#######################################
#                                     #
#                                     #
#     ========   =\    =   ======     #
#        ==      = \   =   =          #
#        ==      =  \  =   ======     #
#        ==      =   \ =        =     #
#        ==      =    \=   ======     #
#                                     #
#                                     #
#         <Tolmes News Service>       #
#         '''''''''''''''''''''       #
#                                     #
#                                     #
#  > Written by Dr. Hugo P. Tolmes <  #
#                                     #
#                                     #
#######################################


Issue Number: 06
Release Date: November 19, 1987


So far the beginning files are about halfway finished. This issue (#6) will
start off with news on protection against "Trojan Horses."




$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$


TITLE: HD Sentry: "Hard Disk Protection from Trojan Horse Programs"
FROM: The Computer Shopper
DATE: June 1987


PROTECTION FROM TROJAN HORSE PROGRAMS

     Every day, thousands of free programs are downloaded from public
bulletin board systems throughout the worl. While the system itself is
generally owned and operated by an individual, much of the contents of the
BBS come from the public domain. The system operators of these
bulletin boards, or sysops as they are affectionately called, rely on their
callers for new material that could be of interest to others. Some of the
material uploaded by users include articles, software reviews, program patches,
unprotects (ways to crack copy protection), pleas for assistance and, of
course, software. A problem has recently come to the attention of the user
community concerning the software uploaded to these systems. every once in a
while a program is uploaded to a BBS that, when run, maliciously attacks the
systems hard disk. Since these programs are disguised as innocent software,
they are referred to as "Trojan" programs.

THE TROJAN LEGEND

According to Greek mythology, Paris, son of King Priam of Troy,  brought Helen,
the wife of Kings Menelaus of Sparta, to Troy. Being somewhat agitated over
this occurrence, the Greeks sent an expedition to Troy in order to recover
Helen. For ten years, the Greeks and the Trojans fought to a stalemate.
Finally, however, a Greek named Odysseus devised a military stratagem that
would be remembered throughout time. The Greeks faked a retreat leaving behind
a large wooden horse as a "gift" to the residents of troy. Inside the large
horse however, was a squad of Greek soldiers. The unsuspecting  Trojans brought
the wooden horse into their city for all to see. That night,the soldiers that
had hidden in the horse came out and opened the gates to the city. The rest of
the Greek army, which had returned under darkness, was wating by the gates. By
daybreak, the slaughter was over. The term "Trojan horse" took on a meaning
that would forever go unchanged, a threatenin object that appears safe on the
outside.

TROJAN SOFTWARE SCENARIO

Every single one of us has been told, at one tim or another, that you can't
harm a computer by typing on it; software just can't damage hardware. A long
time ago (foore computer owners were warned
that a certain set of commands could permantently damage the PET monitors. This
was one of the first instances that a combination of software commands were
known to be hazardous to hardware. There is, however, one disastrous act that
almost any software program can do, and that is to erase, delete, format , or
otherwise damage a floppy diskette or, worse yet, a large capacity DASD hard
disk. People tend to be lazy and system back-ups don't occurs as often as they
should. When this situtation occurs, you have the potential for disaster. This
is where most Trojan programs tend to strike. It all begins by calling a
reputable BBS somewhere in North America. The first thing you do after you log
on is to see what neat new programs are availiable for downloading on the
system. You skip over the boring junk like system utility programs. After all,
how many people really use a debugger disk packer or file encryption utility?
But then, to your delight, you discover a listing you just can't pass up! Right
there, in modems reach, is the program called "WHATEVER.COM". The short
narrative that is displayed informs you that this program is a combination
widget counter and word processing package. Boy, you think, that is just what I
needed. A word processor AND a widget counter, in one fully integrated package!
Best of all the program is only 13K! No match for your 1200 baud Hayes modem,
you think as you begin the XMODEM download protocol. In a matter of minutes,
the file resides on your hard disk ready to be used.

You run the program and the disk drive light comes on. Then it stays on, for
what seems like eternity. "Gee," you think to yourself, "sure is taking a long
time to load a small 13K file." So you hit the good 'ol Ctrl-Alt-Del and rebbot
the system. Then comes the error message telling you to insert your DOS
diskette in A:. You realized minutes later that WHATEVER.COM has just eaten
your gard disk for dinner. All that remains are timing marks....


$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

NOTA:

As pointed out, Trojan Horses can be very dangerous to software. There are
many different opinions as to what a Trojan Horse program is. This article
used the definition of a Trojan Horse as a program that when used will destroy
a disk (format it or erase all files) or will change the disk in some way.

One other definition of a Trojan Horse is the type that can be used on a Unix
and allows you to capture another user's LOGIN and password. There are
other opinions as to what the words "Trojan Horse Program" actually mean.

The Trojan Horse described in this article might better be described as
a "Logic Bomb" or a "Virus Program". Again, the definitions for these
programs vary.



$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$


TITLE: Check This: Ma Bell is a Generous Soul
FROM: The Ann Landers syndicated advice column
DATE: July 1, 1987


Dear Ann Landers: I think I can top the person who wrot complaining  thne compan
y. Talk about garbage in, garbage out!
When AT&T split with Bell we had three phones in our house. The equipment
belonged to Ma Bell and the service belonged to AT&T. After we returned all the
phone equipment to Ma Bell, we received a bill for $0.00. My husband and I took
turns calling people to get this straightened out. Shortly after that we were
informed that our bill for $0.00 was overdue. My husband, just to be cute, sent
a check to Ma Bell for $0.00. A few weeks later, we recieved a check for $5 and
a note thanking us. We didn't cash the check the check, thinking this had to be
a mistake. Several months later, we received another computerized bill for
$0.00. We called again, got nowhere, so we sent another check for $0.00. A few
weeks later we recieved another $5 refund with the same thank you. This went on
every three months for two years. Now we are down to once a year and have given
up trying to straighten this out. We just cash the $5 and forget about it. They
say that computers don't make mistakes, but people sure do. Someone out there
likes us very much, or they are very stupid.

 -Linda K.R. in California


$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

NOTA:

Just a humorous little article I decided to print....


$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$


TITLE: Sign In and then Sign On
FROM: The Chicago Tribune
DATE: June 20, 1987


     James Dao says he has a foolproof way to foil computer hackers who ferret
out secret passwords and spy mechanically. Punt the passwords, Dao
says. Using software developed by Dao's company, Communications Intelligence
Corp. (CIC) of Menlo Park, Calif.,  computer users must sign in in order to
sign on. CIC's Handwriter program  allows you to sign your name with an
electronic pen on a flat plastic plate  underlaid with a grid of wires. The
computer then analyzes your signature  against several that you have
previously submitted to make sure that it's not a forgery before giving you
access to informations. The handwriting analysis is more sophisticated than a
simple comparison of letters. According to Dao, the company takes into account
how quickly you write and how you accelerate from beginning to end. It
also examines the points at which you apply most pressure with the pen. All
of these factors are unique to your signature. Signature analysis is only
one part of the Handwriter program. Other features include the ability to
write longhand memos and letters that the computer translates into
printed material. Right now, the technology is availiable only for
mainframe and personal computers, Dao says. But one day, he predicts,
businessmen will sit on planes scribling with electronic pens on
plastic plates attached to laptop computers. "We're opening up computers
to a segment of the population that's afraid of typing," he explains.


$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

NOTA:

This type of technology might be the computer security of the futur the downfall
 of computer security. If the logins were determined
by the handwriting analysis ONLY and no passwords or logins, then a good forger
or hacker might be able to trash a business for different signatures. The
signatures would be different every time and the security wouldn't be too
accurate. Don't be too scared by this article. This type of security is far
into he future and it may never even be used.



$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$


TITLE: How to Beat Phone Assault
FROM: .. some small town newspaper
DATE: June 25, 1987


NEW TECHNOLOGY

Thanks to improved technology, phone call tracing, known to police as putting
a "trap" on the line, is now a feasibile solution. Forget about old
movies that depict police urging the perspiring victim to "Keep him
talking-stay on the line!" while the diligent telephone engineers hurry through
racks of wires to pinpoint the origin of the call. It's all computerized now,
and the trap is quick and decisive, with a success rate, says Abel, "near 100
percent. With our computerized switching center, it's almost
instantaneous." To obtain a telephone trap, a customer with persistent
harassing calls must notify police. The police then contact Illinois Bell and
the trap is installed. A trap costs  $20 for a week, $7 each additional
week. In life-threatening situtations,  there is no charge. Although Illinois
Bell quickly locates every call made  during the trap, legalities often cause
a time lag in providing the information to police. Police eventually release
the caller's identity to the victim and the caller is arrested. Maximum penalty
is a six-month sentence and a $500  fine. However, as of June 1, the new
state legislation requires a police  subpoena to obtain phone trap
information from Bell, a process lasting as long as one month.


$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

NOTA:

 "a 'trap' on the line"- refers to CLID (Calling Line Identification)

 "computerized switching center"- refers to ESS (Electronic Switching
system)

The good news on this article came at the end when the reporter explained how
there are new restrictions in releasing the results of a "trap" on the line.
This helps to protect an individual's/phreak's rights.



$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$


TITLE: Prisoner Phone Phreaks
FROM: Tolmes News Service Magazine (Issue #6)
DATE: November 19, 1987


This article is just something I am writing on the events that happed at
the Dade County Jail in Miami, Florida. This information mainly comes
from different AT&T Newslines. This is not a transcript of the newslines but
is the news on what has been going on in the Dade County Jail. The Dade
County Jail in Miami, Florida was slapped with a phone bill of $153,000.
It seems that the inmates were blue boxing, using AT&T Calling Cards,
billing to third parties, and conning operators. One call on Thanksgiving was
to Columbia and lasted about 3 hours. Another call to a dial-a for about 4 hours
 and cost $220. The police are now investigating and
the county's taxpayers are going to have to pay the bill. The payphones at
the prison are supposed to be used for local calls only. This type of prison
phone fraud has been happening at a number of prisons. Supposedly, a leader
of a criminal organization known as the El Rukns was put into prison on drug
charges. According to all reports, the gang leader had a conference with Momar
Khadafi in which he offered to do acts of terrorism. All of the conversations
took place while the man was in prison. Many prisons have stopped the phone
fraud by lessening the number of phones and monitoring calls. Hmm... phreaks in
prison....



$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$


TITLE: Suburban Kids are Too Dumb to Steal
FROM: The Chicago Tribune (Mike Royko's column)
DATE: July 14, 1987


     It's sad, but even amount the well-to-do, being a parent can be a
depressing experience. You give the kid all the advantages that money can buy-
good schools, tennis lessons, riding lessons, a personal computer, a low-slung
car, stereo, CD player, summer camps, music camps, diet camps and a ticket to
one of the better universities. All that, and the kid turns out to be a mope.
That's the sinking feeling that is currently experienced by several dozen North
Shore families. The story begins several weeks ago in a White Hen Pantry store
in Glenview, when a businessman stopped to use the pay phone to make a
long-distance call. In making the call, he gave the operator his telephone
credit-card number. He didn't realize it, but a 17-year-old boy from Northbrook
was standing nearby. When the lad heard the man give his credit-card number, he
alertly jotted it down. The businessman didn't know it of course. It wasn't
until he received his next phone bill that he suspected that some. Strange? He
almost jumped out of his shoes. There were more than 100 calls that he never
made. He called the phone company to see if a mistake had been made, maybe a
glitch in the computer. No, the calls had been made. So he and the phone
company started investigating. As you probably guessed, the kid in the White
Hen had said "goody," or something to that effect, and began using the
credit-card to phone his pals. Then, being the sharing sort, he passed the
number on to his friends, And they began charging calls. There were calls-local
and long distance- being made from Winnetka, Lake Forest, Glenview, Northbrook,
Skokie, Bensenville, St. Charles and other suburbs. One young lady went off to
the National Music Camp in Interlochen , Mich., and she generously shared the
credit-card number with her fellow music campers. Some of them were from
Europe, so they used the number to call home or friends in Israel, West
Germany, Ireland, and England. A girl who phoned a friend in England gave the
credit-card number. So the friend in England used it to call a friend in
Arizona. All of this was easy to establish, for two reasons. Reason number one.
As I se well educated, well-bred young people turned out to be
dense. They didn't realize that the number of the phone they used would shoe up
on the businessman's bill. And the well-bred dopes were calling from their own
homes, the music camp's phone and, in one case, from Grandma's house. Reason
two. The moment that they were confronted with the evidence-their own phone
numbers-they eagerly squeled on each other. The businessman, who asked that his
name be withheld, said: "The amazing thing is that these are all brilliant,
well-to-do kids. But they didn't know that the phone calls caught so easily.
     "And it's not like they're lacking financial support. They come
from families with money. Some of them are spending wonderful summer vacations
all over the world. One is traveling to Turkey, one in South America.
"They're in the top of their class, in debate clubs, getting music
scholarships. Some are going to MIT and Princeton. Their parents are well
off. One is a child psychiatrist. "And the reaction of the parents is amazing.
One guy said to me: 'That's impossible. My son is a brilliant student, and he
is going to Princeton.' When he realized what his Princeton kid had
really done it, he almost went into shock. "Another told me: 'You are to
blame, too. If you had been more careful, they wouldn't have gotten the
number.' Imagine that? He blamed me for his kid being a little crook because I
didn't whisper my number to the operator." And another woman pleaded
witht he businessman not to tell the grandmother, whose phone had been used
for some of the calls. They were  afraid that their son would be cut out
of Grandma's will. The phone company's  computers haven't come up with the
final figure for the phone bill, but with all the long-distance and trans
continental calls, it's expected to be  enormous. And who will pay it? Not the
businessman, of course. It will come  from all of those bright kids' mommies
and dadies. It's also possible that  warrants will be issueed for fraud by
wire, which, if pursued, can result in  five-figure fines and jail terms. "And
if they had just used payphones," the  businessman said, "there wouldn't have
been any way to trace them." That just  shows there can be gaps in the academic
programs at even the best private and  suburban schools. What they need is a
course in Remedial Stealing.


$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

NOTA:

Just something on some kids who did something that they shouldn't have.
The kids involved were incredibly stupid (or rather ignorant since they are