Skip to content

FidoNews · Vol 5, No 19 · 9 May 1988

     Volume 5, Number 19                                    9 May 1988
     +---------------------------------------------------------------+
     |                                                  _            |
     |                                                 /  \          |
     |                                                /|oo \         |
     |        - FidoNews -                           (_|  /_)        |
     |                                                _`@/_ \    _   |
     |        International                          |     | \   \\  |
     |     FidoNet Association                       | (*) |  \   )) |
     |         Newsletter               ______       |__U__| /  \//  |
     |                                 / FIDO \       _//|| _\   /   |
     |                                (________)     (_/(_|(____/    |
     |                                                     (jm)      |
     +---------------------------------------------------------------+
     Editor in Chief                                       Dale Lovell
     Editor Emeritus:                                   Thom Henderson
     Chief Procrastinator Emeritus:                       Tom Jennings
     Contributing Editors:                                   Al Arango

     FidoNews  is  published  weekly  by  the  International   FidoNet
     Association  as  its  official newsletter.  You are encouraged to
     submit articles for publication in FidoNews.  Article  submission
     standards  are contained in the file ARTSPEC.DOC,  available from
     node 1:1/1.

     Copyright 1988 by  the  International  FidoNet  Association.  All
     rights  reserved.  Duplication  and/or distribution permitted for
     noncommercial purposes only.  For  use  in  other  circumstances,
     please contact IFNA at (314) 576-4067. IFNA may also be contacted
     at PO Box 41143, St. Louis, MO 63141.

     Fido  and FidoNet  are registered  trademarks of  Tom Jennings of
     Fido Software,  164 Shipley Avenue,  San Francisco, CA  94107 and
     are used with permission.

     The  contents  of  the  articles  contained  here  are  not   our
     responsibility,   nor   do   we   necessarily  agree  with  them.
     Everything here is  subject  to  debate.  We  publish  EVERYTHING
     received.



                             Table of Contents

     1. ARTICLES  .................................................  1
        Four Unusual Echos  .......................................  1
        Our turn? How Hackers hacked away at Opus in Hong Kong  ...  3
        Your IFNA Working for You  ................................  5
        Etiquette and Protocols -- SEAlink vs Zmodem  .............  8
        New Features for SCOREKEEPER  ............................. 11
        Fido 12 Utilities  ........................................ 12
     2. COLUMNS  .................................................. 20
        FidoCon '88: Visit The Cincinnati Observatory  ............ 20
     3. NOTICES  .................................................. 21
        The Interrupt Stack  ...................................... 21
        Latest Software Versions  ................................. 21
     4. COMMITTEE REPORTS  ........................................ 23
     And more!
     FidoNews 5-19                Page 1                    9 May 1988


     =================================================================
                                 ARTICLES
     =================================================================

     George A. Stanislav
     Opus 1:129/39


                   The Four Astral Board Echos



     The logo of Astral Board, 1:129/39, is "The Unusual Board For
     Unusual People." Indeed, the whole purpose of Astral Board is
     discussing unusual things. Its two main local message areas are
     "Unusual Experiences" and "Martial Arts." Four echos have been
     born on Astral Board so far, all, hopefully, falling in the
     "unusual" category.

     The first and best known echo originating at Astral Board is
     80XXX. Its purpose is to get a public forum to anyone writing
     programs for the 8088 Intel chip and its derivatives, e.g.
     80286, 80386, 8087, etc.

     Another programming echo may not seem that unusual. After all,
     there is a general programmers' echo, a C echo, a Pascal echo
     and others. The "unusual" part of 80XXX is in its orientation
     towards low level programming of a specific chip, or rather a
     family of chips. Most of the discussion is about PC assembly
     language programming, although the echo is not limited to
     assembly language. As long as it has something to do with the
     low level programming of the Intel 80XXX chips, any message is
     welcome here.

     Another unusual thing about 80XXX echo is its file transfer
     protocol. If participants of the echo want to transfer chunks of
     code that will not fit into one message, or even if they want to
     transfer small binary files, they arc the file, convert it into
     an ASCII text file by John Navas's ECHOARC and post that text as
     a message. The recipient uses the same program to convert the
     message into an arc file. That is why all sysops carrying the
     80XXX echo are required to carry a copy of ECHOARC on their
     systems for download by their users.

     Unidentified Flying Objects are the topic of discussion of UFO,
     another unusual echo from the unusual board. The history of this
     echo is somewhat peculiar. Before I started it, I had no special
     interest in the UFO phenomenon. Some of my callers were
     attracted to my BBS by its name, Astral Board, in the hope they
     would find a UFO related discussion there.

     After several users expressed a desire for such an area, I
     agreed to start it, not as a local discussion, but an echo. To
     my great surprise, the day I started the echo, messages started
     coming from all over the country, mostly thanks to Aaron
     Schmiedel, sysop of Chai Way in Dallas, who spread the new echo
     FidoNews 5-19                Page 2                    9 May 1988


     all over the USA and even sent it to Europe.

     People who have personally viewed UFO's have participated in our
     discussion. For me the echo was an eye opener. While before I
     started the echo I would have probably treated anyone claiming
     to have seen a UFO with great suspicion, nowadays I have no
     doubt about the UFO phenomenon and even about its potential
     danger for our planet. Those alliens seem to be anything but
     friendly folks.

     STARGAZE is another echo started on request of others. The echo
     is dedicated to Astrology. The echo has started very slowly,
     and up to this point not much discussion has happened there.
     Mostly I asked people to help me find the algorithms for
     astrological calculations as I would like to write an online
     astrology program. If anyone can help in this regard, please
     post in STARGAZE.

     The fourth unusual echo is BBOS. This echo seems the most
     unusual of all, at least to me. I started it when several sysops
     requested an echo dealing with Opus Embedded Commands and AVATAR
     (Advanced Video Attribute Terminal) for which I wrote a
     compiler, OECC.

     While the request for the echo was strong, there rarely ever
     appear any messages in it. BBOS stands for Bulletin Board
     Operating System. The echo is open not just to the discussion of
     the currently available Opus Embedded Commands, but to
     suggestions for new ones. In fact, the echo can be an excellent
     meeting place of developers and users of different BBOS's to
     possibly create standard ways of embedding commands and screen
     control codes into text files that could be portable among the
     various bulletin board operating systems.

     Apparently this idea came too early before its time. The echo is
     very little used. Ironically, I came to the point when I wanted
     to discontinue the echo. I posted a message to that matter in
     other echos and received many answers asking me not to do that.
     Despite that, the traffic has been slow. I hope that after
     reading this article more people will become aware of this echo
     and its purpose.

     All four echos are available at the Stars. One of the Stars
     polls me every night for the echos and delivers the messages
     from other places.

     I would like to emphasize especially the presence of the last
     two echos, STARGAZE and BBOS, as it seems not many sysops are
     aware of their existence.


     -----------------------------------------------------------------

     FidoNews 5-19                Page 3                    9 May 1988


     SEAnet/2 - Hong Kong                    IFNA node 3:700/13.0


                 A POTENTIAL SECURITY PROBLEM IN OPUS
                 ------------------------------------

     Our turn?

     To every BBS, it seems, there comes a Hacker - and we've just
     had our first major attempt at gaining unauthorized access to
     our system.

     As  we  use Opus 1.03b which is,  to say the least,  a rather
     widely used system we have decided to  share  our  experience
     with  you in the hopes that you may avoid similar occurrences
     on your own systems.

     The  hacker  in  question  used a very simple,  but powerful,
     method which could - had things gone according to his plan  -
     have  allowed him to gain full control of the machine running
     Opus.  This  would  have  included  access  to  all  the  BBS
     utilities on the machine.

     Such a success would,  of course, meant that the hacker would
     have been able to completely cover his tracks,  even  leaving
     the Sysop unaware that his system had been compromised.

     Due to some luck (good for us,  bad for the hacker) he failed
     in his attempts to control our system,  and merely managed to
     crash it leaving the system down for several hours.

     A debate
     --------
     There  is  always  something  of  a  debate  over whether the
     methodology behind such things as Virus programs, Trojans and
     so on should be publicly revealed in full detail.

     The argument against full disclosure is seated  in  the  idea
     that  we should not risk telling other people how such things
     can be accomplished in the hope that no more people will find
     out than already know.

     Opposing this is the belief that only by letting people  know
     about  a danger,  and by fully informing them of that danger,
     can ways be developed to combat the danger.

     The two arguments might be summarized as the "Keep quiet  and
     hope it goes away" against the "Forewarned is forearmed".

     It  is  in  the  light of the latter belief that this article
     will explain what the hacker did, and how he did it.

     I do of course advise all those who think their systems might
     be susceptible to this line of attack to  protect  themselves
     at once in the manner I will describe shortly.

     FidoNews 5-19                Page 4                    9 May 1988


     The Method
     ----------
     Basically what the hacker did was to take  advantage  of  the
     fact  that  we do not make much use of the *.GBS files in our
     Opus system.

     For  those  unfamiliar  with  .GBS  files  I  should pause to
     explain that these are the graphic equivalents  to  the  .BBS
     files  containing  system  logos,  file lists,  menus and the
     like.

     People with ANSI graphics set ON will see what is in the .GBS
     files,  while  those with it off will see what is in the .BBS
     file.

     This allows users with ANSI capability to take full advantage
     of that  system,  while  still  producing  perfectly  legible
     displays for those without ANSI support.

     The  hacker  uploaded a file called FILES.GBS to a file area,
     as no such file existed previously the system allowed him to
     do this.

     This file was a text file containing OANSI embedded  commands
     to shell to DOS and perform various functions.

     These  included  DEL  *.LOG in a successful attempt to remove
     the system logs and so cover his trail.

     The  hacker  then tried to run the remote sysop utility using
     this system, luckily for us he was unaware of which com: port
     we are using.  By performing CTTY  with  the  wrong  port  he
     managed to crash the system.

     Protection
     ----------
     Protecting  against  further  attempts  to  do  this is quite
     simple,  we have now set the upload paths for all file  areas
     to  a  directory  that  is only available from a file area in
     which the F)iles and T)ypes command are disabled.

     Sysops will have to check this area and hurl (real problem as
     Opus won't hurl across multiple drives) files into the  areas
     they are intended for. Not entirely satisfactory, but it's a
     solution.

     Raymond C Lowe



     -----------------------------------------------------------------

     FidoNews 5-19                Page 5                    9 May 1988


                         Your IFNA Working for You
                          Where DO those DUES go?

     Steve Bonine, 115/777


     There has been discussion in the sysop echomail conferences about
     whether there is a need for an organization like IFNA, what such
     an organization should do, and what IFNA is doing now.  I want to
     share with you a couple of things that IFNA is doing, right now,
     for the good of FidoNet.  You can agree or disagree about whether
     they SHOULD be done, HOW they should be done, WHO should do them;
     but at least you will be able to argue from a base of facts.

     Last September, Ken Kaplan was looking for someone to help him
     out with replies to inquiries received at the IFNA post office
     box.  I volunteered for the job because that aspect of IFNA is an
     important one -- it's all well and good to say that potential
     sysops can obtain information about FidoNet from a local BBS, but
     what do you do if you're in India, or if you don't know where the
     local BBS is?  The IFNA mailing address provides an important
     means of distributing information about what we are doing.

     The work that Ken wanted to delegate seemed simple enough -- send
     some sort of reply to folks who request information by writing to
     IFNA.  The pamphlet that Ken had been sending was a bit out of
     date.  (It doesn't take long for things to get out of date when
     it comes to FidoNet information!)  So I sat down with the old
     pamphlet, my trusty PCWrite and HP Laserjet, and came up with a
     new mailer.  Nothing fancy, but it worked.

     The response to PO-box inquiries consists of this little
     pamphlet, a list of help nodes, a list of all the FidoNet
     coordinators, and an IFNA order/application form.  It goes for a
     single unit of postage (two units international), and provides
     general information aimed at a diverse audience.

     The audience grew when PC Magazine ran a short article on
     FidoNet.  The article referred to a number on the reader-service
     card, making it very easy for people to generate an inquiry.  PC
     Magazine does a nice job of handling these "BINGO cards".  They
     send the target company (IFNA in this case) a post-card-sized
     form for each inquiry, with a peel-off mailing label.  There have
     been more than 500 requests from this one article.  It has been
     especially interesting to watch PC Magazine make its way around
     the world in the last few weeks as requests started to appear
     from South America, Europe, Africa, Asia. . . PC's are truly
     international.

     Back in the dark ages (a year or so ago), requests for
     information on FidoNet came primarily from potential sysops --
     people who were interested in starting their own BBS.  This has
     changed, with many more requests coming from potential USERS.
     These are people who have heard about FidoNet and echomail, and
     want to know what benefits the network has to offer to them as
     users.  This shows how FidoNet has matured to more than a network
     FidoNews 5-19                Page 6                    9 May 1988


     to facilitate communication between sysops.  Based upon this
     change in the mix of the audience, the material in the pamphlet
     has been revised to include more user-oriented information.  If
     you are interested in seeing the picture that IFNA is painting of
     itself, send me netmail (115/777) and I will gladly mail you a
     copy of the PO-box-inquiry mailing.

     To appeal to the potential sysop, a longer document provides a
     more detailed introduction to FidoNet.  This file, NEWSYSOP.TXT,
     has been made available for download on a number of systems
     throughout the network.  It provides an introduction to what
     options are available in BBS software, mailers, and echomail.
     The audience for this publication is technical enough to be able
     to cope with downloading from a local BBS, so this publication is
     not generally made available in printed form.

     So there you have it -- the attempts of one segment of IFNA to do
     something to help FidoNet.  Now let me preach a bit.  The work I
     have done for FidoNet has been quite rewarding.  I do it because
     I enjoy it.  Try it; you might enjoy it also.  You don't have to
     be "anointed" to be a part of the team; I hold no position in
     IFNA whatsoever.  I have found that many people criticize IFNA
     for "not doing anything" but there are mighty few who will
     actually pick up the ball and run with it.

     You want balls?  OK. . . here are a few things that need to be
     done.  Nick Baroque (104/413) has made the excellent suggestion
     that new systems receive a message from their IFNA director when
     they are added to the nodelist, providing them with a greeting
     and letting them know who their director is; in general, painting
     a positive picture of IFNA.  (Remember how exciting it was to get
     netmail right after your node number first appeared in the
     nodelist?)  We even have a volunteer who will send out the
     netmail.  What we need in order to implement this fine suggestion
     is a way to identify new nodes.  This is a bit more complex than
     a simple file matching program, since it has to weed out things
     like nodes that just changed their address.  Any whiz programmers
     out there want to tackle this one?

     More balls.  Mitch Kessler (107/269) has made another excellent
     suggestion that a local contact, perhaps a followup to the
     standard IFNA mailing, would be a valuable way to improve the
     public relations of FidoNet.  In fact, Mitch feels that FidoNet
     PR should be coming from the local nets.  Implementing this idea
     would require a network of systems organized geographically to
     provide this.  Are there enough folks out there to make this
     work?

     There are other projects which could be done.  Exposure in the
     national press, like the article in PC Magazine, counters the
     media's tendency to paint computer bulletin board systems as
     places where hackers and phreakers do their dirty work.  Is
     anyone in a position to get us more of this type of publicity?
     (It would be even nicer if we knew it was coming this time, so we
     could gear up to answer the inquiries.)  NEWSYSOP.TXT can always
     use a section on new products; to corrupt a popular phrase, "Send
     FidoNews 5-19                Page 7                    9 May 1988


     prose!".  Maybe there are areas in addition to new-sysop
     orientation that you feel should be addressed by a similar
     booklet.

     The purpose of this article is to point out that IFNA really IS
     accomplishing something.  There ARE reasons to have a national
     organization representing FidoNet, and two of them are providing
     a central location from which information can be requested and
     organizing a convention.  Both of these tasks are being done;
     you've read about the great progress towards a super FidoCon in
     other articles.  I hope to meet many of you at FidoCon this
     August!

     -----------------------------------------------------------------

     FidoNews 5-19                Page 8                    9 May 1988


     Kilgore Trout, 107/9
     System Enhancement Associates, Inc.


                          Etiquette and Protocols

     We've done a number of benchmark runs on  various  file  transfer
     protocols  over  the  last  few  years,  a few of which have been
     reported  in  FidoNews.   Our  last  published  benchmark  series
     compared SEAlink and Zmodem at 2400 baud.

     Recently   some  people  have  questioned  if  it  was  valid  to
     extrapolate the results of our 2400 baud trials to data transfers
     at 9600 baud.  In particular,  how would the Overdrive variant of
     SEAlink  compare  against  Zmodem?  We  were  confident  that our
     earlier results were still valid at the higher baud rate,  but we
     decided to confirm this opinion with hard data.

     For this benchmark series we used  an  IBM-AT  (sending)  and  an
     IBM-XT  (receiving)  connected  by  a  null  modem  cable  at  an
     interface speed of 9600 baud.  The  implementations  test

Download original FidoNews · Volume 5 (1988) · ← Previous · Next →