WWIVNEWS Volume 1, Issue 4
                                  April 1991

                               Table of Contents
    WWIVNews Intro Contest Submissions..............................Various
    Stop the Hack Attack...........................Bethnal the Black 2@5465
    FidoNet from a WWIVnet Perspective..................East Bay Ray 1@9964
    The Pending File.........................................WWIVNEWS Staff
    The Editor's Corner.................................East Bay Ray 1@9964
    Acknowledgements.........................................WWIVNEWS Staff

                      WWIVNews Intro Contest Submissions

                                 Xavier 1@9409

       /\          /\
       \W\  /\    /W/
        \W\/W/\  /W/
         \W /  \/W/
          \/    \/     /\          /\
                       \W\  /\    /W/
                        \W\/W/\  /W/
                         \W /  \/W/      ___________
                          \/    \/      [IIIIIIIIII]
                                             /I/        /\      /\
                                         ___ /I/____    \V\    /V/
                                        [IIIIIIIIII]     \V\  /V/
                                                           \V /
                                                            \/       NEWS!

                              Agent Steel 1@6556
    _________          __          __
   _____  / / __  __  / / __  __  __  __ __    ____    ______________________
  _____  / / / / / / / / / / / / / / / // /   ____    ______________________
 _____  / /_/ /_/ / / /_/ /_/ / / / / // /   ____    ______________________
       /_________/ /_________/ /_/  \___/   ____    ______________________
     ___________________________________    __________          _____________
    ___________________    ____    / __ \  ______    / __  __  ______
   ___________________    ____    / / / / / ____/ / / / / / / /___  / _____
  ___________________    ____    / / / / / /___  / /_/ /_/ /_____/ / _____
 ___________________    ____    /_/ /_/ /_____/ /_________/_______/ _____

                                Bro John 1@4701

             ------===*   \    / \    /   :   \  /   *===---------
           ------=====:    \/\/   \/\/   _:_   \/    :=====---------
         ------=======:           __           __    :=======---------
      -------=========:    :\ :  :__  \    /  :_     :=========---------
    -------===========:    : \:  :__   \/\/   __:    :===========---------
      -------=========:                              :=========---------
         ------=======:   Volume:     Issue:         :=======---------
           ------=====*_          (Date)            _*=====---------

                             Stop the Hack Attack
                          by Bethnal the Black 2@5465

          A recent rash of WWIV Hacking in the Montreal area has shown me
    that there are too many SysOps who are not taking the right precautions
    to make their systems safe and secure.
          Simple things, like backups, seem foreign to most SysOps, but
    this is the first line of defense against a crash, hacked or otherwise.
    Regular backups need not be a time consuming activity.  Once the
    initial system backup has been done, incremental backups of the disk
    may take as little as 10 minutes.  Backing up to disk may not be the
    most enjoyable task, but it isn't life threatening either.  It may save
    you quite a bit of time and trouble later.
          Once you have the backup situation covered, you can start doing
    things that will ensure that you will never have to use those disks.
          The first step is to protect yourself from yourself!  Ever
    accidentally erase a file?  Not too difficult to do, really, but quite
    easy to prevent. DOS has provided a command called ATTRIB that allows
    you to set the Read-Only flag on any DOS file.  Start with COMMAND.COM,
    AUTOEXEC.BAT, CONFIG.SYS, BBS.COM, BBS.EXE and anything else that you
    can think of.  If these files are set as Read-Only they cannot be
    deleted accidentally or clobbered by some vicious hacker. Protecting
    COMMAND.COM also has the added benefit of stopping a large number of
    virii from infecting your system.
          If we look specifically at the most recent Hack making the rounds
    (the PKUNZIP extraction hack), we can use a feature of the INIT.EXE
    program.  Simply restrict all Uploads to SysOp and check everything
    that comes into your board before making it available for download
    (and, therefore, Extractable-to-TEMP).  This is not always easy,
    especially if you get a lot of uploads, but it is the best way to
    insure safety from this particular hack.  Another good stopper for this
    one is Wayne Bell's UNZIP program.  Better yet, just remove the extract
    option all together, has anyone ever used it?
          I think it is also important to remember one of the basic rules
    of computer security: change your passwords (your's and the System's)
    regularly.  This practice applies to all your users and should be
    enforced for your high access accounts.  Also, don't give your system
    password to anybody that you don't know (or can't kill), and, even
    then, only if ABSOLUTELY necessary.  If you never log onto your BBS
    remotely, make your password totally random, so that even you wouldn't
    know it.
          Voice validation is another way of ensuring that your users act
    responsibly (you have their phone number and they know it).  It doesn't
    have to be a 20 minute conversation, either.  Just a quick chat to let
    him know what the BBS is all about and what you expect from him, as a
    user.  It gives the user the feeling of being wanted, and it gives you
    the chance to size him up and decide if he is someone who needs to be
    watched, or maybe even restricted.
          I realize that you have probably heard most of this stuff before,
    and some of you probably know more ways to protect your BBS from
    damage, but for the rest of you, I hope this has given you some insight
    into how you can protect that investment of time and effort that we all
    call "The Board".
          I invite, and appreciate, your comments.

                      FidoNet from a WWIVnet Perspective
                              East Bay Ray 1@9964

          The popularity of being a FidoNet gate to WWIVnet is growing
    rapidly these days.  Just check out a //NET listing and see how many
    node numbers are in the @600-@699 range.  However, many sysops are
    confused when they first plunge into FidoNet, because the two networks
    are indeed vastly different.  In this article I will address some of
    the major differences between FidoNet and WWIVnet, from a fundamental
    point of view.  It would take at least a book to do the same from a
    software point of view.
          First of all, you are not dealing with a single type of BBS
    software.  You are not even dealing with a single type of operating
    system, or computer.  There are FidoNet systems being run on DEC
    Rainbows, Ataris, Apples, as well as PCs running (other than MS-DOS)
    OS/2, UNIX, and PC-MOS.  You must realize this, because unlike WWIVnet,
    everybody doesn't run the same software, and most people will have
    different problems than you will.  Some FidoNet software is even
          Second, there are several different pieces of networking software
    available.  You don't just have one author and one set of programs to
    use, you have a diverse number of choices.  The software is mainly
    divided up into two categories:  mailers and messaging software.
          A mailer, also called a front-end, is a program that you run that
    connects you with other FidoNet systems.  With this mailer you can dial
    out and send FidoNet packets and files to other FidoNet systems, and
    receive them as well.  These mailers are also the driving force behind
    FREQing, or "File REQuesting".  Sysops that have heard of Snarf have an
    idea of what this is.  A mailer can call another mailer, and request a
    file.  It can also call that system and request a file.  All this is
    done in the same program.
          The second major portion of FidoNet software is the messaging
    software.  These programs are the ones that unARC or unZIP the packets
    received from the mailers, and put them into message directories.
    Surprised?  Yes, FidoNet got wise a long time ago and started sending
    compressed mail between systems.  Most FidoNet-compatible BBS systems
    can directly read the messages output by the messaging software.  WWIV
    sysop, however, must take an extra step to get the FidoNet mail to
    their boards.  This program is called NetSEX, and it will be explained
    in detail a little bit later in this article.
          The third major difference between FidoNet and WWIVnet is that
    mail is not as structured in FidoNet.  If you want to, and the other
    guy is not too excessively annoyed, you can connect to anyone you want
    to pretty much.  This practice isn't very smart, but it is a
    possibility.  Another, more realistic example is if you really want to
    get a piece of mail to someone across the country, then you can simply
    "Crash Mail" him.  This is a practice where, after you write the
    letter, you call his system directly and send him your letter.  It
    really speeds things up sometimes.
          Before I go any further, I wish to introduce some new terms.
    These are basically synonyms, but FidoNet terms nevertheless.
          The first is netmail, which e-mail, or net e-mail in WWIVnet.  In
    FidoNet, some regions have routed netmail, where you can send a piece
    of netmail to any place in the country, and it will go the longer, but
    cheaper route (much like WWIVnet).  In other regions, netmail must go
    directly to the destination system, or it goes not at all.
          The second term is echomail.  Echomail is synonymous with a
    WWIVnet post.  However, echomail "conferences" (net subs) are vastly
    different than WWIVnet ones.  FidoNet echomail conferences are, by
    WWIVnet standards, free-for-alls.  Although there are appointed
    moderators, these moderators have little knowledge of who is picking up
    their conference, and have little control over who it goes to.
          Another FidoNet concept that cannot be used currently in WWIVnet
    is message threading, or reply-chaining.  This technique employed by
    most BBS systems to some degree allows all the posts relating to the
    same topic to be read at the same time, regardless of when they were
    posted.  This makes reading messages infinitely easier on the reader.
          NODELIST.  This file is a huge file that contains a listing of
    all the FidoNet systems currently in the network, yet it IS NOT
    distributed on any basis, regular or irregular.  Since it is close to a
    megabyte (around 9500 systems in FidoNet so far), it would be highly
    impractical to send this file out.  Those poor 300 (yes, there are a
    couple) and 1200 baud systems would spent their entire weeks just
    downloading the NODELIST.  Instead, weekly NODEDIFFs are distributed in
    compressed format (ARC, ZIP, LZH, etc.).  A NODEDIFF file contains the
    difference between last weeks NODELIST and this week's.
          That is about all I can think of at the present time.  Besides
    NetSEX (the utility required to interface WWIV and FidoNet, available
    as NETS100.ZIP), I have pretty much left FidoNet software untouched.
    Hopefully in some future issues some of the people in WWIVnet who know
    more about FidoNet software will write some reviews.  Heavy 7, Benny
    Hill, Pierre Tremblay, Darkster, Otto (grin)...

                               The Pending File
                           (Tips, Tricks, and News)
                               by WWIVNEWS Staff

    Wayne Bell, due to the recent upsurge of hack paranoia, has released a
    PKUNZIP front end called UNZIP.  This program scans all the files in a
    ZIP before extraction, and if there is a suspicious file present, it
    will bar extraction from that ZIP completely.  It looks for directory
    denotations ("\" and "/"), PKZIP and PKUNZIP, UNZIP, and a couple other

    Black Dragon 1@2380 has released a new version of his Network Editor
    (NETEDIT).  Here are the release notes from the v1.28 READ.ME file:
              The search command now allows more than just a BBS name
         match.  This command has been expanded to search similiarly
         to WWIV v4.07's //UEDIT search command.  In addition, for the
         registered version, the network may now analyze around any
         temporarily disabled node.  The analyze routine was fixed
         with respect to CALLOUT.NET entries which were listed as
         receive only. Lastly, some menus were redone.

    -I- have released a Windows 3.0 PIF and icon (along with a short doc
    file detailing running WWIV and Windows) as WW4WNDWS.ZIP.  I am sorry
    to say, however, that Wayne -hates- Windows with a passion, so I doubt
    there is much hope of a Windows-aware WWIV anytime.

                              The Editor's Corner
                            by East Bay Ray 1@9964

          Hello again, cowboys, cowgirls, and cowneuters.  This is another
    fun-filled issue of WWIVNews.  This month's editor's corner is devoted
    to begging.  I am begging for some submissions.  Even human interest
    stories are OK, as long as the relate to WWIV or the BBS industry
    somehow.  For example, if you consider your dog or cat as a co-sysop,
    write it up!  If you have an opinion on the "I've fallen and I can't
    get up!" commercial, and it relates to WWIV, write it up!  We need some


    WWIV (c) 1988 by Wayne Bell.
    All other products mentioned are either registered trademarks or
      copyrighted by their respectives manufacturers.

                                    The End