CRYPT NEWSLETTER 34 October-November 1995 Editor: Urnst Kouch (George Smith, Ph.D.) Media Critic: Mr. Badger (Andy Lopez) INTERNET: 70743.1711@compuserve.com Urnst.Kouch@comsec.org crypt@sun.soci.niu.edu COMPUSERVE: 70743,1711 зддддддддддддддддддддддддддддддддддддд© Ё Contents: Crypt Newsletter #34 Ё юддддддддддддддддддддддддддддддддддддды THIS ISSUE BOOKS The Real Cyberpunk Fakebook Giant Black Book of Computer Viruses The Emperor's Virtual Clothes NEWS National Reconnaissance Office secret fund Keeping up with the NRO's cash flow National Vanguard mail-bombs MEDIA The low spark of well-heeled noise SOFTWARE Dr. Solomon's Anti-virus Toolkit Symantec dirt LEGAL Computer viruses and institutional liability MISCELLANY Letters page Glossary Crypt Newsletter database Crypt Masthead Info Credits/Acknowledgements CYBERSPACE: THE LOW SPARK OF WELL-HEELED NOISE ACCORDING TO FRONTLINE On Halloween, FRONTLINE ran "High Stakes in Cyberspace," one of the best snapshots of the near future of on-line bizness Crypt Newsletter has seen. Host Robert Krulwich was critical - even almost nasty - as PBS's investigative team trotted around to get the goods on the ZIMA Web homepage, the Washington Post's Digital Ink and other stuff being sold by an assorted group of ad agents posing as info-highway gurus. The Post's Digital Ink, a so-called electronic version of the newspaper, was shown as a project its editor was tricked into revealing as fundamentally a mechanism for blurring the distinction between editorial and advertising content. Community, community, community, virtual community - that's what Digital Ink claimed to be about! Yes, Digital Ink's editor had the "community" line down so pat it sounded like his personal mantra. While he was chanting it, Crypt News wasted time by imagining someone striking him cruelly about the head with a metal baton until the real truth leaked out - which it did, anyway. Digital Ink's leader let slip the true power of the on-line newspaper: the ability to glue advertising onto page one . . . the ability to bring white, fattish ruling-class bankers in on the decision-making . . . the ability to turn the operation into . . . PRODIGY! The ZIMA Web page was shown as the black-hole of advertising vacuity it is. It was a lot of point-and-click about nothing - "meta-information" or _information about information_ it's called - fiendishly designed to generate more junk from advertisers deposited in your mailbox. Although Krulwich never said it, what FRONTLINE was _really_ showing was that personal computers have provided a Jim Dandy way in which parasitic businessmen can create money from nothing by gulling yuppie consumers into being subscribers to a potentially infinite set of on-line informercials. "Irritating" was the word Krulwich used to describe the phenomenon. "High Stakes in Cyberspace" would have been 100 percent perfect if not for Howard Rheingold showing up. But the clock ran out on him and FRONTLINE editors spared viewers his soppy cliches about the virtual world. Spffffft - and the credits inexorably rolled Howard up in a merciless 30-second soundbite. FROM THE "SEE THE WORLD IN A GRAIN OF SAND" DEPARTMENT While browsing the local bookstore yesterday, Crypt ran across "Cyberpunk Handbook: The Real Cyberpunk Fakebook" by R.U. Sirius, St. Jude and Bart Nagel (Random House), writers for MONDO 2000 and other publications that Crypt Newsletter does not understand. It's a humorous - I'm pretty sure - trade paperback for the unwashed masses. It's mission: tell the proles if they're cyberpunks, how to be one, or how to fake being one. Bruce Sterling wrote the intro and somewhere in there, much to the humor desk's surprise, CuD and the Crypt Newsletter's Web sites are mentioned as k3wel places to hang. In honor of this grand event and for a short time only, Crypt Newsletter will be conducting cyberpunk lessons on how to smoke clove cigarettes, drink Japanese beer, write in~elyte~script, wear leather jackets, be sarcastic even while asleep, send the AT command to your modem, use hacked Celerity BBS software, get arrested for red-boxing, visit a "sting" board, read alt.2600, ask the password for Nowhere Man's Virus Creation Lab, get banned from Internet Relay Chat, watch "Johnny Mnemonic" and pretend to know what's going on, surf the Web and pretend to know what's going on, choose the correct hair pomade or coloring, recognize the best places to shop for rubber bondage wear or ritual scarification paraphernalia and - last - but most important, leave your credulity in the toilet. Unusual for this type of book, the authors have written it so that it's occasionally mean and cutting right around the time you begin to consider brandishing a virtual bludgeon in their direction. Did I mention it was a _very_ amusing read for 10 bucks (cheap)?? "The Real Cyberpunk Fakebook" features a photo of Eric Hughes in cyberpunk raiment on its cover, too. Right down to the duds, he's a dead ringer for Greg Strzempka, the singer for an obscure metal band named Raging Slab. It's true, by golly! The book is also loaded with photos of menacing-looking GenX'ers, cans of Jolt cola, one stuffed cat, an odd-looking leather device - perhaps used during sado-masochistic floggings, and someone with a chrome bolt through their tongue. If you are still bored, there's also a crossword puzzle or two. NATIONAL RECONNAISSANCE OFFICE SPOOKS SECRETLY SET UP SLUSH FUND In late September, the Washington Post reported that the spy satellite-flying ultra-secret National Reconnaissance Office had salted away over $1 billion in cash money left over from operating costs. In related news, it was revealed the agency had also been squirreling away unused spy satellites in its Sunnyvale, CA, facility at an estimated cost to the US taxpayer of $10-15 billion for cleanrooms and maintenance. The secret NRO fund disclosure comes about one year after the Senate Intelligence Committee discovered the agency had built a $300 million headquarters complex in Fairfax County, Virginia, without telling anyone. Locals were misinformed on the owner of the complex, believing it was a plant for Rockwell International. The $1 billion secret fund was accumulated by the NRO as a result of the agency's practice of being paid in advance for multi-year satellite programs. The fund was built from budget money diverted from agency contracts which unfolded at rates slower than planned. CIA head John Deutch launched an investigation into the $1 billion fund over the summer but found nothing wrong with the NRO's handling of cash money. A new chief financial officer, however, was put in place at the spy satellite agency. It is also quite entertaining to take a look back at the outcry which resulted from news of the NRO's new headquarters in August 1994. An especially pungent quote came from Rep. James Traficant who railed, ". . . I say we should convert that [new NRO building] to a prison and start by locking up these lying, thieving, stealing CIA nincompoops." As for the NRO secret fund, agency mouthpiece Pat Wilkerson commented to the Post that he would not comment on his organization "because the programmatic and dollar content of the NRO budget are still considered classified." CONGRESS ERODES INTELLIGENCE BUDGET SECRECY by Steven Aftergood, Secrecy & Government Bulletin 53, Federation of American Scientists, 307 Massachusetts Avenue, NE, Wash. D.C., 20002 Congress has highlighted new details of the structure of the secret intelligence budget following the disclosure that the National Reconnaissance Office had been hoarding over a billion dollars of unexpected funds. Specifically, Congressional actions have made it possible for anyone to discern where secret funding for the NRO is hidden with the Defense Dept. budget. Discovery of the NRO's extraordinary accumulation of unspent funds, first reported in the Washington Post, led Congressional appropriators to cut "more than $1 billion" from the NRO's budget (New York Times, 9/27/95). After the conference report on 1996 defense appropriations was issued on September 25 (House Report 104-261), it became possible to ask: Where in the defense budget was this "more than $1 billion taken from? The following budget cuts are conspicuous: Ш The line item called Selected Activities in the category "Other Procurement, Air Force" was funded at $4.9 billion, a reduction of approximately $500 million from the budget request. Ш The line item called Special Programs in the category "Missile Procurement, Air Force" was funded at $1.2 billion, a cut of approximately $400 million. New rescissions in previously appropriated 1995 funding of these two categories were made in the amounts of $180 million and $120 million respectively for a total of $1.2 billion in funding cuts, which corresponds neatly to the reported reductions in NRO funding. In conjunction with other sources, the following sources may be drawn: Ш Selected activities in Other Procurement, Air Force is the funding line for the CIA's portion of the NRO satellite procurement budget, as well as for the CIA itself. Ш Special Programs in Missile Procurement, Air Force is the funding line for NRO procurement of spy satellites assigned to the Air Force. Ш Other components of the massive NRO budget are hidden in the Navy budget and in the line item Classified Programs in the category "Research, Development, Test and Evaluation, Air Force" which includes the NRO's r&d budget. This line item was funded at $3.3 billion. The ease with which the NRO budget may be detected by even a casual observer makes a mockery of claims that intelligence budget secrecy is a matter of national security. Rather, it has become a convenient means of reducing public accountability. Public exposure of the budget details of individual intelligence agencies now seems increasingly necessary because Congress is so plainly incapable of performing its intelligence oversight function. Rep. Larry Combest, who ironically led the effort a week earlier on the House floor to block public disclosure of the total intelligence budget (Congressional Record, 9/13/95, p.H8833), complained to the Post that NRO officials had "fallen quite short of being open about this." Taken at face value, Rep. Combest's complaint suggests either a surprising incapacity to gain access to even the most elementary information about the NRO, or an astonishing lack of curiosity and understanding concerning NRO operations and budgeting. It is hard to comprehend the difficulty of the oversight committees in spotting the NRO's reservoir of funds, given that the continued operation of spy satellites beyond their design lifetimes and the resulting backlog of unlaunched satellites have been publicly noted by intelligence community officials for several years. It is a mystery how the "oversight" committees could have failed to realize that NRO had a substantial surplus of funds that had already been appropriated to support launches that had not yet taken place. Fundamentally, the NRO's secret accumulation of a billion dollars is much less disturbing than the fact that Congress was unaware of it for an extended period. If the designated Congressional overseers are unable to reliably keep track of where any given billion is gowing, then even a rudimentary level of accountability is impossible and the job must be taken over by others. Fortunately, the public has access to other sources of information. For example, an article in the Los Angeles Times entitled "US Launches Costly Overhaul of Spy Satellites" (9/28/95) provides background on the classified "8X" satellite program and its budget implications. TYRANNY & MUTATION: MARK LUDWIG PUBLISHES GIANT BOOKLOAD OF COMPUTER VIRUSES In 1990 Mark Ludwig published "The Little Black Book of Computer Viruses." It contained the source code for four computer viruses, one of which - Stealth Boot - has become one of the more common computer viruses infecting business and home PC's worldwide. [The virus, known as Stealth Boot C, is the same as the copy published in the second printing of "The Little Black Book of Computer Viruses."] As a result, by 1992 Ludwig (also my publisher, incidentally) was a pariah in conservative computing circles, fit predominantly for freak-flag-fly-type stories on viruses as artificial life in WIRED magazine or bad craziness and hate parties at assorted computer security conferences. In 1990 Ludwig wrote, rather accurately in retrospect, "[Stealth Boot] is _highly contagious_ . . . once it's infected several disks, it is easy to forget where it's gone. At this point, you can kiss it good-bye." Even the printing business Ludwig uses for his books was infected with Stealth Boot during production runs. The introductory parts of Ludwig's new "Giant Black Book of Computer Viruses" (American Eagle trade paperback, 700 pages) feature a tone more baldly revolutionary than his previous books. It's a pitch that resonates with many outsiders - the militias, tax resisters, Internet anarchists, true believers of New World Order conspiracy orthodoxy - convinced a big takeover by the military-industrial complex is imminent. In a segment on "military applications" of computer viruses Ludwig writes, "Putting military grade weapons in the hands of ordinary citizens is the surest way to keep tyranny at bay." We are moving toward an "Orwellian god-state" he says, and "the Orwellian state is vulnerable to attack -- and it should be attacked . . . Perhaps we have crossed the line [of this state] or perhaps we will sometime between when I [write] this and when you are reading. In such a situation, I will certainly sleep better at night knowing that I've done what I could to put the tools to fight in people's hands." Ironically, even extremist Soldier of Fortune magazine has dropped Ludwig's advertising with nary a word of explanation. For it, computer viruses are now apparently more feared than serrated truncheons, pepper spray, assault weapons and advertising for military adventurers and hit-men. Dire stuff this is, and the remainder of the "Giant Black Book" is no exception, with segments devoted to boot sector-infecting computer viruses, writing "droppers" for them - for example, the complete source code for Stoned and a diskette-infecting launcher for it; file-infecting viruses for a multiplicity of operating systems, virus stealthing; complicated, exotic encryption schemes aimed at defying anti-virus scanning; and anti-security measures designed to make clumsy or incomplete disinfection of Ludwig's viruses a task fraught with the possibility that the replicating programs will destroy the data structures on the infected machine in retribution. Portions of the book are reprints or clean-ups of articles which have appeared over the past couple of years in Ludwig's Computer Virus Developments Quarterly and its successor, Underground Technology Review, which have ceased publication. The only other books in the arena even remotely reminiscent of Ludwig's newest - beside his own stuff - is Ralf Burger's "Computer Viruses -- A High-Tech Disease," published in 1988 by a company also in the business of marketing Burger's anti-virus software. However, Burger's chapters on simple overwriting viruses and the mutilation of computer data coupled to simulation of horrible hardware problems with software - besides being simplistic and dated - lacks the weird joie de vivre Ludwig's "Giant Black Book" flashes in assembly language-illustrated tracts on choosing between formulations of sudden, unexpected data incineration or creeping file corruption - routines perhaps perfected while Ludwig was writing destructive code for a US Army group attached to NATO a couple of years ago. Those who worry about presumed virus-writing churls from the Internet getting a copy should stop right now. Real life probably won't be quite as predictable. Even though the "Giant Black Book" is genuinely menacing-looking, for the truth to be told experience suggests most would-be and practicing virus-writers are either too penniless to purchase it, too oblivious to everything but their own transient concerns to read it carefully enough so it really hurts, or too bitterly envious of Ludwig for making a living selling viruses which they've been unable to trade for even a bag of chipped wampum, to make much of the virus code and tutorials which constitute the backbone of the book. History also indicates that it's not a big jump to see that as with "The Little Black Book," one or two of the "Giant Black Book's" Ludwig viruses could wind up in circulation on national computers within two to three years, resulting in an indeterminate amount of garment rending, trashed data and lost money, blood on the floors of information systems departments, insane shouting, and kill crazy editorializing in computer security publications, none of which will have any impact on the perverse reality of the world of computer viruses. There's a part near the end of the "Giant Black Book," written with an X-file-ish sci-fi whiff of looming future techno-anarchy. Those comfortable with the reading material found in comic books devoted to the current fascination with cyberpunk, computer network dystopia, mysterious helicopter flights over the hinterlands, and rental vans packed with bags of fuel oil-soaked ammonium nitrate will be pleased. As for the bottom line on "The Giant Black Book of Computer Viruses": Like all Ludwig's books, it's a distinctly unusual acquired taste requiring a small but significant amount of technical acumen to crack. But it also tends to be as interesting a read as you'll find if you're one with the stones for it. "The Giant Black Book of Technological Booby Traps, er, Computer Viruses" -- $39.95 cash money from American Eagle, Show Low, Arizona. (ISBN 0-929408-10-1) Additional notes: A recent Computer underground Digest tabbed Jean Bernard Condat, president of the French chapter of the Chaos Computer Club, as a hireling of a French secret government agency, the Direction de la Surveillance du Territoire. Indeed, he appeared to be its puppet, blackmailed into service when fingered for a petty crime as a student in Lyons. According to the report in CuD, he provided reports and acted as an agency beard while posing as the most famous French hacker. Condat claimed to have broken away from the agency in 1991 but the excerpt in Computer underground Digest implies the facts are fuzzy in this area. In 1992, Condat translated "The Little Black Book of Computer Viruses" for Ludwig and agented it to French publishers. Turned down by Idalis, one of the largest French publishing firms, reportedly over qualms with the translation, the book was eventually optioned by Addison-Wesley France. The publication of it in France in 1993 as "Naissance d'un virus" resulted in a civil suit. Ludwig dropped Condat as an agent about a year later for reasons apparently having to do with reliability, according to the American Eagle publisher. NET-BABBLERS INEXHAUSTIBLE PREPARE INSTITUTIONS FOR OVERTHROW -or- ELECTRO-PAMPHLETEERS FOR NATIONAL VANGUARD LAUNCH OCTOBER OFFENSIVE A spam a day keeps the delete key in play. It's something everyone seems to forget when dealing with mail-bombs, particularly when they're selling conspiracy theory like one that declared dead cultural anthropologist Franz Boas the root of all world evil in early October. Yes, the same Franz Boas who wrote famous books on the Indians of the Northwest. Skipping the hare-brained discussion for the sake of sanity, the anti-Franz Boas essay arrived on e-mail doorsteps and Usenet news packaged as annoyance electronic mail. It triggered the usual outrage - pissed-off Netizens shaking their cyberfists in hackneyed fury, promising unspecified retribution: perhaps nasty phone calls and retaliatory nuisance spam -- all aimed at National Vanguard/National Alliance, a Hillsboro, West Virginia, publisher responsible for the best-selling piece of race-hate conspiracy science-fiction, "The Turner Diaries." Consider the nature of National Vanguard, a publisher that advertises in the back of "The Turner Diaries" for a comic book called "New World Order Comix." Fifteen to eighteen-year olds, says the advertising, can read the NatVan funnies to "understand the nature of the evil forces which have deliberately wrecked their schools . . . by organizing to oppose the enemies of their race and civilization." A few pages earlier is the blurb for another book, "Serpent's Walk," that promises the "Good guys" -- Hitler's SS -- finally win after going underground and continuing the fight for a century. Are you left with impression that the anger of spammed Netizens might just roll off the back of the National Vanguard, already certified as a social leper for about two decades? If not, revisit for a moment the history of "The Turner Diaries." First published in 1978 by author William Pierce after being serialized in his magazine, National Vanguard, "The Turner Diaries" has sold approximately 200,000 copies without really being in any bookstores to speak of. The National Alliance spam is mildly reminiscent of the strategy Piece used with Soldier of Fortune magazine's subscription list in 1981. Pierce purchased SOF's mailing list and subsequently sent a National Alliance/National Vanguard catalog to the magazine's subscribers. Some readers of SOF complained vigorously and the magazine apologized to its readers, promising to more carefully screen those wishing to purchase its subscriber base. "The Turner Diaries" is an escalatingly violent book, apocalyptic and brutal in its imagery of a white supremacist underground fighting a total war against the US government. It's told primarily from the point of view of one of the minor lights of the white supremacist underground, one "Earl Turner," who takes part in a number of the book's key battles. In "Turner," guns are outlawed by the hated US government with "the Cohen act." Soon after, Earl Turner and a cell of guerillas demolish FBI headquarters in Washington, D.C., with a rented truck filled with fertilizer/foil oil explosives. The aim: to smash a super-computer and database designed to keep track of US citizens. The "freedom fighters" declare war on the government, blacks, Asians, Latinos, those who fornicate with them and liberal journalists. In scenes straight out of Nazi Germany, those in the ruling overclass arrayed against the insurrectionists are rounded up and hung en masse - made to wear placards proclaiming "I defiled my race." There are scenes of torture, sodomy by metal rod, numerous shootings and savage beatings. Israel, Russian and US cities are destroyed by nuclear warheads. The Pentagon is leveled by Earl Turner who flies an atomic bomb into it while on a kamikaze mission -- his final initiation into the book's holiest of holies, The Order. China is rendered uninhabitable by biological weapons. Turner's white supremacists impose a new "empire" upon the world. Pierce put a reading list of required material for white supremacists in one of his National Alliance catalogs. In it, Pierce claimed, "[Turner] will be too strong a dish for any reader who has not thoroughly prepared himself for it," according to "Warrior Dreams" author and academic James Gibson. Despite its repellent nature, many took "The Turner Diaries" very seriously. In 1983, the Bruder Schweigen, or Order, were one heavily armed, well-organized outlaw group of white supremacists inspired by it. The Order held up banks and armored cars to raise money - almost $4 million - for their revolution and modeled it on the struggle portrayed in "The Turner Diaries." Order member Bruce Pierce murdered Alan Berg, a Denver talk radio host, by submachine-gun fire and was eventually caught, convicted and sentenced to 200 years to life in prison. Berg fit the Order's interpretation of "Turner Diaries'" definition of a liberal Jewish journalist. In 1984, the FBI, writes author Gibson, "closed in on the Order's island hideout [in Puget Sound, Washington] . . . Several members of the Order surrendered; [Bruce] Matthews, [their leader], refused." The FBI set the hideout on fire with magnesium flares and a grenade launcher, an exploding weapons cache widened the blaze and Matthews died in the conflagration. His body was recovered later, a gold Order medallion charred into his chest [page 250]. Laurence Canter and Martha Siegel created a cottage industry early this year when they hit stores with "How to Make a Fortune on the Information Superhighway," a book on the "legitimate" business uses of ruthless scattershot e-mail advertising. Having reportedly sold 47,000 copies as a hard cover for one of the major publishers, it was only a matter of time until businesses or groups like National Alliance, those which could hardly be expected to even faintly mind the collective ire of 'Net administrators, began to act on it. AUTHOR DINTY MOORE'S HANDBOOK FOR CLOSET INTERNET CURMUDGEONS "The Emperor's Virtual Clothes: The Naked Truth About Internet Culture" (Algonquin Books of Chapel Hill, $17.95) is a bird of a different feather: an Internet cynic's handbook written in a happy, frothy tone - presumably because it's author seems to be a pretty pleasent prof in residence at Penn State University. Packaged by Algonquin so it's somewhat reminiscent of Jon Winokur's "Closet Curmudgeon" books, "Emperor's Clothes" is its author's anecdotal view of on-line culture. In it Moore covers all the popular 'Net issues and controversies: privacy, sex, the nature of obsession and creeping Toffler-ism. Never so mean as Crypt Newsletter, "Emperor's Clothes" nevertheless drives home its skeptic's point of view well, even invoking Thoreau as a comical muse from time to time. One of my favorite parts was Moore's description of one 'Net fanatical collegian seemingly lacking even the wit of a pig's bladder on a stick. The subject has become so encrusted with the trivia of networked existence he can't break away from on-line games and chat. His grades are shit; what's left of his mind is oozing from his ears. The poor sod has forfeited his personality to a $1000 plastic and glass box! However, you can bet there's always time for one more round in the multi-user dungeon role-playing game. For those who enjoy their prose sardonic, "The Emperor's Virtual Clothes" is cool. THE SOLOMON ANTI-VIRUS TOOLKIT: THE EVOLUTION OF SCANNING SOFTWARE Back in 1993 in an article for Crypt Newsletter #9 called "Take the Prodigy challenge with the Dr. Solomon Anti-virus Toolkit," I did a run through of this British program, then distributed by On-Track Data Recovery in the U.S. PRODIGY's marketing of the Dr. Solomon Toolkit was uniquely absurd, so weird I've never seen it repeated anywhere else. The Sears-Roebuck administered "personal information service" for yuppies hyped the software offer which, on the surface, appeared quite attractive. It offered a special data integrity and recovery package which was essentially a broken up grab-bag of software utilities looted from other commercial products. In toto it consisted of the Solomon Toolkit's FindVirus anti-virus scanner, an "unerase" program designed to allow buyers to easily recover recently scotched files and a rudimentary set of hard disk maintenance programs. This was a vile deal aimed squarely at suckers since the current version of DOS had already shipped with programs that covered almost everything included in the package except for Solomon's FindVirus. However, Prodigy did offer the Solomon Anti-virus Toolkit for $39. The catch was it came sans manual. Of course, you could also buy the manual, thereby bringing the total price up to $99, about what you would paid for the Toolkit straight from On-Track. The logic behind the marketing hook seemed to be the thinking that consumers would jump at the apparent _reduced_ price of the Toolkit, order it and find that once they had it, it didn't make sense without the manual. Of course, then the manual would be purchased anyway. In 1995, Alan Solomon (S&S International) is no longer dependent on this kind of "help" to merchandise his product in the U.S. The company has moved aggressively into the national market and opened offices in Mission Viejo, California, and Burlington, Massachusetts. However, the core of his Toolkit's virus control strategy remains the same: effective use of the FindVirus anti-virus scanner and Guard, a memory resident utility which acts as a sentry armed with a sub-set of FindVirus's capability. FindVirus operates on a philosophy of rigorous detection and identification of computer virus infection. Briefly, one can explain it thus: The FindVirus scanner has an entry for the "Mr.X" virus in its virus information database. According to the entry for the "Mr.X" virus, FindVirus knows the virus infects .COMfiles and that infected files begin with a jump command that points to the end of program where the virus has added its code to the parasitized file. FindVirus looks for a string of bytes uniquely chosen from the "Mr.X." virus and if it finds such a string - or perhaps matches a calculation based upon the string - checks for the true virus identity by performing another calculation on the expected volume of the virus, say, from the beginning of its control point to the end of the viral code. If the calculation corresponds to the value FindVirus holds in its database for this particular virus and every other check mentioned is valid, a live copy of the "Mr.X" virus has been found in the file. Using this method, FindVirus can only rarely be tricked into inappropriately identifying viruses. This means its rate of false alarming on programs and data contained within the average computer is vanishingly small. The 1993 version of FindVirus was just as fussy about virus identification. However, when it came to repairing virus-infected programs, the Toolkit's on-line help recommended replacing the infected file from distribution disks because while it was possible "to remove the fly from the ointment," most users preferred a "new jar of ointment." This is gone from Toolkit 1995. Since FindVirus's mechanism of detection is dependent upon exacting identification of computer viruses, there is little point in shrinking from using the program to cut viruses from infected programs. Stated another way, FindVirus will simply refuse to disinfect viruses it cannot identify exactly. This seems like an obvious point until you realize that many, many anti-virus programs don't supply this rigor, and can be happily demonstrated ruining infected programs when asked to remove viruses - if they can remove them at all - for which they only have an approximate diagnosis. Such a result would be catastrophic if practiced on a heavily infected network. The flip side of the coin is that a program like FindVirus, with the records of approximately 7000 computer viruses in its database, can be expected to perform rapid and precise disinfection in such a situation. Going beyond exact identification of rudimentary viruses, FindVirus has been optimized for polymorphic detection. According to the Toolkit's on-line help and Alan Solomon's books, the current engine driving FindVirus got its start when Nowhere Man's NuKE Encryption Device landed on his desk embedded in the ITSHARD virus. Blocked by the complexity of the code garbling generated by it, Alan Solomon started development on a fix for FindVirus that would enable it to unwind Nowhere Man's encryptor reliably as well as universally covering all similar types of polymorphic encryption. Generally, this could be approached by writing software which simulates the code in a suspect program. One could start by inspecting a stretch of code thought to be part of a virus and responsible for its self-decryption (which a polymorphically encrypted virus must have) by checking if the code appears to sequentially walk through a chunk of the suspected virus, modify it and write it back in unencrypted form. Such an anti-virus scanner could load a suspect file into a buffer, set up a bunch of registers in memory and start inspecting. It would update the simulating registers according to the action dictated by the instructions found in the scanned code. However FindVirus was to do this, the idea was to apply an engine which would drive the decryption employed by just about any type of virus. Once perfected, then the same rules FindVirus uses to detect and disinfect simple viruses can be brought into play to identify and disinfect any virus underlaying various layers of disguising encryption. Alan Solomon incorporated just such a technological innovation into FindVirus and the program won a Queen's Award for Excellence as a result of it. Anyway, however FindVirus does this, it seems to work rather well. In a quick and dirty test we generated 200 samples each of a handful of encrypted viruses: Oi Dudley, Mutation Engine Insuff and Encroacher from the old Crypt Newsletter, SMEG v.03, and Virogen using the Vice encryptor. FindVirus hit almost all, missing only 3 percent of the Virogen Vice samples. It precisely identified the one-in-every-ten unencrypted copies of Encroacher generated by a buggy version of the Mutation Engine and the original Encroacher virus seed file, or dropper, a feature useful in computer forensic work. Oddly, it identified all Mutation Engine Insuff samples as "like" Mutation Engine viruses. It also successfully disinfected all detected infections except for Mutation Engine Insuff, which can only be deleted or renamed. FindVirus renamed them which is an adequate solution. A competing program, Dr. Web, was used as a simple barometer. Web detected all Mutation Engine Encroacher samples, for example, but promptly destroyed every program upon disinfection. The final S&S selling point for FindVirus, implemented just recently, is "heuristic" virus detection, or detection based upon the looking for code that does things viruses are expected to do. Although not a new feature in anti-virus land, it's new for FindVirus which delivers the capability _only_ if called for specifically by command-line switch. So, while FindVirus missed 3 percent of the Virogen Vice infections, it's "heuristic" ANALYZE switch, coupled with the program's virus decryption engine, uncovered every one of the misses with a generic "like a virus" warning message. The catch is the user must have the wit to use it in potentially hot situations. With the ANALYZE feature enabled, FindVirus - like any "heuristic" detector - can generate, or be compelled to generate, false alarms. The memory resident VirusGuard portion of the Solomon Toolkit intercepted most, but not all of the encrypted viruses. It missed Mutation Engine and SMEG samples, but was successful at intercepting Oi Dudley and Virogen Vice specimens. The Solomon Anti-virus Toolkit creates the usual anti-virus industry standard rescue disk capable of jump-starting a dead dog hard disk but no longer carries along a copy of FindVirus as it did a couple years ago. The documentation concedes that the steady rain of increasing computer virus strains has inflated the size of the program, making this impractical. Instead, it recommends use of the copy of FindVirus on the original diskettes when treating a badly contaminated or damaged system. The Anti-virus Toolkit comes with a manual and an interesting Virus Encyclopedia which contains entries for a large number of viruses S&S International has thoroughly dissected. Oddly, the index page numbers for the viruses described in this edition were listed as variant numbers of pages _beyond_ the actual entries in the encyclopedia. For example, the data on Micropox virus was listed at page 247 but actually resided on page 239; the data for FLIP listed as 108 when it was on 105, the entry for Natas virus as 163, but actually on page 158. Initially, this led me to suspect I was a victim of creeping mental illness. [Hmmmm. Could be evidence of Index.Fiddler. Just a little inside computer virus humor!] The Toolkit also contains a number of other programs including a file integrity checker, disk and file examination programs, and a couple of certification programs which augment the use of FindVirus and Guard in virus control and additionally supply an easily administered measure of access control to a secured machine's files and diskettes. The Solomon Toolkit's use of technology in precise virus identification and removal are features that serve it well. It is these same features, seamlessly incorporated into the software, which are difficult for magazines to explain adequately to potential consumers. It is a paradox that they are the same features which set the Toolkit apart from and above elegant-looking, power-marketed turds like Symantec's Norton Anti-virus. S&S International USA: 17 New England Executive Park, Burlington, MA, 01803 ph: 1-617-273-7400. FROM THE "YOU CAN'T POLISH A TURD BUT THAT WON'T STOP 'EM FROM TRYING" DEPARTMENT Alert reader David Kennedy passed along this latest bit of consumer news, courtesy of the institutional machine at Symantec. Apparently, Philistines in charge of marketing and disinformation at the Norton Anti-virus issued a statement of unique interest to Crypt Newsletter readers. Symantec, it claims, has opened an "Anti-Virus [telephone] HotLine." "This _revolutionary_ [emphasis added] new service will place live anti-virus technicians at your finger tips to quickly and efficiently help you resolve those burdensome live virus infection situations, no matter what product you are using to detect the virus," it reads. "To help you in your fight against virus infections Symantec is proud to introduce the industry's _first_ [emphasis added] dedicated anti-virus hotline." This was inspirational and in the spirit of the free flow of information, Crypt Newsletter announces it has opened an Anti-Symantec telephone HotLine. This revolutionary new service will place live editors at your fingertips to quickly and efficiently help you resolve those burdensome confusions that arise from reading Symantec corporate babble and then spending too much cash money on software products like the Norton Anti-virus. As a bonus, the Crypt Newsletter Anti-Symantec HotLine releases the following: Peter Norton, the guy whom the Norton Anti-virus is named after, once claimed computer viruses were urban legends! Symantec's Anti-Virus HotLine is not the first anti-virus help line. (Big surprise!) Why, just this summer Crypt saw the National Computer Security Association advertising one in its company magazine. Peter Tippett, who recently worked for Symantec, had his photo on its cover, too. It's true! Much of the development staff that went into programming and "perfecting" the Norton Anti-virus left the company this year for the competition! Oh no! They won't be around to answer telephones. It's true! For example, Martin Fallenstedt, Dave Perry and Jimmy Kuo went to McAfee Associates. Therese Padilla went to Command Software (F-Prot). (Crypt knows this is true because Crypt spoke with her recently.) Peter Tippett is now affiliated with the National Computer Security Association. The NCSA magazine says he's its "President." Joe Wells, another Norton Anti-virus developer, went to IBM. Joe Wells even mentioned on Compuserve this summer that "there [were] several other people," who also went from Symantec to McAfee Associates. "When I visited them early this month, I suggested the company name be changed from McAfee to McMantec," said Joe. Haha! Joe made a joke of it! What a funny guy! John McAfee, when in an ebullient mood, also used to speak of having a McAfee Associates special team drive around in a mobile home to supply emergency service to companies laid low by computer virus! McAfee Associates has telephones, too. It's true! ["The Virus Creation Labs," page 11.] QUESTIONS: COMPUTER VIRUS LIABILITY [In January 1995, the US Bureau of Public Debt's Security Branch and its legal department debated the issue of unintentional distribution of computer viruses and the legal liability of institutions found to have passed contaminated software or diskettes. The discussions were published in the US Bureau of Public Debt's Information Systems Security Monitor newsletter and credited to Kim Clancy (Security Branch), Jim Kramer-Wilt (Legal) and Lisa Martin (Legal). It is reprinted here with permission.] Security Branch: "What, if any, boilerplate language exists that we could put in contracts that would protect us if we received disks that were infected with a virus? What are [others] doing? Legal: "At present, Public Debt is not using any special language in . . . contracts. The present warranty clause does not protect us from consequential damages. Procurement uses a general clause unless the Contracting Officer determines that a greater level of protection is necessary. We could insist that a clause be inserted that the contractor has screened the software for any known viruses. This, of course, would not protect us from unknown viruses. It appears that we should be making the screen ourselves, rather than relying upon the contractor. I would assume that such screens are being made." Security Branch: "In the area of Interagency agreements - what is our liability if, for example, we would send [someone] a diskette with a virus? Is exempting language available? Would it be effective, such as in contracts with these [others]?" Legal: "Contracts between government agencies follow the general outline of the first question above. Government agencies are pretty much self-insured for such damages. Any diskettes sent to other agencies should carry the following disclaimer: WE HAVE SCANNED THIS DISKETTE FOR VIRUSES USING . NONE OF THE DISKETTES HAVE ANY VIRUSES ACCORDING TO OUR USE OF THESE PROGRAMS. HOWEVER, BE AWARE THAT THERE MAY BE VIRUSES OR OTHER DANGEROUS PROGRAMS THAT HAVE ESCAPED DETECTION. WE DO NOT WARRANT OR REPRESENT THAT ANY OF THE DISKETTES ARE ABSOLUTELY FREE OF VIRUSES, TROJAN HORSES, WORMS, TIME BOMBS OR ANY OTHER TYPE OF DANGEROUS COMPUTER PROGRAM. YOU SHOULD PERFORM YOUR OWN TESTING TO ASSURE THAT THE FILES YOU DOWNLOAD ARE TRULY FREE OF VIRUSES OR OTHER DANGEROUS PROGRAMS. This disclaimer could be in the form of a pre-printed sticker that is affixed to the diskette package." Security Branch: "What should we do if we get a diskette with a virus from another company? Should we contact the vendor? Are there any repercussions if we do contact the vendor?" Legal: "You should contact the vendor and inform them of your finding. Whatever action they choose to take is up to them. I believe that there is a duty to contact the vendor and there should be no legal repercussions. We also feel that you should pass along your findings to Main Treasury, e.g. 'I scanned the diskette with a certain virus checker and found this virus,' thereby making no statement as to how the virus got on the diskette. In other words, only reporting exactly what you observed." PART II: LIABILITY FOR VIRUSES, A NEGLIGENCE STANDARD . . . Tort and civil liability is rarely discussed in the context of [computer] viruses since there is a growing body of criminal law regulating the introduction of them into a system. The introduction of viruses _may_ allow an injured plaintiff relief under the tort theories of conversion, trespass and tortious interference with contractual relations. Tort liability has been an issue of concern to the managers of computer systems and networks. The failure of managers to safeguard their systems may lead to recovery in tort by injured third parties. One suggestion has been to impose strict legal liability on the producers and vendors of computer systems, services, networks and software, requiring adequate safeguards and barriers to be placed to avoid unauthorized invasions, and to carry adequate insurance should an invasion occur. This standard may be too demanding since even the best boundaries of technological protection have proved to be penetrable. A system's need for the existence of trap doors for programming and debugging will also be troublesome for managers should a strict liability standard be implemented. Negligence may be a viable alternative standard should strict liability be too harsh. A manager's duty to the system would entail the reasonably prudent selection, implementation and maintenance of the security provisions of the system. Application of negligence principles to the manager would require her to use reasonable care to secure the system when it is foreseeable that failure to secure it would result in injury to foreseeable plaintiffs. A test similar to the one created by Judge Learned Hand in United States v. Carroll Towing may be a viable standard in this instance. Since there are times when every computer system may be infected by a virus, the manager's duty should be a function of three variables, paraphrased from Judge Hand's decision in Carroll Towing: 1) the probability of invasion by a virus; 2) the gravity of the resulting injury; and 3) the burden of adequate precautions. The application of this test may provide a flexible and workable alternative approach to manager's liability for the failure to protect the computer system from viruses. Suggestions for reasonable protection: 1) Limiting computer access by terminated employees, particularly those who have been subjected to disciplinary action; 2) Requiring a showing of need before allowing any employee to access system software on multiuser systems; 3) Requiring staff to devote greater attention to monitoring the use of computer systems and to checking for evidence of unusual or suspicious activity. Staff with responsibility for computer systems should be centrally involved in analyzing these or other protective policies, and should be given necessary resources to carry out these functions. _Establishment of Operational Safeguards_ In addition to establishing access restrictions, a number of steps might be taken to reduce the risks of harm from a computer virus: 1) Installing software programs that keep watch for computer viruses; 2) Testing software [and storage media] for presence of computer viruses; 3) Initially installing new software, particularly those of uncertain origin on an isolated computer system; 4) Immediately investigating unexplained or suspicious activity, including unauthorized attempts to . . . alter files 5) Immediately removing from computers any software that exhibits symptoms of possible virus infection; 6) Establishing backup policies designed to assure that clean copies of uninfected application programs remain available for a reasonable time; 7) Requiring the grandfathered rotation of backup copies, stored off-site; 8) Conducting periodic security audits to determine whether reasonable steps have been taken to assess and counter any particular virus threat. LETTERS: READER WONDERS ABOUT CRYPT BY FTP, WELFARE OF SECURITY BRANCH'S KIM CLANCY; UTR AND MORE AMUSING BUSINESS AT NORMAN DATA Dear Crypt: A few months ago, I asked about early issues of Crypt Newsletter. You said you weren't aware if they were generally available by anonymous ftp through the Internet. My recent travels took me to an anonymous ftp site - ftp.fc.net - which has a complete set of the newsletters under the directory: pub/deadkat/virus/CryPt. I'm letting you know for informational purposes. You must get requests for these issues quite often. I also read your book and found it entertaining as well as informative. One thing I would find interesting - perhaps in a future issue - is a follow-up story on Kim Clancy and the bulletin board system she ran that came under criticism. ---Tom Corrigan [Crypt responds: Thanks for the tips. Crypt Newsletter gets many requests for back issues by anonymous ftp and most of them go unanswered. There are a number of Web pages and Internet sites with accounts offering Crypt News but they're not listed because of the frangible nature of so many Internet sites. In 1992 Crypt Newsletter was distributed by bulletin board system and I got into the habit of posting telephone numbers in the credits section of the magazine. However, the numbers were ephemeral, always changing, and it became pointless to maintain a list. Today, however - for one time only (or until the topic comes up again), two spots which offer links to Crypt News are: http://www.xcitement.com/virus http://www.io.org/~ronl Both are clean-looking pages, utterly lacking in pictures of floral arrangements, furniture, pets, soiled underwear, obscure rock groups, rubber fetishists or the vain gimmickry and pitiless infomercialism common to the more garish spots on the Web. These pages exist to publicize a wide variety of computer virus binary images and source code. Along with similar spots, the sites infrequently become topics of discussion in the Usenet's alt.comp.virus newsgroup. If you are inexperienced in the area or someone new to the Crypt Newsletter, keep in mind that Internet sites with computer viruses on-line for FTP or World Wide Web access can sully your image and reputation if you let slip you fancy them while in conservative company. By nature they're controversial, which is understating the issue somewhat. Also, you can't - can't - can't - be infected with computer viruses by viewing Web pages or ftp directories filled with them. However, it's possible to become an embarrassment to yourself and many loved ones if you download computer viruses from the Internet and deliver them into the hands of incompetents, yourself included. It's also not impossible to imagine a poor unfortunate scruff so bereft of good sense and self-control he runs afoul of the law and becomes the object of a criminal investigation as a result of an interest in computer viruses. [Nota bene: Crypt Newsletter 32 and 33, "Blewed, screwed and tattoo'd, parts one and two: The sorry tale of an English virus writer strung up in the Crown Court."] There's a subtext embedded in the preceding discussion but Crypt News thinks that, frankly, most of it is lost on the average readership. As for Kim Clancy, is working for Security Branch of the US Bureau of Public Debt in Parkersburg, West Virginia. She comments she will be leaving the department at the end of this month. Clancy also hosts the Security RoundTable discussion group on Mindvox in New York City. Congressman (Dem.) Ed Markey, the political nuisance who became tangentially involved in the AIS scandal, fell on hard times in 1994 when the Republicans rode into town and knocked the Democrats from power. Markey is now farther from the limelight on information technology affairs and has had a difficult time living up to the sobriquet Washingtonian magazine awarded him in 1988: "No. 1 Camera Hog in Congress." Remember, it was just in an August 1993 issue of the Los Angeles Times that Telecommunications and Finance subcommittee Markey-underling Rep. (Dem.) W. J. Tauzin of Louisiana was claiming "Ed . . . has arrived" and courtier for the entertainment industry and Motion Picture Association of America president Jack Valenti burbled "[Markey is presiding] over a sea change in the way we communicate." Anyway, Markey - or more likely a staff flunky ghost-writer - has recently written on atomic bomb technology transfer in "Nuclear Peril: the Politics of Proliferation." He's also been involved in hassling the State Department over French overflights of the US by air transports carrying fissionables for use in the controversial Pacific test shots. Markey is also working to clean up children's television programming and involving himself in the Congressional debate and legislation over obscenity and the Internet. Come to think of it, Crypt Newsletter believes this is more useful work than any amount of fiddling with the Internet, BBSes, computer crime or computer viruses.] Dear Crypt: How do I get the Underground Technology Review? I am interested in making pepper spray and computer viruses. ---Name of young reader withheld for his own benefit [Crypt responds: Underground Technology Review is no more. UTR editor Mark Ludwig recently confided that a Norman Data Defense employee (name withheld to protect job security) called him trying to secure, scrounge - actually, a complimentary subscription to the publication. Sadly, for Norman Data, UTR is now discontinued. As for pepper spray, it's not effective against computer viruses.] Dear Crypt: Hi! I am from Cyprus. I want to know if you have the latest version of Virus Creation Laboratory. I have the 1992 version and I want an upgrade. Or, if you have another virus creation programme, please inform me. ---Name of young reader withheld for his own benefit [Crypt responds: Does this mean you're still deviling the Turks on the other side of the island?] CRYPT HYPERBASE If you're reading this you don't have it. Crypt #34 was also published as a hypertext/xText reader. It adds hyperlinked cross indices and a linked glossary, as well as greatly expanded discussion of topics covered in this edition. The hypertext editions provide a convenient way to order your library of Crypt Newsletters. With the reader, it is only necessary to copy the Newsletter database issues - the files with names like CRYPTxx.XDB - into the same directory as the reader and go. The reader will provide a pick list of the collected issues and link through them as they are displayed and read. CRYPT NEWSLETTER HYPERTEXT DATABASE The CRYPT NEWSLETTER database is now available as a hypertext tool. We've collected all the Crypt Newsletters from the magazine's initial publication in 1992 to the present and reworked them into a linked, keyworded, annotated hypertext database. The database contains not only the best of Crypt Newsletter but also a great deal of additional material and notes never published before. Where appropriate, additions have also been made to old issues and articles to provide current perspective and background. The database also contains a keyworded glossary and extensive subject index spanning the length and breadth of the newsletter. In the database you'll find comprehensive stories and news on: Ш the computer virus underground and virus-writers Ш the anti-virus industry Ш on-line culture and sociology Ш the secret government within the military industrial complex Ш anti-virus software reviews Ш book reviews of current titles in security Ш annals of computer crime & computer virus spread Ш discussion of legal issues with regard to computer viruses and related computer crime Ш review of the mainstream media: the shams and scams reported as real news. Take a clear-eyed, skeptic's look at the information highway! And there's much more, all delivered in the acerbic, to-the-point style used by the Crypt Newsletter. The Crypt Newsletter database is also extensible. Future hypertext issues can easily be copied to the database's directory on your home computer and be seamlessly integrated into the collection. The Crypt Newsletter hypertext database can be purchased for $60, plus $1.50 shipping and handling. Overseas customers add $6.50 for shipping and handling. Checks or money orders should be made payable to: George Smith, Editor Send to: Crypt Newsletter 1635 Wagner St. Pasadena, CA 91106 USA Remember to include your current mailing address with purchase. REACHING CRYPT NEWSLETTER Send software, books, or public-relations phlogiston for review and consideration to: Crypt Newsletter 1635 Wagner St. Pasadena, CA 91106 Alternatively: public relations phlogiston may be e-mailed: crypt@sun.soci.niu.edu or 70743.1711@compuserve.com Phones: 818-568-1748 CRYPT ON COMPUSERVE Those readers with accounts on Compuserve can now take part in the dedicated Crypt Newsletter message base and attached file library in the National Computer Security Association special interest group. GO NCSAFORUM and look for message base #20, Crypt Newsletter. Current issues are on-line in the attached file library. CRYPT NEWSLETTER WORLD WIDE WEB HOME PAGE You can visit Crypt & The Virus Creation Labs on the World Wide Web, download back issues and sample a chapter from VCL! Set your graphical browser (Mosaic, Netscape, etc.) to: URL: http://www.soci.niu.edu/~crypt ACKNOWLEDGEMENTS - In one way or another, this issue couldn't be the scintillating read it is without: Bob Casas, Ph.D., of CPC Ltd.(COMSEC), Glenview, Illinois, for hypertext & hyperlinks prodding; Roger Thompson of Thompson Network Software, Marietta, Georgia, for sundries; Steven Aftergood of the Federation of American Scientists, Washington, D.C., for keeping Urnst, the cat, in good reading material with those timely FAS reports; Dave Kennedy of NCSA for consumer alerts. ---------------------------------------------------------------- If you quite enjoy the Crypt Newsletter, editor George Smith's book, The Virus Creation Labs: A Journey Into the Underground," will really flip your wig. In it Smith unravels the intrigue behind virus writers and their scourges, the anti-virus software developers and security consultants on the information highway. What readers are saying about THE VIRUS CREATION LABS: "[VIRUS CREATION LABS] is informative and stunningly incisive . . . " ---Secure Computing, October 1995 "George Smith . . . takes a look at the world of virus writers and anti-virus software vendors in a style similar to that of 'Cyberpunks' -- anecdotal, humorous and revealing . . . a lucid and entertaining read." ---Computer Security Journal "Heavens - I don't think I've had as hysterically funny a read in MONTHS! The politics of the anti-virus field is at least as back-biting and insane as the virus writing field, if not more. You really probably have no idea exactly how 'corrupt, corroded and tangled' the anti-virus field really was . . . *chuckle* . . . Anyhow, I just thought I'd write to you to express my appreciation, as an ex-member of that 'long chain of cheats, hypocrites and fools' for a hysterically funny look into the 'underground' that produced the code we had so much fun - and really we DID, especially in the early days - reverse engineering and countering." ---an ex-McAfee Associates employee "There are relatively few books on the 'computer underground' that provide richly descriptive commentary and analysis of personalities and culture that simultaneously grab the reader with entertaining prose. Among the classics are Cliff Stoll's 'The Cuckoo's Egg,' Katie Hafner and John Markoff's 'Cyberpunk,' and Bruce Sterling's 'The Hacker Crackdown.' Add George Smith's 'The Virus Creation Labs' to the list . . . 'Virus Creation Labs' is about viruses as M*A*S*H is about war!" ---Jim Thomas, Computer underground Digest 7.18, March 5, 1995 "THE VIRUS CREATION LABS dives into the hoopla of the Michelangelo media blitz and moves on to become an engaging, articulate, wildly angry diatribe on the world of computer virus writers . . . Expert reporting." ----McClatchy NewsWire -------------------------order form------------------------- Yes, I want my wig flipped and wish to receive a copy of George Smith's "The Virus Creation Labs: A Journey Into the Underground" (American Eagle, ISBN 0-929408-09-8). Price: $12.95/copy plus $2.50 shipping per book (add $7.50 overseas) NAME: _____________________________________________ ADDRESS: __________________________________________ CITY/STATE/ZIP: __________________________________ Payment method: ___ Master Charge ___ Money Order ___ Check ___ Visa Credit Card # ___________________________________________ Expiration date _________________________________________ Name: ____________________________ Orders can be taken by voice or fax through regular phone number and/or 1-800 number in USA. COD welcome. American Eagle: 1-800-719-4957 1-602-367-1621 POB 1507 Show Low, AZ 85901 ------------------------------------------------------------- George Smith, Ph.D., edits the Crypt Newsletter. Media critic Andy Lopez lives in Columbia, SC. copyright 1995 Crypt Newsletter. All rights reserved.