FidoNews · Vol 5, No 19 · 9 May 1988
Volume 5, Number 19 9 May 1988
+---------------------------------------------------------------+
| _ |
| / \ |
| /|oo \ |
| - FidoNews - (_| /_) |
| _`@/_ \ _ |
| International | | \ \\ |
| FidoNet Association | (*) | \ )) |
| Newsletter ______ |__U__| / \// |
| / FIDO \ _//|| _\ / |
| (________) (_/(_|(____/ |
| (jm) |
+---------------------------------------------------------------+
Editor in Chief Dale Lovell
Editor Emeritus: Thom Henderson
Chief Procrastinator Emeritus: Tom Jennings
Contributing Editors: Al Arango
FidoNews is published weekly by the International FidoNet
Association as its official newsletter. You are encouraged to
submit articles for publication in FidoNews. Article submission
standards are contained in the file ARTSPEC.DOC, available from
node 1:1/1.
Copyright 1988 by the International FidoNet Association. All
rights reserved. Duplication and/or distribution permitted for
noncommercial purposes only. For use in other circumstances,
please contact IFNA at (314) 576-4067. IFNA may also be contacted
at PO Box 41143, St. Louis, MO 63141.
Fido and FidoNet are registered trademarks of Tom Jennings of
Fido Software, 164 Shipley Avenue, San Francisco, CA 94107 and
are used with permission.
The contents of the articles contained here are not our
responsibility, nor do we necessarily agree with them.
Everything here is subject to debate. We publish EVERYTHING
received.
Table of Contents
1. ARTICLES ................................................. 1
Four Unusual Echos ....................................... 1
Our turn? How Hackers hacked away at Opus in Hong Kong ... 3
Your IFNA Working for You ................................ 5
Etiquette and Protocols -- SEAlink vs Zmodem ............. 8
New Features for SCOREKEEPER ............................. 11
Fido 12 Utilities ........................................ 12
2. COLUMNS .................................................. 20
FidoCon '88: Visit The Cincinnati Observatory ............ 20
3. NOTICES .................................................. 21
The Interrupt Stack ...................................... 21
Latest Software Versions ................................. 21
4. COMMITTEE REPORTS ........................................ 23
And more!
FidoNews 5-19 Page 1 9 May 1988
=================================================================
ARTICLES
=================================================================
George A. Stanislav
Opus 1:129/39
The Four Astral Board Echos
The logo of Astral Board, 1:129/39, is "The Unusual Board For
Unusual People." Indeed, the whole purpose of Astral Board is
discussing unusual things. Its two main local message areas are
"Unusual Experiences" and "Martial Arts." Four echos have been
born on Astral Board so far, all, hopefully, falling in the
"unusual" category.
The first and best known echo originating at Astral Board is
80XXX. Its purpose is to get a public forum to anyone writing
programs for the 8088 Intel chip and its derivatives, e.g.
80286, 80386, 8087, etc.
Another programming echo may not seem that unusual. After all,
there is a general programmers' echo, a C echo, a Pascal echo
and others. The "unusual" part of 80XXX is in its orientation
towards low level programming of a specific chip, or rather a
family of chips. Most of the discussion is about PC assembly
language programming, although the echo is not limited to
assembly language. As long as it has something to do with the
low level programming of the Intel 80XXX chips, any message is
welcome here.
Another unusual thing about 80XXX echo is its file transfer
protocol. If participants of the echo want to transfer chunks of
code that will not fit into one message, or even if they want to
transfer small binary files, they arc the file, convert it into
an ASCII text file by John Navas's ECHOARC and post that text as
a message. The recipient uses the same program to convert the
message into an arc file. That is why all sysops carrying the
80XXX echo are required to carry a copy of ECHOARC on their
systems for download by their users.
Unidentified Flying Objects are the topic of discussion of UFO,
another unusual echo from the unusual board. The history of this
echo is somewhat peculiar. Before I started it, I had no special
interest in the UFO phenomenon. Some of my callers were
attracted to my BBS by its name, Astral Board, in the hope they
would find a UFO related discussion there.
After several users expressed a desire for such an area, I
agreed to start it, not as a local discussion, but an echo. To
my great surprise, the day I started the echo, messages started
coming from all over the country, mostly thanks to Aaron
Schmiedel, sysop of Chai Way in Dallas, who spread the new echo
FidoNews 5-19 Page 2 9 May 1988
all over the USA and even sent it to Europe.
People who have personally viewed UFO's have participated in our
discussion. For me the echo was an eye opener. While before I
started the echo I would have probably treated anyone claiming
to have seen a UFO with great suspicion, nowadays I have no
doubt about the UFO phenomenon and even about its potential
danger for our planet. Those alliens seem to be anything but
friendly folks.
STARGAZE is another echo started on request of others. The echo
is dedicated to Astrology. The echo has started very slowly,
and up to this point not much discussion has happened there.
Mostly I asked people to help me find the algorithms for
astrological calculations as I would like to write an online
astrology program. If anyone can help in this regard, please
post in STARGAZE.
The fourth unusual echo is BBOS. This echo seems the most
unusual of all, at least to me. I started it when several sysops
requested an echo dealing with Opus Embedded Commands and AVATAR
(Advanced Video Attribute Terminal) for which I wrote a
compiler, OECC.
While the request for the echo was strong, there rarely ever
appear any messages in it. BBOS stands for Bulletin Board
Operating System. The echo is open not just to the discussion of
the currently available Opus Embedded Commands, but to
suggestions for new ones. In fact, the echo can be an excellent
meeting place of developers and users of different BBOS's to
possibly create standard ways of embedding commands and screen
control codes into text files that could be portable among the
various bulletin board operating systems.
Apparently this idea came too early before its time. The echo is
very little used. Ironically, I came to the point when I wanted
to discontinue the echo. I posted a message to that matter in
other echos and received many answers asking me not to do that.
Despite that, the traffic has been slow. I hope that after
reading this article more people will become aware of this echo
and its purpose.
All four echos are available at the Stars. One of the Stars
polls me every night for the echos and delivers the messages
from other places.
I would like to emphasize especially the presence of the last
two echos, STARGAZE and BBOS, as it seems not many sysops are
aware of their existence.
-----------------------------------------------------------------
FidoNews 5-19 Page 3 9 May 1988
SEAnet/2 - Hong Kong IFNA node 3:700/13.0
A POTENTIAL SECURITY PROBLEM IN OPUS
------------------------------------
Our turn?
To every BBS, it seems, there comes a Hacker - and we've just
had our first major attempt at gaining unauthorized access to
our system.
As we use Opus 1.03b which is, to say the least, a rather
widely used system we have decided to share our experience
with you in the hopes that you may avoid similar occurrences
on your own systems.
The hacker in question used a very simple, but powerful,
method which could - had things gone according to his plan -
have allowed him to gain full control of the machine running
Opus. This would have included access to all the BBS
utilities on the machine.
Such a success would, of course, meant that the hacker would
have been able to completely cover his tracks, even leaving
the Sysop unaware that his system had been compromised.
Due to some luck (good for us, bad for the hacker) he failed
in his attempts to control our system, and merely managed to
crash it leaving the system down for several hours.
A debate
--------
There is always something of a debate over whether the
methodology behind such things as Virus programs, Trojans and
so on should be publicly revealed in full detail.
The argument against full disclosure is seated in the idea
that we should not risk telling other people how such things
can be accomplished in the hope that no more people will find
out than already know.
Opposing this is the belief that only by letting people know
about a danger, and by fully informing them of that danger,
can ways be developed to combat the danger.
The two arguments might be summarized as the "Keep quiet and
hope it goes away" against the "Forewarned is forearmed".
It is in the light of the latter belief that this article
will explain what the hacker did, and how he did it.
I do of course advise all those who think their systems might
be susceptible to this line of attack to protect themselves
at once in the manner I will describe shortly.
FidoNews 5-19 Page 4 9 May 1988
The Method
----------
Basically what the hacker did was to take advantage of the
fact that we do not make much use of the *.GBS files in our
Opus system.
For those unfamiliar with .GBS files I should pause to
explain that these are the graphic equivalents to the .BBS
files containing system logos, file lists, menus and the
like.
People with ANSI graphics set ON will see what is in the .GBS
files, while those with it off will see what is in the .BBS
file.
This allows users with ANSI capability to take full advantage
of that system, while still producing perfectly legible
displays for those without ANSI support.
The hacker uploaded a file called FILES.GBS to a file area,
as no such file existed previously the system allowed him to
do this.
This file was a text file containing OANSI embedded commands
to shell to DOS and perform various functions.
These included DEL *.LOG in a successful attempt to remove
the system logs and so cover his trail.
The hacker then tried to run the remote sysop utility using
this system, luckily for us he was unaware of which com: port
we are using. By performing CTTY with the wrong port he
managed to crash the system.
Protection
----------
Protecting against further attempts to do this is quite
simple, we have now set the upload paths for all file areas
to a directory that is only available from a file area in
which the F)iles and T)ypes command are disabled.
Sysops will have to check this area and hurl (real problem as
Opus won't hurl across multiple drives) files into the areas
they are intended for. Not entirely satisfactory, but it's a
solution.
Raymond C Lowe
-----------------------------------------------------------------
FidoNews 5-19 Page 5 9 May 1988
Your IFNA Working for You
Where DO those DUES go?
Steve Bonine, 115/777
There has been discussion in the sysop echomail conferences about
whether there is a need for an organization like IFNA, what such
an organization should do, and what IFNA is doing now. I want to
share with you a couple of things that IFNA is doing, right now,
for the good of FidoNet. You can agree or disagree about whether
they SHOULD be done, HOW they should be done, WHO should do them;
but at least you will be able to argue from a base of facts.
Last September, Ken Kaplan was looking for someone to help him
out with replies to inquiries received at the IFNA post office
box. I volunteered for the job because that aspect of IFNA is an
important one -- it's all well and good to say that potential
sysops can obtain information about FidoNet from a local BBS, but
what do you do if you're in India, or if you don't know where the
local BBS is? The IFNA mailing address provides an important
means of distributing information about what we are doing.
The work that Ken wanted to delegate seemed simple enough -- send
some sort of reply to folks who request information by writing to
IFNA. The pamphlet that Ken had been sending was a bit out of
date. (It doesn't take long for things to get out of date when
it comes to FidoNet information!) So I sat down with the old
pamphlet, my trusty PCWrite and HP Laserjet, and came up with a
new mailer. Nothing fancy, but it worked.
The response to PO-box inquiries consists of this little
pamphlet, a list of help nodes, a list of all the FidoNet
coordinators, and an IFNA order/application form. It goes for a
single unit of postage (two units international), and provides
general information aimed at a diverse audience.
The audience grew when PC Magazine ran a short article on
FidoNet. The article referred to a number on the reader-service
card, making it very easy for people to generate an inquiry. PC
Magazine does a nice job of handling these "BINGO cards". They
send the target company (IFNA in this case) a post-card-sized
form for each inquiry, with a peel-off mailing label. There have
been more than 500 requests from this one article. It has been
especially interesting to watch PC Magazine make its way around
the world in the last few weeks as requests started to appear
from South America, Europe, Africa, Asia. . . PC's are truly
international.
Back in the dark ages (a year or so ago), requests for
information on FidoNet came primarily from potential sysops --
people who were interested in starting their own BBS. This has
changed, with many more requests coming from potential USERS.
These are people who have heard about FidoNet and echomail, and
want to know what benefits the network has to offer to them as
users. This shows how FidoNet has matured to more than a network
FidoNews 5-19 Page 6 9 May 1988
to facilitate communication between sysops. Based upon this
change in the mix of the audience, the material in the pamphlet
has been revised to include more user-oriented information. If
you are interested in seeing the picture that IFNA is painting of
itself, send me netmail (115/777) and I will gladly mail you a
copy of the PO-box-inquiry mailing.
To appeal to the potential sysop, a longer document provides a
more detailed introduction to FidoNet. This file, NEWSYSOP.TXT,
has been made available for download on a number of systems
throughout the network. It provides an introduction to what
options are available in BBS software, mailers, and echomail.
The audience for this publication is technical enough to be able
to cope with downloading from a local BBS, so this publication is
not generally made available in printed form.
So there you have it -- the attempts of one segment of IFNA to do
something to help FidoNet. Now let me preach a bit. The work I
have done for FidoNet has been quite rewarding. I do it because
I enjoy it. Try it; you might enjoy it also. You don't have to
be "anointed" to be a part of the team; I hold no position in
IFNA whatsoever. I have found that many people criticize IFNA
for "not doing anything" but there are mighty few who will
actually pick up the ball and run with it.
You want balls? OK. . . here are a few things that need to be
done. Nick Baroque (104/413) has made the excellent suggestion
that new systems receive a message from their IFNA director when
they are added to the nodelist, providing them with a greeting
and letting them know who their director is; in general, painting
a positive picture of IFNA. (Remember how exciting it was to get
netmail right after your node number first appeared in the
nodelist?) We even have a volunteer who will send out the
netmail. What we need in order to implement this fine suggestion
is a way to identify new nodes. This is a bit more complex than
a simple file matching program, since it has to weed out things
like nodes that just changed their address. Any whiz programmers
out there want to tackle this one?
More balls. Mitch Kessler (107/269) has made another excellent
suggestion that a local contact, perhaps a followup to the
standard IFNA mailing, would be a valuable way to improve the
public relations of FidoNet. In fact, Mitch feels that FidoNet
PR should be coming from the local nets. Implementing this idea
would require a network of systems organized geographically to
provide this. Are there enough folks out there to make this
work?
There are other projects which could be done. Exposure in the
national press, like the article in PC Magazine, counters the
media's tendency to paint computer bulletin board systems as
places where hackers and phreakers do their dirty work. Is
anyone in a position to get us more of this type of publicity?
(It would be even nicer if we knew it was coming this time, so we
could gear up to answer the inquiries.) NEWSYSOP.TXT can always
use a section on new products; to corrupt a popular phrase, "Send
FidoNews 5-19 Page 7 9 May 1988
prose!". Maybe there are areas in addition to new-sysop
orientation that you feel should be addressed by a similar
booklet.
The purpose of this article is to point out that IFNA really IS
accomplishing something. There ARE reasons to have a national
organization representing FidoNet, and two of them are providing
a central location from which information can be requested and
organizing a convention. Both of these tasks are being done;
you've read about the great progress towards a super FidoCon in
other articles. I hope to meet many of you at FidoCon this
August!
-----------------------------------------------------------------
FidoNews 5-19 Page 8 9 May 1988
Kilgore Trout, 107/9
System Enhancement Associates, Inc.
Etiquette and Protocols
We've done a number of benchmark runs on various file transfer
protocols over the last few years, a few of which have been
reported in FidoNews. Our last published benchmark series
compared SEAlink and Zmodem at 2400 baud.
Recently some people have questioned if it was valid to
extrapolate the results of our 2400 baud trials to data transfers
at 9600 baud. In particular, how would the Overdrive variant of
SEAlink compare against Zmodem? We were confident that our
earlier results were still valid at the higher baud rate, but we
decided to confirm this opinion with hard data.
For this benchmark series we used an IBM-AT (sending) and an
IBM-XT (receiving) connected by a null modem cable at an
interface speed of 9600 baud. The implementations test
Download original FidoNews · Volume 5 (1988) · ← Previous · Next →