Computer underground Digest Wed Jan 19 1994
Computer underground Digest Wed Jan 19 1994 Volume 6 : Issue 08
ISSN 1004-042X
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Archivist: Brendan Kehoe (Improving each day)
Acting Archivist: Stanton McCandlish
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Ian Dickinson
Copy Edselator: H. E. Ford
CONTENTS, #6.08 (Jan 19 1994)
File: 1--Proposed Computer-related Sentencing Guidelines/Hearings
File: 2--Re: Cu Digest, #6.07: CPSR lives down from my expectations (#1)
File: 3--Re: Cu Digest, #6.07: CPSR lives down from my expectations (#2)
File: 4--"Terminal Compromise" by W. Schwartau (Book Review)
File: 5--Pit Stops Along The Info Turnpike
File: 6--FBI Pushes for Enhanced Wiretap Capabilities
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically from tk0jut2@mvs.cso.niu.edu. The
editors may be contacted by voice (815-753-0303), fax (815-753-6302)
or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115.
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on the PC-EXEC BBS at (414) 789-4210; and on: Rune Stone BBS (IIRG
WHQ) (203) 832-8441 NUP:Conspiracy; RIPCO BBS (312) 528-5020
CuD is also available via Fidonet File Request from 1:11/70; unlisted
nodes and points welcome.
EUROPE: from the ComNet in LUXEMBOURG BBS (++352) 466893;
In ITALY: Bits against the Empire BBS: +39-461-980493
ANONYMOUS FTP SITES:
AUSTRALIA: ftp.ee.mu.oz.au (128.250.77.2) in /pub/text/CuD.
EUROPE: ftp.funet.fi in pub/doc/cud. (Finland)
UNITED STATES:
aql.gatech.edu (128.61.10.53) in /pub/eff/cud
etext.archive.umich.edu (141.211.164.18) in /pub/CuD/cud
ftp.eff.org (192.88.144.4) in /pub/Publications/CuD
halcyon.com( 202.135.191.2) in mirror2/cud
ftp.warwick.ac.uk in pub/cud (United Kingdom)
KOREA: ftp: cair.kaist.ac.kr in /doc/eff/cud
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Wed, 19 Jan 94 15:19:21 PST
From: CuD Moderators <cudigest@mindvox.phantom.com>
Subject: File 1--Proposed Computer-related Sentencing Guidelines/Hearings
((MODERATORS' NOTE: CuD 6.05 reported EFF's contributions to the
proposed sentencing guidelines amending penalties for computer
infractions. Below is the notice of public hearings and the text of
the proposed computer-related modifications. The entire text can be
obtained from the EFF archives ftp.eff.org in the
pub/EFF/Issues/Legal/sentencing.amendment directory)).
FEDERAL REGISTER
VOL. 58, No. 243
Notices
UNITED STATES SENTENCING COMMISSION
Sentencing Guidelines for United States Courts
Part V
58 Fed. Reg. 67522
DATE: Tuesday, December 21, 1993
ACTION: Notice of proposed amendments to sentencing guidelines, policy
statements, and commentary; request for public comment. Notice of hearing.
SUMMARY: The Commission is considering promulgating certain amendments to
the sentencing guidelines, policy statements, and commentary. The proposed
amendments and a synopsis of issues to be addressed are set forth below.
The Commission may report amendments to the Congress on or before May 1,
1994. Comment is sought on all proposals, alternative proposals, and any
other aspect of the sentencing guidelines, policy statements, and
commentary.
DATES: The Commission has scheduled a public hearing on these proposed
amendments for March 24, 1994, at 9:30 a.m. at the Education Center
(concourse level), South Lobby, Thurgood Marshall Federal Judiciary
Building, One Columbus Circle, NE., Washington, DC 20002-8002.
Anyone wishing to testify at this public hearing should notify Michael
Courlander, Public Information Specialist, at (202) 273-4590 by March 10,
1994.
Public comment, including written testimony for the hearing, should be
received by the Commission no later than March 18, 1994, to be considered
by the Commission in the promulgation of amendments due to the Congress by
May 1, 1994.
ADDRESSES: Public comment should be sent to: United States Sentencing
Commission, One Columbus Circle, NE, Suite 2-500, South Lobby, Washington,
DC 20002-8002, Attention: Public Information.
FOR FURTHER INFORMATION CONTACT: Michael Courlander, Public Information
Specialist, Telephone: (202) 273-4590.
SUPPLEMENTARY INFORMATION: The United States Sentencing Commission is an
independent agency in the judicial branch of the United States Government.
The Commission is empowered under 28 U.S.C. 994(a) to promulgate sentencing
guidelines and policy statements for federal sentencing courts. The statute
further directs the Commission to review and revise periodically guidelines
previously promulgated and authorizes it to submit guideline amendments to
the Congress no later than the first day of May each year. See 28 U.S.C.
994(o), (p).
Ordinarily, the Administrative Procedure Act rule-making requirements
are inapplicable to judicial agencies; however, 28 U.S.C. 994(x) makes the
Administrative Procedure Act rulemaking provisions of 5 U.S.C. 553
applicable to the promulgation of sentencing guidelines by the Commission.
The proposed amendments are presented in one of three formats. First,
the majority of the amendments are proposed as specific revisions of a
guideline, policy statement, or commentary. Second, for some amendments,
the Commission has published alternative methods of addressing an issue,
shown in brackets. Commentators are encouraged to state their preference
among listed alternatives or to suggest a new alternative. Third, the
Commission has highlighted certain issues for comment and invites
suggestions for specific amendment language.
Section 1B1.10 of the United States Sentencing Commission Guidelines
Manual sets forth the Commission's policy statement regarding retroactivity
of amended guideline ranges. Comment is requested as to whether any of the
proposed amendments should be made retroactive under this policy statement.
Although the amendments below are specifically proposed for public
comment and possible submission to the Congress by May 1, 1994, the
Commission emphasizes that it welcomes comment on any aspect of the
sentencing guidelines, policy statements, and commentary, whether or not
the subject of a proposed amendment.
The amendments below are derived from a variety of sources, including:
monitoring and hotline data, case law review, and the recommendations of
the Judicial Conference of the United States, Department of Justice,
Federal and Community Defenders, Practitioners' Advisory Group, Probation
Officers' Advisory Group, American Bar Association Sentencing Guidelines
Committee, Families Against Mandatory Minimums, individual judges,
probation officers, attorneys, and others. Publication of a proposed
amendment or issue for comment reflects only the Commission's determination
that the amendment or issue is worthy of public comment.
As a resource when considering the proposed amendments, working group
reports prepared by Commission staff are available for inspection at
Commission offices or off-site duplication. The reports contain empirical
and legal sentencing research focusing on (1) money laundering offenses;
(2) computer-related offenses; (3) public corruption offenses; and (4)
controlled substance offenses/role in the offense. Contact the Commission's
public information specialist at (202) 273-4590 for details.
Authority: 28 U.S.C. Section 994(a), (o), (p), (x).
William W. Wilkins, Jr.,
Chairman.
Computer-Related Offenses
Chapter Two, Parts B (Offenses Involving Property) and F (Offenses
Involving Fraud or Deceit)
1. Synopsis of Proposed Amendment: This amendment adds Commentary to
SectionSection 2B1.1 (Larceny, Embezzlement, and Other Forms of Theft;
Receiving, Transporting, Transferring, Transmitting, or Possessing Stolen
Property), 2B1.3 (Property Damage or Destruction), and 2F1.1 (Fraud and
Deceit; Forgery; Offenses Involving Altered or Counterfeit Instruments
Other than Counterfeit Bearer Obligations of the United States) to address
harms that may be significant in computer-related cases but not adequately
accounted for by the loss table. In addition, this amendment revises
Appendix A (Statutory Index) for violations of 18 U.S.C. 1030 to reference
the offense guidelines that most appropriately address the underlying
harms.
Proposed Amendment: The Commentary to Section 2B1.1 captioned
"Application Notes" is amended by inserting the following additional note:]
"15. In cases in which the loss determined under subsection (b)(1) does
not fully capture the harmfulness and seriousness of the conduct, an upward
departure may be warranted. For example, an upward departure may be
warranted if the offense involved a substantial invasion of a privacy
interest. Although every violation of 18 U.S.C. Section 1030(a)(2)
(intentional, unauthorized access of financial or credit card information)
constitutes an invasion of a privacy interest, the Commission does not
consider each such invasion to be a substantial invasion of a privacy
interest. When the primary purpose of the offense was pecuniary, a sentence
within the applicable guideline range ordinarily will be sufficient. By
contrast, an upward departure may be warranted if the financial records of
a particular individual were accessed for a non-pecuniary motive.".
The Commentary to Section 2B1.3 captioned "Application Notes" is amended
in Note 4 by inserting "or interference with a telecommunications network"
immediately before "may cause".
The Commentary to Section 2B1.3 captioned "Application Notes" is amended
by inserting the following additional note: [*67523]
"5. In a case in which a computer data file was altered or destroyed,
loss can be measured by the cost to restore the file. If a defendant
intentionally or recklessly altered or destroyed a computer data file and,
due to a fortuitous circumstance, the cost to restore the file was
substantially lower than the defendant could reasonably have expected, an
upward departure may be warranted. For example, if the defendant
intentionally or recklessly damaged a valuable data base, the restoration
of which would have been very costly but for the fortuitous circumstance
that, unknown to the defendant, an annual back-up of the data base had
recently been completed thus making restoration relatively inexpensive, an
upward departure may be warranted.".
The Commentary to Section 2F1.1 captioned "Application Notes" is amended
in Note 10 by deleting the period at the end of subdivision (f) and
inserting in lieu thereof a semicolon; and by inserting the following
additional subdivisions:
"(g) the offense involved a substantial invasion of a privacy interest;
(h) the offense involved a conscious or reckless risk of harm to a
person's health or safety.".
Appendix A (Statutory Index) is amended in the line beginning "18 U.S.C.
1030(a)(2)" by deleting "2F1.1" and inserting in lieu thereof "2B1.1"; in
the line beginning "18 U.S.C. 1030(a)(3)" by deleting "2F1.1" and inserting
in lieu thereof "2B2.3"; and in the line beginning "18 U.S.C. Section
1030(a)(5)" by deleting "2F1.1" and inserting in lieu thereof "2B1.3".
------------------------------
Date: Mon, 17 Jan 94 15:21:28 -0800
From: erikn@GOLDFISH.MITRON.TEK.COM(Erik Nilsson)
Subject: File 2--Re: CuD, #6.07: CPSR lives down from my expectations (#1)
I would like to respond to Bryce Eustace Wilcox's article in CUD
#6.07, entitled "CPSR lives down from my expectations."
Wilcox sez CPSR is:
> a radical socialist/welfare-state lobby with a thinly veiled and
> very active political agenda.
Strong words, Bryce. As a CPSR member, I do not find that these words
fit CPSR. CPSR isn't a socialist/welfare-state lobby, and there is
_nothing_ veiled about our agenda. However, I won't microanalize your
charges against CPSR, but rather fulfill your stated request: more
information on what CPSR is and what CPSR stands for.
The first thing to know about CPSR is that we discuss alot. CPSR is
primarily composed of highly motivated and in many cases highly
opinionated individuals, one of whom is Jim Davis and another of whom
is me. Periodically, CPSR will be wracked by discussion on what
CPSR's prioities should be. This is healthy and generally works out
pretty well, and means that even one CPSR member, if they make a well
reasoned argument, can ultimately sway the course of the entire
organization.
This has happened several times: when CPSR broadened its focus from
computerized weapons systems to civil liberties and more computer use
issues, and again when a small group in Seattle got CPSR directly
involved in organizing and developing community networks, bringing the
on-line world to the neighborhood.
> CPSR is not simply a cyberspace civil rights lobby
Damn strait. CPSR has other areas of concern, but our work on civil
liberties for the on-line community has been very effective. More to
the point, CPSR is not primarily a lobby organization at all, but an
educational organization. To that end, we present all kinds of
viewpoints in our newsletters, public forums, and so on. These are
the views of our members or others, which, just like any college class
or company department, cover a thankfully broad chunk of the political
spectrum.
We also file FOIA suits against government agencies who won't tell
Americans things that by law they must tell us. I don't imagine that
makes CPSR very popular with the NSA, the National Security Council,
or the FBI, but I'm not sure that bothers me very much.
I'm not a board member, so I can't speak with authority on CPSR's
position on cyberspace, but my understanding of CPSR's position is as
follows:
If we look at how telephones have worked out, there have been positive
and negative points. One positive point is that almost everybody has
one, and in fact has access to one pretty much whenever they need one.
Another good point is that, in theory, your telephone call is private.
Not only does no one else (who doesn't have a warrant) have the right
to listen to your call, they don't have a right to even know the call
existed.
One bad point is that each phone is hooked up to one LEC, and if the
LEC is a goof (or, worse, you're using a COCOT, which all seem to be
run by goofs), then you will have shitty service, and may not even be
able to do what you wanted to do with the telephone.
Furthermore, "regulated" monopolies have pretty much guaranteed that
LECs will be goofy.
The current NII slamdance may take care of the monopoly part, although
it bears watching, remember the COCOTS. It would be a pity, however,
if in finally untangling ourselves from Ma Bell's local loop apron
strings, we somehow lose universal service. What good is all this
whizzy new bandwidth, if you can't afford it, or even if you win the
lottery, your friends can't afford it, so you can't visit them in
cyberspace?
Equally troubling, the FBI is now publicly and agressively demanding
that the entire telecommunications infrastructure be modified, at
untold expense, for automated wiretaps of _everything_ for voice and
data. In a sense the FBI proposes to bug every car on the information
highway, causing nothing but grief. Really, the proposed "new rules"
are ludicrously broad. BBSs would appear to be covered, as are
private networks. Running a little Appletalk net at home for
printing? Better order that FBI-use-only dial-in line damn snappy,
unless you want an in-depth field-trip through the criminal justice
system.
The FBI's actions combined with continuing BBS raids point out the
extreme lack of regard in some quarters for civil liberties in
cyberspace. Naturally, CPSR takes exception to these developments.
CPSR's research and testimony was instrumental in keeping the FBI from
creating a "suspect" database in the NCIC (a database of "suspicious"
people who had never been charged with a crime), so we're comfortable
tangling with the G-Men, and well-positioned to resist these
disturbing developments.
Here are some official words on CPSR:
------------------------------------------------------------------------
************************************************************************
COMPUTER PROFESSIONALS FOR SOCIAL RESPONSIBILITY
************************************************************************
The mission of CPSR is to provide the public and policymakers
with realistic assessments of the power, promise, and problems of
information technology. As concerned citizens, CPSR members
work to direct public attention to critical choices concerning the
applications of information technology and how those choices affect
society.
Founded in 1981 by a group of computer scientists concerned about
the use of computers in nuclear weapons systems, CPSR has grown
into a national public-interest alliance of information technology
professionals and other people. Currently, CPSR has 22 chapters in
the U.S. and affiliations with similar groups worldwide. In addition
to our National Office in Palo Alto, California, we maintain an office in
Washington, D.C.
Every project we undertake is based on five principles:
o We foster and support public discussion of, and meaningful
involvement in, decisions critical to society.
o We work to correct misinformation while providing
understandable and factual analyses about the impact of societal
technology.
o We challenge the assumption that technology alone can solve
political and social problems.
o We critically examine social and technical issues within the
computer profession, both nationally and internationally.
o We encourage the use of information technology to improve
the quality of life.
************************************************************************
CPSR PROJECTS
************************************************************************
By sponsoring both national and local projects, CPSR serves as a
catalyst for in-depth discussion and effective action in key areas:
o The National Information Infrastructure
o Civil Liberties and Privacy
o Computers in the Workplace
o Technology Policy and Human Needs
o Reliability and Risk of Computer-Based Systems
In addition, CPSR's chapter-based projects and national working
groups tackle issues ranging from the implementation of Calling
Number ID systems to the development of nanotechnology and
virtual reality, from the use of computers in education to working
conditions for computer professionals, from community networks
to computer ethics.
------------------------------
Date: Sun, 16 Jan 1994 21:53:02 -0500 (EST)
From: The Advocate <tk0jut2@mvs.cso.niu.edu>
Subject: File 3--Re: CuD, #6.07: CPSR lives down from my expectations (#2)
Well i am glad to see the radical libertarian rush limbaugh reading
writer has dropped out of CPSR. otherwise he would have hung around
and like some bad avian from a poe story been crying out about
socialism all day.
I suppose the last time he used a pay phone out in the country he of
course paid 3 dollars to handle the cost of the wire out to whatever
cow patch he was in. And of course he pays in per mile to the state
for the roads he uses. And when he drives out of town, and gets a
soda, he of course pays the true market cost for the electricity to
cool that.
And when he flies out of those crappy western airports he of course
throws a few dollars to the Air Traffic controllers along the way.
We live in a society. sometimes we decide that certain items are
public necessities. Consequently we decide to make them available to
all without regards to means or geography. It's why we are a
democracy. IF he doesn't like it, i suggest he move to hong kong.
he may be happier there.
------------------------------
Date: 16 Jan 1994 00:47:44 -0600
From: ROBERTS%DECUS@MIMAS.ARC.AB.CA(Rob Slade, Ed. DECrypt & ComNet,
Subject: File 4--"Terminal Compromise" by W. Schwartau (Book Review)
Terminal Compromise (by Wynn Scwhartau)
PUBLISHER:
Inter.Pact Press
11511 Pine St. N.
Seminole, FL 34642
813-393-6600
fax: 813-393-6361
"Terminal Compromise", Schwartau, 1991, 0-962087000-5, U$19.95/C$24.95
wschwartau@mcimail.com p00506@psi.com
"Terminal Compromise" was first published in 1991, and was
enthusiastically promoted by some among the security community as the
first fictional work to deal realistically with many aspects of data
communications and security. Although still available in that form,
recently is has been "re-issued" in a softcopy "shareware" version on
the net. (It is available for ftp at such sites as ftp.uu.net,
ftp.netsys.com, soda.berkeley.edu and wuarchive.wustl.edu. Use archie
to look for TERMCOMP.) Some new material has been added, and some of
the original sections updated. Again, it has been lauded in postings
on security related newsgroups and distribution lists.
Some of you may be old enough to recall that the characters current in
"Outland" sprang from a previous Berke Breathed cartoon strip called
"Bloom County". Opus, at one point, held the post of movie reviewer
for the "Bloom County Picayune". I remember that one of his reviews
started out, "This movie is bad, really bad, abominably bad, bad, bad,
bad!" He considers this for a moment, and then adds, "Well, maybe not
*that* bad, but Lord! it wasn't good!"
A fairly large audience will probably enjoy it, if such trivialities
as language, characterization and plot can be ignored. For once the
"nerds" don't get beat on; indeed, they are the heroes (maybe). The
use of computers is much more realistic than in most such works, and
many ideas that should have greater currency are presented. The book
will also appeal to paranoiacs, especially those who believe the US
federal government is out to get them.
Consistency is the hobgoblin of little minds -- but it does make for a
smoother "read". "Terminal Compromise" would benefit from a run
through a style checker ... and a grammar checker ... and a spelling
checker. Constructions such as "which was to be the hypocenter of the
blast if the Enola Gay hadn't missed its target" and "National Bureau
of Standards which sets standards" are understandable, although
awkward. In other places it appears words might be missing, and you
have to read over sentences several times to puzzle out the meaning.
(The softcopy/shareware version comes off a little worse here, with
fragments of formatting codes left in the text.)
On second thought, forget the spelling checker. Most of the words are
spelled correctly: they are simply *used* incorrectly. A reference to
an "itinerant professional" has nothing to do with travelling. (Maybe
he meant "consummate": I couldn't think of a synonym starting with
"i".) The "heroine" trade was probably intended to refer to white
powder rather than white slavery. There are two automobile "wreak"s.
"Umbrage" is used twice. An obscure seventeenth century usage did
once refer to shelter given by islands to a harbour, but it's
stretching the language a bit to make it refer to a covering for the
naughty bits. Umbrage usually refers to offence, suspicion, doubt or
rage, as in "I take umbrage at what I suspect is a doubtful use of the
language".
Characterization? There isn't any. The major characters are all
supposed to be in their forties: they all, including the President of
the United States, speak like unimaginative teenage boys whose
vocabulary contains no adjectives other than obscenities. This makes
it difficult at times to follow the dialogue, since there are no
distinctives between speakers. (The one exception is the president of
a software firm who makes a successful, although surprising,
translation from "beard" to "suit", and is in the midst of the most
moving and forceful speech in the book, dealing with our relationship
to computers, when the author has him assassinated.)
The book is particularly hard on women. There are no significant
female characters. None. In the initial introduction and background
of the hero there is no mention of a significant other. It is
something of a shock later to discover he is married, then that he is
divorced. Almost all of the females are simply bedroom furniture.
The portrayals remind one of the descriptions in "Don Quixote" of
women "so gay, striking and beautiful that the sight of her impressed
them all; so vividly that, if they had not already seen [the others],
they would have doubted whether she had her match for beauty".
Which raises another point. All of the hackers, except some of the
Amsterdam crew, are fit, athletic and extremely attractive to the
female of the species. Even among the I-Hack crowd, while there may
be some certifiable lunatics, nobody is unkempt or unclean. These
urbane sophisticates drink "Glen Fetitch" and "Chevas" while lounging
in "Louis Boston" suits on "elegant ... PVC furniture". Given that
the hackers save the day (and ignoring, for the moment, that they
caused the trouble in the first place) there seems to be more than a
touch of wish fulfillment involved.
(Schwartau tries to reiterate the "hackers aren't evil" point at every
opportunity. However, he throws away opportunities to make any
distinctions between different types of activities. Although the
different terms of phreaks, hackers and crackers are sprinkled
throughout the story they are not well defined as used by the online
community. At one point the statement is made that "cracking is
taking the machine to its limit". There is no indication of the
divisions between phreaks, hackers and crackers within their various
specialties, nor the utter disdain that all three have for virus
writers. Cliff Stoll's "Hanover (sic) Hacker", Markus Hess, is
described as a "well positioned and seemingly upstanding individual".
This doesn't jibe with Stoll's own description of a "round faced,
slightly overweight ... balding ... chain smoking" individual who was
"never a central figure" with the Chaos Computer Club, and who, with a
drug addict and a fast buck artist for partners "knew that he'd
screwed up and was squirming to escape".)
What little character is built during the story is unsteady. The
author seems unable to decide whether the chief computer genius is one
of the good guys or the bad. At times he is mercenary and
self-centred; at others he is poetic, eloquent and visionary; in yet
other scenes he is mentally unbalanced. (He also appropriates the
persona and handle of another hacker. We are never told why, nor are
we ever informed of what happened to the original.) Following the
characters isn't made any easier by the inconsistency of naming: in
the space of five paragraphs we find that our hero, Scott Byron Mason
(maybe) is the son of Marie Elizabeth Mason and Louis Horace Mason.
Or possibly Evelyn Mason and Horace Stipton Mason. The main academic
studying viral programs is Dr. Les (or Arnold) Brown (or Sternman) who
is a professor at Sheffield (or MIT). (Interestingly, there is an
obvious attempt to correct this in the later "softcopy" version of the
book. At times the "corrections" make the problem worse.)
For a "thriller", there is very little tension in the story. The
unveiling of the plot takes place on a regular step by step basis.
There is never any hint that the hero is in the slightest personal
danger: the worst that happens is that one of his stories is quashed.
Indeed, at the end of the book the computer attacks seem basically all
to have succeeded, credit card companies are bankrupt, banks are in a
mess, airlines are restricted, phone systems are unreliable and the
bad guys are in charge. Yet our heroes end up rich and happy on an
island in the sun. The author seems to be constantly sounding the
alarm over the possibility of this disaster, but is unwilling,
himself, to face the tremendous personal suffering that would be
generated.
Leaving literary values aside, let us examine the technical contents.
The data security literate will find here a lot of accurate
information. Much of the material is based on undisputed fact; much
of the rest brings to light some important controversies. We are
presented with a thinly disguised "Windows", a thinly disguised Fred
Cohen (maybe two?), a severely twisted Electronic Freedom Foundation
and a heavily mutated John Markoff. However, we are also presented
with a great deal of speculation, fabrication and technical
improbabilities. For the technically adept this would be
automatically disregarded. For the masses, however (and this book
seems to see itself in an educational light), dividing the wheat from
the chaff would be difficult if not impossible.
As with names, the author appears to have problems with the
consistency of numbers. In the same paragraph, the softcopy version
has the same number quoted as "over 5000", "almost 5000" and "three
thousand". (It appears to have been "corrected" or updated from the
original version without reading the context). A calculation of the
number of hackers seems to be based upon numbers pulled out of the
air, and a computer population an order of magnitude larger than
really exists. The "network", seemingly referring to the Internet,
has a population two orders of magnitude too large. Four million
legal copies, with an equal number of pirate copies, of a virus
infected program apparently result in only "between 1 and 5 million"
infections. (I *knew* a lot of people had bought Windows but never
used it!) Not the most prolific virus we've ever seen.
Schwartau seems uncertain as to whether he wants to advertise real
software or hide it. At various times the characters, incessantly
typing to each other across the (long distance) phone lines use
"xtalk" (the actual filename for Crosstalk), "ProCom" (ProComm,
perhaps?), "ComPro" and "Protalk". They also make "4800 BAUD"
connections (technically unlikely over voice grade lines, and even if
he meant "bits per second" 4800 is rather an odd speed) and
communicate with "7 bits, no parity, no stop bits" parameter settings.
(The more common parameter settings are either 8 bits, no parity or 7
bits, even parity. You *must* have stop bits, usually one. And to
forestall the obvious criticism, there is no indication in the book
that a "non-standard" setting is being used for security reasons.)
We are, at places in the text, given detailed descriptions of the
operations of some of the purported viral programs. One hides in
"Video RAM". Rather a stupid place to hide since any extensive video
activity will overwrite it. (As I recall, the Proto-T hoax, which was
supposed to use this same mechanism, started in 1991. Hmmm.) Another
would erase the disk the first time the computer was turned on, which
leads one to wonder how it was supposed to reproduce. (This same
program was supposed to be able to burn out the printer port
circuitry. Although certain very specific pieces of hardware may fail
under certain software instructions, no printer port has ever been
numbered among them.) One "hidden file" is supposed to hide itself by
looking like a "bad cluster" to the system. "Hidden" is an attribute
in MS-DOS, and assignable to any file. A "bad cluster" would not be
assigned a file name and therefore would never, by itself, be executed
by any computer system. We also have a report of MS-DOS viri wiping
out a whole town full of Apple computers.
Schwartau is not averse to making up his own virus terminology, if
necessary. ("Stealth" is also reported as a specific virus.) At one
point the book acknowledges that viral programs are almost invariably
detected within weeks of release, yet the plot relies upon thousands
of viri remaining undetected for years. At another point the use of
"radio broadcasts" of viral programs to enemy systems is advocated,
ignoring the fact that the simplest error checking for cleaning
"noise" from digital radio transmissions would eliminate such
activity.
A number of respected security experts have expressed approval of
"Terminal Compromise". This approbation is likely given on the basis
that this book is so much better than other fictional works whose
authors have obviously had no technical background. As such the
enthusiasm is merited: "Terminal Compromise" raises many important
points and issues which are currently lost on the general public.
Unfortunately, the problems of the book, as a book, and the technical
excesses will likely restrict its circulation and impact. As a
fictional work the lack of literary values are going to restrict both
its appeal and longevity. As an exhortative or tutorial work, the
inability to distinguish between fact and fiction will reduce its
value and effectiveness in promoting the cause of data security.
copyright Robert M. Slade, 1993 BKTRMCMP.RVW 931002
------------------------------
Date: Sun, 16 Jan 94 20:58:18 PST
From: David.Batterson@F290.N105.Z1.FIDONET.ORG(David Batterson)
Subject: File 5--Pit Stops Along The Info Turnpike
Pit Stops Along The Info Turnpike
by David Batterson
Following are some thoughts gathered about the [and I'm getting
sick of hearing the term] Information Superhighway, and some products
that hope to catch some of the road travel business.
AT&T is obviously bullish on the future, and not only because it
offers long distance phone service. It now owns EO, Inc. (which makes
the EO Personal Communicator, the expensive cousin to Apple's Newton),
as well as Pensoft Corp., which makes EO's Perspective information
management software.
The EO Personal Communicator hasn't exactly taken the world by
storm, but then again, the Newton hasn't either. John Sculley puffed
his chest and crowed how the Newton was going to take off like a
rocket; then Sculley shot off the launch pad instead.
I've been trying to get an EO review unit since last summer, and
still no luck yet. I could go buy one at one of 351 Office Depot
superstores if I had the spare change, but I don't. 8^/
The CEO of EO is Alain Rossmann, who helped found C-Cube, Inc. (a
market leader in digital still image and digital video compression
technologies), and he was also a co-founder of Radius, Inc. Besides
having an MBA, Rossmann has Masters degrees in civil engineering, math
and physics.
Rossmann said that "Pensoft has developed a breakthrough product
with Perspective, and simultaneously created a data environment that
allows customers with AT&T EO Personal Communicators to retrieve,
store and manage a rich fabric of information from stock quotes and
airline schedules to multimedia data." He adds that "Pensoft's data
architecture, combined with EO's wireless access to the nation's
information superhighway [whoop, there it is again!] is a powerful
enabler for content publishing."
Even though EO user get a free subscription to AT&T Mail, nowhere
in the EO presskit is there any e-mail address for the company.
Ironically, the EO spec sheet is headlined: "Always in Touch." Yeah,
but I guess it's a carefully guarded secret how to reach them online.
Wouldn't want to bother them with questions or anything, would we?
Joel Silberman, Marketing Manager, Wireless Networking Group at
National Semiconductor Corp., continues the line of thinking about
PDAs. "The next generation of PDAs, hand-held terminals, subnotebooks
are clearly on track to providing end users good tools on which to
conveniently work," Silberman told me recently. "Wireless solutions
such as WLAN cards, messaging/paging cards, and Personal Wireless
Systems (like National Semiconductor's AirShare radio modules used
with Traveling Software's new LapLink Wireless) are enabling
technologies which when coupled with user-friendly software
applications (such as LapLink) provide end users unparalleled
convenience in accessing and sharing information on our new PDAs," he
said.
Silberman added that "new applications will allow for more
reliable data collection and tracking, more productive doctors and
nurses, and customer service and convenience that will drive the
adoption of computers becoming consumer products." He thinks that
"AirShare is significant because it brings the concept of personal,
cordless wireless systems on the scene." and it will "set the stage
for a host of products" that permit "a reliable way of sharing data in
a local area while remaining mobile."
Silberman likes the idea that "the information comes to me
instead of me going to the data." If you want to send Silberman
information, try: tjossc@tevm2.nsc.com.
Mark Eppley, CEO of Traveling Software, isn't shy about
expressing an opinion either. He e-mailed me that "basically, in
terms of true consumer wireless on and off ramps to this much
publicized info hwy, we are NOT there yet. I like using the auto
industry to help explain where wireless technology is today."
"There were two primary inventions that had a dramatic impact on
making the automobile a widely used consumer product," Eppley said.
"The first was the electric starter which became common place around
1921. We are now seeing the equivalent of 'electric starters' in the
new crop of PDAs and portables with PCMCIA wireless card options."
Eppley said "the second event that expanded the acceptance of the
auto, was the automatic transmission in 1942. This is exactly what we
need for the wireless data industry to take off. LapLink Wireless is
really the first such automatic transmission. It's the first product
that will automatically accomplish data communications by the mere
fact of walking within range of the radio transceivers," he said.
Right now, even though many of us--including journalists--get a
lot of data via our fax machines and fax modems, how do we extract it
for further use? I sure don't like retyping anything if I can help
it. And until more PR agencies and in-house departments get
up-to-speed on e-mail, then we'll just have to use fax software with
OCR capability.
I've been testing FaxWorks Pro 3.0 for several months now, and
find it serves my faxing needs quite well. Its OCR feature converts
text to all the popular word processing formats or to plain ASCII
text. Below is the exact text read by the FaxWorks OCR module, from a
fax of CuD information:
Computer underground Digest is a weekly electronic journal/newsletter.
Sub5cription5 are available free via e-mail from tkOjut2@mv5.c5o.niu.edu.
The editor5 ma!j be contacted b!j voice (815-753-0303), FAX (815-753-G302)
or 5nailmail at: Jim Thoma5, Department of Sociology, NIU, DeKalb, IL
60115.
As you'll see, the FaxWorks OCR got everything right, except
reading some of the "s" characters as a "5" instead, and a "y"
character came out as "!j" for some reason. But with a quick search
and replace, you can fix those misreads easily. That's what good data
management today requires: quickness!
FaxWorks Pro is from SofNet, Inc. in Atlanta, no Internet address
was provided. Big surprise.
In spite of the media frenzy, the "data thoroughfare" is still a
long way off for most of us. Meanwhile most users are still dealing
with the Windows 3.1 communication bottleneck, which limits reliable
asynchronous data transfers above 19.2K bps.
Pacific CommWare has now released TurboCom/2, an update of its
drop-in replacement for the native Windows comm driver. It now takes
advantage of the 16550 UART (Universal Asynchronous
Receiver/Transmitter) chip used in the better 14.4K bps (and faster)
internal modems. [Your newer PC may also have 16550 UART serial
ports installed If not, you can upgrade.]
What does this mean? You can then have up to 115.2K bps speeds,
and support up to four high-speed serial ports simultaneously. And
TurboCom/2 Plus allows you to use up to NINE serial ports.
Will Windows 4.0 (aka the Chicago project) have new comm drivers
making it unnecessary to buy add-ons like TurboCom/2? Quite possibly.
Pam Edstrom, VP at Waggener Edstrom--Microsoft's PR firm--told me the
other day that the next Windows will have a "Vcom.36, 32-bit
communications driver, written as a virtual device" and it's "being
developed internally."
Pacific CommWare puts its e-mail addresses on its letterhead, so
I'll give them to you: 3445374@mcimail.com, or
71521.760@compuserve.com.
And last we look at another significant part of the Communique
Interstate: BBBs and the massive amount of messaging going on there.
The only way that users can deal with the glut of e-mail, public mail
and files is with offline mail readers.
I've tested and used a number of them including OffLine eXpress
(OLX), Blue Wave and VbReader. My current reader of choice is Silver
Xpress Off-Line Mail Reader, Ver. 4.0. It's not a Windows program,
although "a Windows version is coming this year," Andrea Santos at
Santronics Software told me.
Silver Xpress--a shareware program that's widely available on
BBSs--has many unique features not found in other mail readers. Many
more are in development, Santos told me, and the new product will be
called Gold Xpress. Silver Xpress has "in excess of 5,000
registrations," Santos said, "and we guess about 2-5% of users are
registering."
Santronics did list their BBS number (305-248-7815) but they
didn't list an Internet address, but luckily I had it already:
andrea.santos@f42.n105.z1.fidonet.org.
So there you have it: some very different companies and their
attempts to steer their way onto the {you know what], and extract a
few dollars from your digital bank account. Happy trails, travelers.
###
David Batterson has written for various computer publications, and
weekly newspapers, including WIRED, PC TODAY, ComputorEdge (San
Diego), WILLAMETTE WEEK (Portland), The Weekly News (Miami), and Bay
Area Reporter (S.F.). This article may be freely distributed for
noncommercial usage, but may not be published without permission.
Thank you in advance for your proper use.
* Evaluation copy of Silver Xpress. Day # 55
--- via Silver Xpress V4.00 [NR]
--
uucp: uunet!m2xenix!puddle!290!David.Batterson
Internet: David.Batterson@f290.n105.z1.fidonet.org
------------------------------
Date: Thu, 13 Jan 1994 21:29:44 EST
From: Alert@washofc.cpsr.org
Subject: File 6--FBI Pushes for Enhanced Wiretap Capabilities
Source: CPSR ALERT,Volume 3.01 January 13, 1994
FBI Pushes for Enhanced Wiretap Capabilities
In the past month, FBI officials have indicated publicly that they are
continuing to push for enactment of legislation to mandate the building
in of electronic surveillance capabilities into most telecommunications
equipment. In addition, there are also reports that the Department of
Justice is investigating the possibility of recommending changes in the
law to allow for military personnel and equipment to be used by law
enforcement for electronic surveillance of Asian speakers.
On December 8, FBI Director Louis Freeh spoke at the National Press
Club where he stated:
In order to keep up with the criminals and to protect our
national security, the solution is clear. We need legislation
to ensure that telephone companies and other carriers provide
law enforcement with access to this new technology.
Communications Daily reported that the FBI and the telecommunications
carriers have formed a working group to discuss the problem and that
the companies might implement the capabilities voluntarily. This
working group has met several times.
Scripps Howard News Service reported on December 5 that the Department
of Justice is considering proposing new legislation to allow the
military to assist with wiretaps of Asian suspects. Currently the
military is prohibited by the 1878 Posse Comitatus Act, which prohibits
the use of military personal and resources in civilian law enforcement
activities. It was amended in 1981 to allow for use of military
personal and equipment for advice and assistance in drug interdiction.
Freeh reportedly told Scripts Howard that "I think that if we had
access to 50 or 100 qualified linguists in the Asian language[s] we
could probably monitor by ten times our ability to do court-authorized
surveillances of Asian organized crime groups."
Civil liberties groups are concerned about the military conducting
domestic electronic surveillance, especially in light of the recent
disclosures by CPSR of the National Security Agency's role in the
development of the Digital Signature Standard and the Digital Telephony
Proposal.
Sources inside the administration indicate that the long awaited
inter-agency review of government encryption policy, including Clipper,
the Digital Telephony Proposal and export control is due out by the end
of January. The report is expected to be classified.
((CPSR ALERT can be obtained on-line from alert@washofc.cpsr.org))
------------------------------
End of Computer Underground Digest #6.08
************************************
Comments
Post a Comment