y0y0y0y0y0 Welcome to HFPA Number 2 Volume 1 Tenative release date September 10, 1995 For all of you viewing the archives you get to see this file as it is being made. Download it daily for your pleasure and to see the latest additions. Well things started out nicely although I haven't recieved any files yet we are being leeched left and right. My logs reported 27 hits one right after the other when I release the info file on IRC. Hopefully it will remain high. But please people SEND IN YOUR FILES AND ADD TO OUR COLLECTION. The web site still hasn't been compiled mainly because I been dealing with school and a psychotic bitch with a brother! :). New additions to the archive should be comming sometime this week or next. Not to mention my new computer. I have been studying to damn hard if you ask me. Also we are looking for some home grown source. Things you put together yourself C is the optimal language becuase it is so portable. Send in your exploits and include a info file telling me where to post it. Well for the Law of the week I promised the text from the Jiffy Lube VMB problem so here it is Innocent parties may bear loss caused by hackers. Jiffy Lube set up a telephone system that included a remote-access feature, by which an off-premises call could dial a secret 800 number (provided by MCI), access Jiffy's private branch exchange (PBX), and obtain a local dial tone. After getting a dial tone, the caller would enter a special code that would allow the caller to make long-distance calls, international and domestic, on a long-distance line provided by AT&T. Sometime there after, Jiffy contended a computer hacker broke through Jiffy's security system; that same hacker apparently published Jiffy's 800 number along with the access code for other hackers. By the time Jiffy found out and put a stop to it, AT&T had sent it a bill for more than 50,000 dollars in fradulent calls. Jiffy refused to pay, claiming that the calls did not originate at its PBX but rather at the hacker's computer. Held: Just as if a criminal trespasser had broken into Jiffy's offices and made those calls, Jiffy bore the liabilty for the calls. FCC tariffs clearly state that calls originate at a customer's number when calls, authorzed or not, are made from the customer's telephone system. In trying to shift responsibility to AT&T, Jiffy ignored that but for its creation of a telephone with a remote access feature, the disputed calls could not have been made. It was hardly just or reasonable to require AT&T to absorb the costs associated with such unauthorized calls. Jiffy argued that AT&T had greater knowledge of hacker fraud problems and greater ability and power to detect, combat, and prevent them; however, such arguments are better put to the FCC, the federal agency having expertise in the communications arena and best able to weigh such policy considerations. [American Tel. & Tel. v. Jiffy Lube Int'l., 813 F. Supp. 1164 (D. Md. 1993)] Whew pain in the ass to type that. And who said AT&T had knowledge of anything! :) New additions to the archive are comming slowly. I am dumping the cert FTP archives or selected things from it here just so I have it :). All the rfc's are on the site and pgp for unix is there also. I will eventually release a public key block that all you leet people can encrypt your messages with but that is down the road also. WE NEED WRITTERS FOR THIS NEWSLETTER. Anything will do as long as it makes since and isn't to vague. I am tired of reading the same old crappy text files that do go in depth on anything.