Date: Mon, 15 May 95 11:28:34 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V6#045
Computer Privacy Digest Mon, 15 May 95 Volume 6 : Issue: 045
Today's Topics: Moderator: Leonard P. Levine
Re: What are the VISA Codes?
Death Lists for Junk Mailers
National Caller ID
Re: Could What You Post be Used to Profile You?
Nautilus foils wiretaps
Info on CPD [unchanged since 12/29/94]
----------------------------------------------------------------------
From: bo774@freenet.carleton.ca (Kelly Bert Manning)
Date: 11 May 1995 07:50:59 GMT
Subject: Re: What are the VISA Codes?
Organization: The National Capital FreeNet, Ottawa, Ontario, Canada
Mike Leach (mleach@equity2.sbi.com) writes: Recently, a senior
citizen friend of mine may have been the intended victim of a
phone scam. The caller said my friend had won (at least) $2500
worth of prizes... The grand prize was a car and she was one of
only 5 finalists. All that was required was a small ($750)
purchase made with her (my friend's) visa card.
Sounds like it was a sure bet for a Scam, not just a may be.
I mentioned this over a year ago when the previous moderator expressed
a lack of concern about Caller ID/ANI revealing home phone numbers. If
someone has your unlisted number, captured from a call to an unrelated
number and peddled to a scammer, it makes it sound much more credible.
Since then it's been in the news here repeatedly and the national
"Phone Buster" operation continues to get lots of calls from people
who've been scammed. Some of these end up over $100K before people
realize it is a case of kissing their money goodbye.
Valerie McLean, head of the Vancouver Better Business Bureau, has said
several times that this racket has sucked over a billion $ out of the
bank accounts of Canadian business people and seniors, who for some
reason are the preferred suckers on these lists. I suppose it's because
they are people who tend to have money available to spend.
It's surprising the business people seem to be such easy targets, I'd
have expected that someone who can keep a business going would we more
careful with their money and a little more practical about sending such
large amounts to strangers without any checking.
Often the business people get onto the sucker lists after a mail type
scam involving contests involving the purchase of pens, keychains or
other "promotional" items with the company name or logo on them. These
are over priced and the prizes are junk or non-existent.
------------------------------
From: Paschos Mandravelis <pmandr@leon.nrcps.ariadne-t.gr>
Date: 11 May 95 10:52:35 +0300
Subject: Death Lists for Junk Mailers
Junk mail groups demand updates of death lists (by Diane Summers
Financial Times, International Edition, 5/10/95)
Direct marketing companies in UK (...) are lobbying the government for
a change in the law which will allow them access to daily lists of
deaths.
(...) According to Mr. Colin Lloyd Direct Marketing Association chief
executive "a significant proportion of the 800.000- 900.000 people who
die each year must be on a database somewhere"
(...) A change in the law will be needed for the office of Population
Censuses and Surveys, the body which holds the names and addresses of
those who have died, to be allowed to give them to commercial
organisations.
------------------------------
From: QBKY95A@prodigy.com (Charles Pinck)
Date: 11 May 1995 20:01:50 GMT
Subject: National Caller ID
Organization: Prodigy Services Company 1-800-PRODIGY
Two weeks ago, before the FCC announced its approval of national caller
ID (which I presume will take some time to implement), I received a call
in Washington, DC from a friend in San Francisco and her number appeared
on my caller id unit. Has anyone else had a similiar experience?
-
CHARLES PINCK QBKY95A@prodigy.com
------------------------------
From: wtangel@cais.cais.com (Bill Angel)
Date: 13 May 1995 17:50:45 GMT
Subject: Re: Could What You Post be Used to Profile You?
Organization: Capital Area Internet Service info@cais.com 703-448-4470
Jeff Brown <JF_Brown@pnl.gov> wrote: My company is downsizing, and
someone from a Contract Programmer firm called me to solicit me to
join them. So I guess they heard of the downsizing, and somehow
got a list of employees, and perhaps of employees in Information
Technology. I suspect the latter, but I don't know their
information source.
I work for a technical services firm as a contract programmer, and
these firms are continually soliciting their employees as to whether
they know anyone who might be interested in going to work for them as
programmer/analysts. This firm will even pay $500 to their employees if
they provide them with a referral that leads to a new hire for the
company. So it is quite possible that someone at your company who is
actually an employee ofa technical services firm who works at your site
on a contract referred you to his own employer as a possible hire.
--
Bill Angel
------------------------------
From: starman@moa.com (Starman)
Date: 13 May 95 05:12:36 GMT
Subject: Nautilus foils wiretaps
Organization: Sonnet Networking - Stockton Modesto Sonora (800)664-1958
I was told today of a piece of software called "Nautilus". It is
supposed to take the PGP idea into the voice communication arena.
Whereas I give you a Public Key feed yours into Nautilus and then make
a voice call using my modem.
I have never heard of it and I was wondering if and how it works and or
exists.
It would have to run over digital lines in packet format, wouldnt it?
[moderator: This was taken from RISKS-LIST: Risks-Forum Digest
Saturday 13 May 1995 Volume 17 : Issue 12 FORUM ON RISKS TO THE PUBLIC
IN COMPUTERS AND RELATED SYSTEMS (comp.risks) ACM Committee on
Computers and Public Policy, Peter G. Neumann, moderator]
From: simsong@acm.org (Simson L. Garfinkel)
Date: 11 May 1995 15:43:02 -0400
Subject: Nautilus foils wiretaps
PC SOFTWARE FOILS WIRETAPS 5/10/95
By SIMSON L. GARFINKEL
Special to the Mercury News
As the U.S. Senate debates granting the Federal Bureau of Investigation
new powers to wiretap personal communications, three West Coast
computer programmers have planned their own preemptive strike: a free
program, distributed on the Internet, that renders legal and illegal
wiretaps useless.
The programmers, Bill Dorsey of Los Altos, Pat Mullarky of Bellevue,
Wash., and Paul Rubin of Milpitas, plan to release today a program that
turns ordinary IBM-compatible personal computers into an untappable
secure telephone. It uses an encryption algorithm called ''triple-DES''
that is widely believed to be unbreakable.
''Electronic surveillance by the government is on the rise,'' says
Dorsey, the group's lead programmer. ''There also exists an equally
large threat from the private sector as well: industrial espionage.
Foreign governments are interested in wiretapping and getting
information out of our high-tech firms.''
Called Nautilus, the program is being released as an attack on the
Clinton administration's national encryption standard, the Clipper
chip. Civil rights groups have criticized the Clipper initiative, since
the federal government holds a copy of every chip's master key and can
use that key to decrypt -- or decode -- any Clipper-encrypted
conversation. But since the keys used by Nautilus to encrypt
conversations are created by users, the government does not have a
copy.
A nod to Jules Verne
Nautilus has another advantage over Clipper: Whereas AT&T's
Clipper-equipped Telephone Security Devices Model 3600 costs $1,100,
Nautilus is free program.
''You don't need any special expensive hardware for it. You just use
ordinary PCs,'' says Rubin.
The name ''Nautilus'' was taken from Captain Nemo's submarine in the
Jules Verne novel, ''20,000 Leagues Under the Sea.'' But whereas
Nautilus the sub was used to sink Clipper ships, the programmers hope
that their creation will sink Clipper chips.
To use Nautilus, both participants must have a copy of the program and
an IBM PC-compatible computer equipped with a Sound Blaster card and a
high-speed modem. The two participants must also agree upon a series of
words called a ''pass phrase,'' which is used to encrypt the
conversation. Both participants run the program and type in the pass
phrase; one person instructs their computer to place the telephone
call, the other instructs their computer to answer.
Once the call is in progress, either user must press a key on their
computer in order to speak, similar to using a hand-held radio. But
unlike walkie-talkies, the users can interrupt each other.
Could help criminals
Such innovations could lead to conversations that would be practically
foolproof from eavesdropping, either by pranksters or the government.
It could become invaluable in future years to financial institutions
and other corporations involved in sensitive negotiations.
''It will certainly be beneficial to many citizens and many other users
of it,'' says Jim Kallstrom, assistant director of the Federal Bureau
of Investigation's New York field office. ''I suspect that it also will
be beneficial, unfortunately, to criminals.
''I would hope the extremely enterprising and smart people that we have
in this country would work toward solutions that would not only protect
the communication of citizens . . . but would also allow the law
enforcement objectives to be maintained.''
Rubin stressed that while Nautilus was a challenge to write, it ''isn't
rocket science.'' Much of the program, in fact, was assembled from
parts that already were available on the Internet, the worldwide
network of computer networks. It will even be easier to construct
programs similar to Nautilus once Microsoft releases its computer
telephony system for Windows 95. ''It will be impossible to keep a
program like Nautilus out of the hands of people who want it,'' Rubin
said.
Gene Spafford, a professor of computer science at Purdue University who
is an expert on computer security, said: ''It will be interesting to
see what reaction this provokes from the government.'' Nevertheless,
Spafford said, in order for encryption to be widely adopted, it will
have to be ''built into the phones.''
Dorsey said that anybody in the United States who has Internet access
can download the program. For the instructions, use the Internet FTP
command to connect to the computer FTP.CSN.ORG. Change to the ''mpj''
directory and retrieve the file called README. Use a text editor to
read the README file, which contains some fairly complex instructions
on how to get the actual Nautilus file.
This computer has been set up so that the program cannot be downloaded
by people located outside the United States. ''I intend to follow all
laws regarding the release of cryptography,'' he said.
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 29 Dec 1994 10:50:22 -0600 (CST)
Subject: Info on CPD [unchanged since 12/29/94]
Organization: University of Wisconsin-Milwaukee
The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.
This digest is a forum with information contributed via Internet
eMail. Those who understand the technology also understand the ease of
forgery in this very free medium. Statements, therefore, should be
taken with a grain of salt and it should be clear that the actual
contributor might not be the person whose email address is posted at
the top. Any user who openly wishes to post anonymously should inform
the moderator at the beginning of the posting. He will comply.
If you read this from the comp.society.privacy newsgroup and wish to
contribute a message, you should simply post your contribution. As a
moderated newsgroup, attempts to post to the group are normally turned
into eMail to the submission address below.
On the other hand, if you read the digest eMailed to you, you generally
need only use the Reply feature of your mailer to contribute. If you
do so, it is best to modify the "Subject:" line of your mailing.
Contributions to CPD should be submitted, with appropriate, substantive
SUBJECT: line, otherwise they may be ignored. They must be relevant,
sound, in good taste, objective, cogent, coherent, concise, and
nonrepetitious. Diversity is welcome, but not personal attacks. Do
not include entire previous messages in responses to them. Include
your name & legitimate Internet FROM: address, especially from
.UUCP and .BITNET folks. Anonymized mail is not accepted. All
contributions considered as personal comments; usual disclaimers
apply. All reuses of CPD material should respect stated copyright
notices, and should cite the sources explicitly; as a courtesy;
publications using CPD material should obtain permission from the
contributors.
Contributions generally are acknowledged within 24 hours of
submission. If selected, they are printed within two or three days.
The moderator reserves the right to delete extraneous quoted material.
He may change the SUBJECT: line of an article in order to make it
easier for the reader to follow a discussion. He will not, however,
alter or edit or append to the text except for purely technical
reasons.
A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18].
Login as "ftp" with password identifying yourid@yoursite. The archives
are in the directory "pub/comp-privacy".
People with gopher capability can most easily access the library at
gopher.cs.uwm.edu.
Mosaic users will find it at gopher://gopher.cs.uwm.edu.
Older archives are also held at ftp.pica.army.mil [129.139.160.133].
---------------------------------+-----------------------------------------
Leonard P. Levine | Moderator of: Computer Privacy Digest
Professor of Computer Science | and comp.society.privacy
University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu
| Gopher: gopher.cs.uwm.edu
levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu
---------------------------------+-----------------------------------------
------------------------------
End of Computer Privacy Digest V6 #045
******************************
.