web page that has been embedded with malicious code, when
opening an email
message on Hotmail or some other Web-based email service or simply by
typing the code at a
DOS prompt. When a computer encounters the sequence of characters and
tries to process them,
it crashes.  Microsoft confirmed the vulnerability, which is a type of
"Trojan horse," and said it is working on a patch.


(Scripps Howard News Service, 9 March) June Neptune, a Florida
businesswoman said that a computer hacker cost her business $500,000,
eventually forcing her to shut down operations and lay off 100
employees.  Neptune told the Senate Small Business Committee that
"Technology is changing everyday and small businesses just cannot raise
the money to install screening systems to keep out hackers ."  Business
groups testified that computer hacking incidents more than doubled in
the last year and are "shaking the foundations" of young Internet firms.


(Newsbytes, 10 March) A long-anticipated White House document that
recommends broader powers for law enforcers in monitoring Internet
traffic drew mixed responses, earning praise from some in the high-tech
industry, while drawing sharp criticism from civil libertarians.
"Anonymity on the Internet is not a thorny issue; it is a Constitutional
right," the American Civil Liberties Union wrote in a letter to Attorney
General Janet Reno today. The ACLU was responding to a report, unveiled
earlier today, entitled "The Electronic Frontier: The Challenge of
Unlawful Conduct Involving the Use of the Internet." The report - a
product of the President's Working Group on Unlawful Conduct on the
Internet - contends that law enforcers need new "tools" for combating
the rising tide of electronic crime.


(U) (Federal Computer Week, 9 March)  The best way to secure the
Internet is to make the Internet itself stronger, a member of the
President's Information Technology Advisory Committee testified
Wednesday before Congress.  Many security problems faced by agencies and
industry stem from administrators not paying close enough attention to
their systems, Raj Reddy, co-chairman of the PITAC and a computer
science professor at Carnegie Mellon University, testified before the
Senate Commerce, Science and Transportation Committee's Communications
Subcommittee.  "Rather than leaving the Internet vulne

MG's Daily Security Brief

[mean-green]

(03/09/00, 12:33 p.m. ET)
By Reuters


WASHINGTON, D.C. -- A top cyber security expert blasted
software developers Thursday for marketing flawed products
that he said boosted the Internet's vulnerability to high-tech
hacker attacks.


"There is little evidence of improvement in the security features
of most products," said Rich Pethia, director of a federally funded
computer emergency response operation at Carnegie Mellon
University in Pittsburgh. "Developers are not devoting sufficient
effort to apply lessons learned about the sources of vulnerabilities."


Pethia made his comments to a congressional panel looking into
the denial of service attacks that disrupted access to popular
websites last month for a few hours at a time.


He said his organization, which responded to more than 8,000
computer security incidents last year, up from 132 in its first full
year of operation 10 years earlier, had found the same types of
security defects in newer versions of products as in earlier ones.


FULL STORY:
http://www.techweb.com/wire/story/reuters/REU2309S0005


*
*
*


Chinese web site hit by hacker


By James Kynge in Beijing - 10 Mar 2000 15:08GMT


A computer hacker has inflicted China's first serious attack on
a domestic website, in a development that is expected to fuel the
debate on internet security and regulation.


Chen Yongjian, chief executive of IT163.com, a large e-commerce
website that sells goods from 50 of China's top stores, said his
website had been inoperable since Thursday morning.


"It is just like the recent hack attack that shut down Amazon.com
and the other US sites. He bombarded the site with so many
messages, the system could not cope," said Mr Chen.


"The police have launched an investigation. They have found his
IP (internet protocol) address but he seems to have been using
some public computers and so it may not be easy to catch him,"
he added.


FULL STORY:
http://news.ft.com/ft/gx.cgi/ftc?pagename=View&c=Article&cid=FT32PMMUN5C
&li
ve=true&tagid=ZZZC00L1B0C&subheading=information%20technology


*
*
*


Credit-card numbers stolen via known security hole


By Ann Harrison
03/10/2000


A 2-year-old security hole in Microsoft Corp.'s Internet
Information Server (IIS) software let a computer cracker download
thousands of credit-card numbers from e-commerce sites recently
and post them on the Internet.


A patch for that hole has been available for 18 months. But
webmasters at small companies say they don't have the resources
to keep up with all of the patches needed to keep out malicious
hackers, also known as crackers.


FULL STORY:
http://www.idg.net/servlet/ContentServlet?global_doc_id=148407&page_id=7
12&
content_source_id=5&return_spot=ts2&logger_loc=front_pages%2Fenglish


*
*
*


French Banks Hacked


By Sylvia Dennis, Newsbytes
March 11, 2000


An unknown hacker or group of hackers caused havoc in French
banking circles late this week after the 96-digit encryption algorithm
underlying the Cartes Bancaires system was posted on the Internet.


Some sources suggest that the code was posted to several
Usenet group conferences, with widespread pickups by the
media and other interested parties in France.


Cartes Bancaires (CB) has assured its customers - which include
the majority of banks and their smart card bank card users in
France - that the system is still safe.


However, Newsbytes' sources suggest otherwise. The release of
the encryption code effectively allows fraudsters to create dummy
smart card bank cards that contain account details that match the
checksum system applied to the interbank card system.


FULL STORY:
http://www.currents.net/newstoday/00/03/11/news4.html


*
*
*


For the Internet age, China builds 'Great Firewall'


Censors block 'politically sensitive' Web sites: No New York Times, but
porn is deemed okay


MIRO CERNETIG
China Bureau
Saturday, March 11, 2000


Beijing -- Two thousand years ago, China's emperors built the
Great Wall to keep out unwanted influences. In the age of the
Internet, however, the Communists are constructing a different
barrier: the Great Firewall, a top-secret censorship system that
is an attempt to control what 1.3 billion 

Re: "Structured Water"

[Michael Motyka]

Agreed.

While water definitely has structure and the structure is altered by the
presence of other substances it's pretty dynamic. The only persistent
structure created by their "work" is the business structure and the
cause is more one of profit margin and placebo effect than trained
liquids.

Mike

Sorry, my mistake.

[`sháman]

To Wayne Rad: Sorry, man. My mistake. You've never made a fucking mistake before?

To everyone on the list, please accept my apology for forwarding the spam message. It 
was not my intent to do so.

On Tue, 14 Mar 2000 09:40:17 GMT Wayne Rad <[EMAIL PROTECTED]> wrote:

Thanks for telling us all spammers must die AND REPEATING THE
ENTIRE SPAM MESSAGE

Re: Bill Joy suggests limits to freedom and research.

[Duncan Frissell]

At 11:20 AM 3/15/00 -0500, Trei, Peter wrote:
>I'd like to suggest that people take a serious look at Bill Joy's
>"Why the future doesn't need us",  the cover article
>in the current Wired magazine. It can be found online at
>http://www.wired.com/wired/archive/8.04/joy.html.

I printed it out and will be working my way through it.

Sounds like 50's SF films vs. 50's written (US) SF.  "There are some things 
man was not meant to know" vs. "men as gods".

Traditional fight.

As to future risks to freedom - we weren't thinking of asking permission in 
any case.

DCF

"They can attempt to outlaw weapons but they can't outlaw the Platonic 
Ideal of a weapon and modern technology makes it absolutely trivial to 
convert a Platonic Ideal of a weapon into an actual weapon whenever one 
desires."

"Structured Water"

[Eric Cordian]

Shame on Wired News, for confusing flim-flam and science. 

http://www.wired.com/news/technology/0,1282,33749,00.html

"A new book offers proof that homeopathic treatment is effective,
 showing how its watered-down doses, which defy conventional medical
 wisdom, work on the body. By Andy Patrizio.

"With a little help from a scientist looking for a way to clean car
 engines, a physician has been able to explain the confounding paradox
 behind why homeopathic medicine gets more potent as it's diluted.

"Lo said every substance exerts its own unique influence on the water, so
 each cluster shape and configuration is unique to the substance added.
 With each dilution and shaking, the clusters grow bigger and stronger.
 This water, which homeopaths call "potentized," is considered "structured
 water," because the water molecules have taken on a shape influenced by
 the original substance.

"The clusters start to assume a form that mimics the structure of the
 original substance itself. So even though the chemical can no longer
 be detected, its "image" is there, taken on by the water molecules."

Yeah, right.  

Wired News.  If it weren't free, I wouldn't read it. 

-- 
Eric Michael Cordian 0+
O:.T:.O:. Mathematical Munitions Division
"Do What Thou Wilt Shall Be The Whole Of The Law"

VMware for Linux License Key

[WebForm]

** Please do not reply to this email **

Dear Joe Cypherpunk,

Thank you for downloading VMware for Linux.


Please find attached to this email message a file containing 
your license. 

If you own a 1.x license, you will already have a file 
named "license" in the .vmware directory. Be sure not to 
overwrite it with this new license file so you have the 
option of returning to using VMware 1.x for Linux.

The new version of the product requires only that the name 
of the file begin with "license". You may, for example, save 
the 2.0 license as "license20". 

In case your email reader does not support MIME encoding, the 
file is included as text at the bottom of this message. Copy 
the text between the "Cut Here" lines and save it as the license 
file, as described above.

As a reminder, you may report any problems, issues, or comments 
you may have in using the product to the VMware Technical Support 
team. To file an incident report, please go to
http://www.vmware.com/forms/Incident_Login.cfm
and complete the form provided.

Thank you for your interest in VMware. We hope you have a successful 
experience in using our product.

Best Regards,
- The VMware Team

--- Cut Here ---
# VMware software license
Fields = "Cpt, Name, Email, LicenseType, LicenseClass, LicenseFeature, Count, 
LicenseKey, ProductID, ProductType, Expiration"
StartFields = "Cpt, Name, Email, LicenseType, Field2"
Field2 = "LicenseClass, LicenseFeature, Count, Field3"
Field3 = "LicenseKey, ProductID, ProductType, Expiration"
Cpt = "COPYRIGHT (c) 1998-2000 VMware, Inc."
Name = "Joe Cypherpunk"
Email = "[EMAIL PROTECTED]"
LicenseType = "User"
LicenseClass = "Evaluation"
LicenseFeature = "None"
Count = "1 of 1"
LicenseKey = "34752_000"
ProductID = "VMware for Linux"
ProductType = "2.0"
Expiration = "2000-4-15"

Hash = 2456f447-e0b807c5-613486d3-58354acc-e3687637

--- Cut Here ---


 license_34752_000

Tim May as Louis Farakkan

[cypherpunks]

Orwellian.Org wrote:
#Tim May wrote:
##
##If one is more than 1/128th negro, one is "African-American." Though
##I've never understood why this is not just marked "niggah," as niggah
##is what the niggaz almost always refer to each other as.
#
#No, they don't.
#
#What an asshole.

[EMAIL PROTECTED] wrote:
#
#Yes, they do. And Fuck Off.

It's unfortunate that Tim May's social interactions (read: working
in an office) were terminated by too much money, because he sorely
needs some real world experience to avoid going wacky.

I've worked with plenty of blacks, and I've never heard them call
each other "nigger", which Mr. May is apparently unable to spell.

Given May's aversion to minorities ("When I saw a sign in Spanish
I knew it was time to move"), it's unlikely he heard such himself
on the street. Occasionally it is heard during comedy shows (Richard
Pryor, Whoopi Goldberg).

Other than that, how does he come up with such a statement?

Answer: his use of language is similar to Louis Farakkan, who
said "Hitler was a great man". Bucannan sympathizes: after all,
they are "technically accurate" because they _meant to say_ that
the German people thought Hitler was a great man.

So, without actually stepping up to the plate and saying he
thinks blacks are disgusting creatures, one gets statements
like: ~"I've never understood why they're not called niggers".

Not only is there no crypto-relevance to this hateful crap,
it's hateful crap. The cypherpunks are saddled with this asshole.

This is the same rich weirdo (RHPS ;-) who thought civilization
might collapse at Y2K, and started burying gold in the ground.

What May is doing here with this crap is a puzzle.

Perhaps he just can't shut up about his hate for minorities.

VT

"Hitler was a great man" ---Charles Lindbergh