From: Cu Digest (tk0jut2@mvs.cso.niu.edu) Computer underground Digest Sun Feb 8, 1998 Volume 10 : Issue 10 --------------------------------------------------------------------- Date: Sat, 07 Feb 1998 00:50:21 -0600 (CST) From: Bennett Haselton Subject: File 1--fwd: CYBERsitter caught mail-bombing critics CYBERsitter has been caught in the act of mail-bombing someone who wrote a letter to Brian Milburn, the CEO of CYBERsitter, complaining about their product. Spefically, a lady names Sarah Salls sent the following letter to Brian Milburn at bmilburn@solidoak.com: http://peacefire.org/archives/SOS.letters/asherah.2.bm.2.4.98.txt She was writing to CYBERsitter regarding their harassment of Peacefire and their blocking of anti-censorship sites, which is described in more detail at: http://www.peacefire.org/censorware/CYBERsitter/ CYBERsitter replied by flooding her account with over 446 junk messages. While the attack was in progress, Ms. Salls had her ISP's postmaster monitor the incoming attack and shut it off. Naturally, her ISP, Valinet.com, kept copies of the mail logs for that day and has passed them on as evidence to their lawyers. A complaint was also forwarded to MCI's security department, which handles network abuse and illegal denial-of-service attacks that are perpetrated by their customers, which include lower-end network users like CYBERsitter: http://peacefire.org/archives/SOS.letters/valinet.2.mci.2.5.98.txt C-Net's NEWS.com picked up on the story and interviewed Sarah Salls, her ISP, me, and Brian Milburn from Solid Oak Software. Their story is at: http://www.news.com/News/Item/0,4,18937,00.html (Note that the C-Net article compares the act of mail flooding with conventional spam, and says that a bill is being considered in Congress that would outlaw what CYBERsitter did. This is not quite true; flooding a person's account with 500 junk messages is a denial-of-service attack, which is already illegal, and it usually gets you in a lot more trouble than spamming would.) Far from denying the accusations, Brian Milburn gave C-Net the following quote: "Certain people aren't going to get the hint. Maybe if they get the email 500 times, they'll get it through their heads... If they send it to my private email account, they're going to get what they get." No kidding, Brian! -Bennett bennett@peacefire.org (615) 421 6284 http://www.peacefire.org ------------------------------ Date: Sun, 8 Feb 1998 15:34:49 -0600 From: jthomas@VENUS.SOCI.NIU.EDU(Jim Thomas) Subject: File 2--The letter to Milbourn/Cybersitter ((MODERATORS' NOTE: Here is the letter that precipitated the alleged Spam from Cybersitter and the account of the poster who sent it. When CuD attempted to contact Milbourn/Cybersitter about a year ago to obtain information on a story circulating the net, we received emphatic demands that we never contact him. The demands were veiled in threats of repercussions should we try, so others can contact Cybersitter for themselves to confirm or refute the latest allegations)). ================== Source - http://www.thewitches.com/censor/ In surfing the Peacefire website, I came across information relating to Cybersitter's policies. I decided to download the software, and see how it worked for myself. Everything the Peacefire site had pointed out about Cybersitter was true. Before downloading the software and installing it, however, I visited the sites that were on the blocked list. I couldn't find anything on these sites that would fit Cybersitter's criteria for blocking. While I was on the Peacefire site, I also read through correspondence between Cybersitter's C.E.O. and various people. In numerous letters, representatives of Cybersitter bashed Peacefire for its involvement with the issues surrounding their software, citing that the software was designed for use by parents and that the "kids" at Peacefire had no right to even be involved in this issue. Those letters compelled me to write my own letter, after all, I AM a parent. Here is a copy of the letter I wrote to the C.E.O. of Solid Oak Software, Brian Milburn. Mr.Milburn, You have stated over and over again that your software is for use by parents. And that individuals other than parents, should not be involving themselves in the fight against your just above legal censoring techniques. I, myself am a parent. I have two children who love to surf the Internet, and while I seek to protect them from inappropriate material, I certainly would not want someone else making the decisions on what my children should or should not view for me. Which is exactly what your software does. It does not allow the parents to make the choices about what their children access, that list is already predefined within the software and to top it all off, you encrypt the list so that the parents cannot even view it. This I find completely preposterous. That would be like the video clerk telling me I could only rent G rated movies, because I have children under the age of thirteen in my household. Therefore, I am not entitled to rent a PG-13 movie or above. The PG stands for parental guidance. Which means, that if I determine that my child is mature enough to view the movie, he may. It does not mean that anyone under the age of thirteen is banned from seeing it. In essence, this is what you have done with your software. You have taken the "parental guidance" out of it. A parent is not allowed to determine which sites on your list are or are not appropriate as they are not allowed to view the list that your software operates from. I, for one, am not opposed to my children learning about diversity, yet you have blocked The National Organization for Women, who's key issues include Racial and Ethnic Diversity as well as issues concerning Violence Against Women, which unfortunately in their younger days my children had to deal with firsthand. If it were not for Organizations like N.O.W. many women would not be able to find the resources the need to escape abusive relationships, thus allowing the children to suffer further. You have also banned The Human Awareness Institute which teaches individuals to prosper in healthier, happier, more emotionally balanced relationships. This is something I WANT my children to learn. After all, what is the alternative? For them to learn to wither in unhealthy, unhappy, emotionally leeching, abusive relationships? We live in an area that is extremely diverse and has a large gay population. Although, some homophobia still exists in the community, it is starting to be dispelled by the amount of information available in cyberspace about the gay/lesbian community. Not so if you are using CYBERsitter however. I think that based upon the extraordinarily large number of gay/lesbian sites that you have banned, we can see where the main homophobia exists. (Looked in a mirror lately, Mr. Millburn?) Until recently, you had also blocked a large number of wiccan/pagan sites as well because they obviously did not subscribe to your own Christian values not because they were in violation in any way of your list of criteria for blocked sites. By doing this, if I were using your software, you would have infringed upon my right as a parent to teach my children about their religion, as I would not have been able to access many valuable wiccan/pagan sites. I truly think that you need to re-evaluate your motives in distributing this product. If the product is not based upon your own agendas but merely to help parents in protecting their children, then you need to revamp your product so that it allows parents to decide what is appropriate for the children. By decoding your banned lists and making your product more "parent-friendly". It is not groups like Peacefire that are causing you to lose revenue. It is your own product. Organizations like Peacefire and many other individuals and organizations are merely bringing attention to faults which already exist within your product. Faults that the consumer would discover for themselves once they purchased it. If I were you, I would take the complaints you get to heart and use them to make your product better, rather than trying to shut down every single site that airs a complaint about your company's software. I, for one fully intend to make it known how your software operates. I have many friends on many domains who are willing to help me inform consumers about your product. If you feel it necessary to track us down, and block each and every one of us, then I wish you luck in your endeavors. But it might make it necessary to add the word CYBERsitter to your list of banned words, and just what would that do to your business? Sincerely, ( My name witheld here, I did include it in the original letter along with my title and e-mail address) I sent that first letter to the CEO's e-mail address, which is posted publicly on Solid Oak's Website (that address bmilburn@solidoak.com ) Well, that letter was returned to me along with a message stating that it was unwanted e-mail to a private e-mail address. So, I decided that perhaps the CEO wanted his privacy, even though he had posted his e-mail address on Solid Oak's website for the world to see. Or that he might have been offended by the header of my message, which read TheWitches.Com. I could understand that. I sent the message again, this time using my Z-Bear account and addressing the message to support@solidoak.com . The same thing happened again. My letter was returned with a message stating that it was unwanted e-mail sent to a private e-mail address. Okay, so perhaps they didn't want me cluttering up their support mailbox (which again was publicly displayed on their website) with feedback. That was the solution!!! Feedback!! I sent the message again, this time using the feed.back@solidoak.com Yet again, the message was returned to me with the same message: unwanted e-mail to a private e-mail address. Since when is a feedback address private? I copied and pasted the message right into an e-mail on their website, using the address located just below where it states, "We welcome your feedback" I returned to the Peacefire website and noticed something I had missed before. A section stating not to include the word Peacefire in any e-mail sent to Solid Oak, as they were screening the message bodies for this and if it was discovered the message would be rejected. I went back into my e-mail and took out all mention of Peacefire. Again, I sent the message to feed.back@solidoak.com. Rejected. Again. Well now that Solid Oak has been contacted, I can now tell the rest of the story about what happened. Here is a copy of the fourth e-mail I received from Solid Oak Software: -----Original Message----- From: Technical Support To: postmaster@zbear.com Date: Thursday, February 05, 1998 10:54 AM Subject--Unwanted e-mail [Re:] Fourth request. We have asked for your assistance regarding repeated unwanted e-mail from this account. You have seen fit however to ignore our requests. Since you will not do anything, we will. So, I had to wonder, what were they going to do? Report me to my ISP? They had already done that and my ISP responded to them that they didn't feel there was anything innappropriate about my e-mail. Approximately five minutes later, when my Outlook Express automatically logged on to check my mail, I found out. I couldn't believe my eyes. Hundreds of e-mails were being downloaded into my account. Solid Oak was mailbombing me! I immediately called my ISP and got one of the heads on the phone. I explained what was happening. He logged into my account and was witness to the mailbombing. He immediately took steps to shut off Solid Oaks mail to my account as well as to the rest of Valinet, my ISP. 300+ messages had already downloaded into my account by the time he stopped it with another 500+ remaining on the server. He was livid and so was I. What right did they have to do this. Especially since I had simply written a letter to give feedback on their product. This is not the kind of behavior one would expect from a company that states it is in business to help parents. I am a parent and this company attacked me and my ISP by mailbombing me. The person at my ISP is also a parent, his children and mine attend school together. And up until yesterday, my ISP was distributing Cybersitter as their filtering software. Solid Oak actually attacked a business that was selling their product! They certainly didn't teach me that in business school. That is a completely new tactic. I guess the only feedback they want is positive feedback. Anything negative or contrary will be rejected apparently and the person who gives the negative feedback will be childishly attacked. I would encourage you to write to Solid Oak Software to express your opinions about both their software and their business practices but I would warn you to do so at your own risk. They don't appear to take criticism well. If you would like more information on the filtering processes of Cybersitter or any of the other major filtering software, or if you would like to find out what you can do to help fight internet censorship, please visit the Peacefire website. Bright Blessings, ------------------------------ Date: Sat, 7 Feb 1998 21:32:06 -0600 From: jthomas3@SUN.SOCI.NIU.EDU(Jim Thomas) Subject: File 3--Write a Complaint, Get a Mailbomb (Wired excerpt) Source - lynx http://www.wired.com/news/news/politics/story/10141.html Wired News has been nominated for a Webby Award. You can vote for it at http://www.webbies.com/. Write a Complaint, Get a Mailbomb Janelle Brown 7:05pm 6.Feb.98.PST Solid Oak, the maker of Cybersitter Web filtering software, is under fire from a woman who says the company launched an email attack against her after she sent the firm a critical letter. A company spokesman offered a semi-denial of the accusation. Sarah Salls, a Web designer and mother of two, sent an email to Solid Oak on Wednesday that accused the company of carrying out censorship in its filtering software. After the email was rejected by four Solid Oak email accounts (including support, feedback, and the CEO's personal account), Salls says, she was mailbombed on Thursday. Her account received over 800 emails from support@solidoak.com, quoting her letter with the subject line "re: your crap" and a message "Do not send us any more e-mail!" Solid Oak denied Salls' allegation. But not flatly. "We know absolutely nothing about this - I can't imagine that this would happen," spokesman Marc Kanter said Friday. He conceded, however, that something might have happened - by accident. He said the company has a new automatic response email filtering system that Solid Oak is beta-testing and that it "could have made a mistake."