Computer underground Digest    Wed  Oct 14, 1998   Volume 10 : Issue 51
                           ISSN  1004-042X

       Editor: Jim Thomas (cudigest@sun.soci.niu.edu)
       News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)
       Archivist: Brendan Kehoe
       Shadow Master: Stanton McCandlish
       Shadow-Archivists: Dan Carosone / Paul Southworth
                          Ralph Sims / Jyrki Kuoppala
                          Ian Dickinson
       Field Agent Extraordinaire:   David Smith
       Cu Digest Homepage: http://www.soci.niu.edu/~cudigest

CONTENTS, #10.51 (Wed, Oct 14, 1998)

File 1--REVIEW: "Web Security Sourcebook", Aviel D. Rubin/Daniel Geer/Ma
File 2--REVIEW: "Bank of Fear", David Ignatius
File 3--REVIEW: "Management of Library and Archive Security", Robert K.
File 4--REVIEW: "Computer Crisis 2000", W. Michael Fletcher
File 5--REVIEW: "Decrypted Secrets", F. L. Bauer
File 6--REVIEW: "MCSE: The Core Exams in a Nutshell", Michael Moncur
File 7--REVIEW: "Introduction to Security Technologies", Michael P. Ress
File 8--REVIEW: "Blueprint to the Digital Economy", Don Tapscott/Alex Lo
File 9--Cu Digest Header Info (unchanged since 25 Apr, 1998)

CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION ApPEARS IN
THE CONCLUDING FILE AT THE END OF EACH ISSUE.

---------------------------------------------------------------------

Date: Fri, 18 Sep 1998 10:18:53 -0800
From: "Rob Slade, doting grandpa of Ryan and Trevor" 
Subject: File 1--REVIEW: "Web Security Sourcebook", Aviel D. Rubin/Daniel Geer/Ma

BKWBSCSB.RVW   980711

"Web Security Sourcebook", Aviel D. Rubin/Daniel Geer/Marcus J. Ranum,
1997, 0-471-18148-X, U$29.99/C$42.50
%A   Aviel D. Rubin rubin@bellcore.com
%A   Daniel Geer
%A   Marcus J. Ranum
%C   5353 Dundas Street West, 4th Floor, Etobicoke, ON   M9B 6H8
%D   1997
%G   0-471-18148-X
%I   John Wiley & Sons, Inc.
%O   U$29.99/C$42.50 416-236-4433 fax: 416-236-4448
%P   350 p.
%T   "Web Security Sourcebook"

As Steve Bellovin notes in the foreword, complexity and security are
antithetical.  To have a complete picture of the security of a single
transaction in World Wide Web activity one must consider the hardware
of the user, the operating system of the user, the client software of
the user, the hardware of the host, the operating system of the host,
the server software of the host, the base transport protocol, the
higher level (generally HTTP: the HyperText Transport Protocol)
protocol, the general structure of the network itself, and the various
forms of content.  To expect a short book to cover all of this
material is unrealistic.  The current work, however, is of
inconsistent quality and falls short even of a much reduced target.

Chapter one looks at basic Web history and technology plus a few
illustrative security loopholes.  While basic browser security
information is presented in chapter two, the presentation is
disorganized and seems to stress some relatively improbable risks.  On
the other hand, it does point out some important and little known
problems with Internet Explorer.  Advanced browser security lists a
good deal of misinformation about cookies (along with some real dope)
and discusses anonymous remailers in chapter three.

The discussion of scripting, in chapter four, is simplistic in the
extreme.  While I would personally agree with the assessment that
JavaScript and ActiveX are not worth the security hazards they
represent, these technologies deserve more than the terse dismissal
they receive in the text.  Java gets somewhat more detailed discussion
but the authors do not appear to distinguish between design factors
and specific implementation bugs limited to a given platform.  Server
security is limited to UNIX permissions in chapter five.  Chapter six
looks primarily at commercial cryptographic products, but without
having built a solid foundation for their effective use.  Scripting is
again reviewed in chapter seven, this time concentrating on (again)
UNIX CGI (Common Gateway Interface) programming for sanitizing input
from users.

The overview of firewall technologies in chapter eight is reasonable
and balanced, citing the different types of firewalls, their strengths
and weaknesses, and the fact that firewalls can only be one tool in a
larger security strategy, never a complete answer.  Chapter nine
presents the different protocols in transaction security quite well,
but fails to give an analysis of the social and market forces that are
equally important to the overall picture.  Some systems for electronic
payment are compared in chapter ten.  Predicting the future is, of
course, problematic, but chapter eleven seems to contains more faults
than can legitimately be said to be inherent to the process.  As only
one example, the authors look forward with trepidation to "network
aware" viruses.  I'm sorry to tell you this, guys, but the proof of
that concept happened in the wild more than a decade before you wrote
the book, and has transpired depressingly often since.

The presentation of this text as a sourcebook is probably valid on the
one hand: the primary value of the tome lies in the mention of various
commercial systems related to Web security.  It cannot, however, be
recommended as a sole source.  Both a conceptual background and an
overall review of the totality of Web security factors are missing.
There are interesting points in the book, and even useful tips, but
while it may belong on the bookshelf of the dedicated Web
administrator it is not necessarily a must read for those with limited
resources.

copyright Robert M. Slade, 1998   BKWBSCSB.RVW   980711

------------------------------

Date: Thu, 1 Oct 1998 10:12:24 -0800
From: "Rob Slade, doting grandpa of Ryan and Trevor" 
Subject: File 2--REVIEW: "Bank of Fear", David Ignatius

BKBNKFER.RVW   980804

"Bank of Fear", David Ignatius, 1994, 0-380-72280-1
%A   David Ignatius
%C   1350 Avenue of the Americas, New York, NY 10019
%D   1994
%G   0-380-72280-1
%I   Avon Books/The Hearst Corporation
%O   +1-800-238-0658
%P   388 p.
%T   "Bank of Fear"

While an exciting enough thriller, and one giving an unusually
sympathetic and insightful view of the Arab communities, this book is
rather disappointing both in the raggedness of its ending and in the
unlikeliness of its conclusions.

One must allow fiction writers some leeway to explain certain items,
and this is usually done through dialogue.  One character will expound
to another on a given topic.  it gets a bit annoying, not to mention
straining the willing suspension of disbelief, when a banker has to be
lectured on the precepts of banking, and a systems manager has to have
a tutorial on the standard backup command.

In general, however, the technology part of the book is pretty good.
An important part of the plot involves finding confidential files on a
known system to which access has been withdrawn.  The solution is
elegant, functional, and involves that reliable of all data
penetration tools, ignorance on the part of management.  Actually, the
method doesn't even rely all the heavily on ignorance: most computer
professionals would see backups as a security tool rather than a
vulnerability.  The use of UNIX as a platform is more of a literary
convenience than anything else, since any common business system has
the equivalent of an administrative user who can gain access to
anything.  The one weak point in this scenario is the quick
realization of the importance of the backup tape on the part of people
who were previously so lax that they didn't even use encryption for
vital files.

Other technical plot devices are used as effectively.  There is a
lovely piece of social engineering, again relying on management folly
and a demand for convenience.  Call back verification is used as well,
and a neat conceptual way of using it to for system breaking is
presented.  And everything a desktop machine can do, a laptop can
emulate.

Communications technology does not get quite the same care.  The
universal nature of modem standards is mentioned, but not the
functional difference (and audible similarity) between modems used on
computers and those included in fax machines.  No allowance is made
for possible differences in systems and the need for different
terminal types.  The call back spoofing trick is cute, but relies on
the ability of forcing a line to stay open after the remote end has
dropped both the connection and the switch hook, and also on a remote
user leaving a home computer on, with a communications program
running, and an automated login script set up and ready to go.

The worst error, however, is the one on which the final activity of
the plot relies.  Although there are gateways that can send electronic
mail to Telex systems, Telex is a separate system and cannot be
reached by the public dial phone system.  Although you can get Telex
devices that can be operated by computers, Telex does not use modems;
at least not the same kind that are normally used for computer work.
Telex lines, in fact, have different operating characteristics from
phone lines, and even different voltages.  Plugging a modem into a
Telex line would fry the modem as surely as plugging an ISDN modem
into an analogue line would fry the ISDN device.

copyright Robert M. Slade, 1998   BKBNKFER.RVW   980804

------------------------------

Date: Wed, 30 Sep 1998 11:13:56 -0800
From: "Rob Slade, doting grandpa of Ryan and Trevor" 
Subject: File 3--REVIEW: "Management of Library and Archive Security", Robert K.

BKMNLASC.RVW   980804

"Management of Library and Archive Security", Robert K. O'Neill, 1998,
0-7890-0519-0, U$29.95
%E   Robert K. O'Neill
%C   10 Alice Street, Binghampton, NY   13904-1580
%D   1998
%G   0-7890-0519-0
%I   The Haworth Press Inc.
%O   U$29.95 800-429-6784 fax: 800-895-0582 getinfo@haworth.com
%P   120 p.
%T   "Management of Library and Archive Security"

This appears to be a hardcover "co-print" of Volume 25, Number 1, of
the Journal of Library Administration.  It talks about a wide range of
security related issues, but also has significant weak points and
holes in the coverage.  Organization is random, with poor division
according to the titular subject of the different papers.  The
organization also appears to be exactly backwards, with the first
essay looking at what to do *after* you've been robbed, and the last
discussing policy.

Both quality and style vary from paper to paper.  Those sections that
do deal with law enforcement and reporting relate strictly to the
United States, with one token mention of a British reporting group.
While a number of important areas are touched on, and a good deal of
useful information is given, it may be hard to find, or find again.
The article on security, for example, does not provide practical
details of patron access to highly secured special collections,
although both the articles on audit and policies do address specific
features and points.  On the other hand, the piece that does address
the need to provide lockers for patrons forced to leave coats and bags
outside the reading room is not followed up with the greater necessity
for similar provisions for staff facing the same restrictions.

The article on the aftermath of a theft will probably be useful to
those who are panicked by the first such occurrence.  The material
provides good, practical advice for those in the emotional throws of
the event, although most of it is simple common sense.  The paper on
audit, on the other hand, says very little about auditing, and the
content is does contain is theoretical and abstruse.  Law enforcement
gets a folksy treatment, and, in similar fashion to the first essay,
seems to concentrate on calming nerves.  Some advice on the issue of
records and evidence useful in court might have been helpful.  A
recounting of a case recovering illegally transported artifacts is
interesting, but serves primarily to remind managers of the importance
of communication with colleagues and the range of law enforcement
agencies.  The single paper on security itself emphasizes preservation
from the elements and makes only a token mention of active security
against theft and none against fraud.  The final article on security
policies gives much practical advice on a variety of matters, but
doesn't really address policy.  Given the current importance of both
library management systems and electronic access to collections and
other information resources I find it significant that none of the
essays discuss data security.

As a short introduction to a specialty topic this has its place, but
those seeking a complete resource will be disappointed.

copyright Robert M. Slade, 1998   BKMNLASC.RVW   980804

------------------------------

Date: Wed, 23 Sep 1998 10:04:53 -0800
From: "Rob Slade, doting grandpa of Ryan and Trevor" 
Subject: File 4--REVIEW: "Computer Crisis 2000", W. Michael Fletcher

BKCMCR2K.RVW   980619

"Computer Crisis 2000", W. Michael Fletcher, 1998, 1-55180-138-8,
U$12.95/C$15.95
%A   W. Michael Fletcher feedback@highspin.com
%C   1481 Charlotte Road, North Vancouver, BC   V7J 1H1
%D   1998
%G   1-55180-138-8
%I   Self-Counsel Press
%O   U$12.95/C$15.95 604-986-3366 fax: 604-986-3947 selfcoun@pinc.com
%P   232 p.
%T   "Computer Crisis 2000"

The book jacket states that the author has thirty years of experience
in advising businesspeople how to deal with technology.  If so, then
he is, of course, part of the problem, since this problem is not one
that wasn't foreseen.  Indeed, in the preface he admits he came late
to the problem, and certainly a warning book now is just a tad behind
the times.  However, the book is aimed at small and medium sized
businesses.  This market has been neglected in other works on the
topic, and may still have room to fix the situation as far as it can
be dealt with internally, since their computing needs are presumably
less monolithic than those of the corporate giants.

Part one is a definition of the problem and how it may affect people
and businesses.  The explanation is split into the first two chapters
(the book chapters are very short).  Generally the exegesis is
reasonable, although not altogether convincing of the seriousness of
the situation, but it also contains some sections detailing accounting
functions that have only a minimal bearing on the issue.  A third
chapter lists some excuses for avoiding the work involved, but adds
nothing to the book.  Possible impacts get sidetracked into the
beginnings of an action plan, the action plan is disorganized, and the
section ends with a look at legalities that ends, for some reason,
with some thoughts on tax law.

Part two looks at large institutions.  The review of government says
what the author thinks they should be doing, but gives limited (and
likely incorrect) analysis of what the situation and prognosis
actually is.  Much the same applies to the chapter on infrastructure
and utilities.  (The optimistic view of the Internet in the event of a
communications failure is particularly naive.)  The overview of
finances simply looks at a bleak set of possible problems, most
without solution.

Planning and implementation is addressed in part three.  The initial
outline is quite good, stressing that the time for delay and cheap
solutions is past, but it may not be entirely convincing to managers
and business owners due to the weak opening in part one.  Personnel
and inventory get some detail, but the implementation itself is strung
over four chapters with questionable organization.

The final two parts contain two chapters looking at the possible
ancillary benefits of going through the year 2000 process, and a very
terse look at the international scene.  An appendix lists both print
and online resources.

As Fletcher notes in the preface, he could not put absolutely
everything into the book, and polishing and the inclusion of more
material would have delayed a project that is late enough as it is.
The concentration on personal computers and shrink wrapped software is
valid given the target audience.  However, more detail on certain
implementation areas would have greatly improved the book.  As only
one example, getting commitments from suppliers is lacking in breadth
and range, and there should be contingency plans for the inevitable
failures in some part of the infrastructure.  This book is not
alarmist: if anything it does not paint the scene widely enough.

copyright Robert M. Slade, 1998   BKCMCR2K.RVW   980619

------------------------------

Date: Tue, 29 Sep 1998 10:32:31 -0800
From: "Rob Slade, doting grandpa of Ryan and Trevor" 
Subject: File 5--REVIEW: "Decrypted Secrets", F. L. Bauer

BKDECSEC.RVW   980804

"Decrypted Secrets", F. L. Bauer, 1997, 3-540-60418-9, U$39.95
%A   F. L. Bauer
%C   175 Fifth Ave., New York, NY   10010
%D   1997
%G   3-540-60418-9
%I   Springer-Verlag
%O   U$39.95 212-460-1500 800-777-4643
%P   447 p.
%T   "Decrypted Secrets: Methods and Maxims of Cryptology"

Cryptology is the study of the technologies of taking plain, readable
text, turning it into an incomprehensible mishmash, and then
recovering the initial information.  There are two sides to this
study.  Cryptography is the part that lets you garble something, and
then recover it if you have the key.  Cryptanalysis is usually seen as
the "dark side" of the operation, because it is the attempt to get at
the original meaning when you *don't* have the key.  Most current and
popular works on cryptology actually only speak about cryptography.
For one thing, nobody wants to get into trouble by telling people how
to break encryption.  However, it is also much easier to blithely talk
about key lengths and algorithms and pretend to know what you are
doing if you don't have to understand enough math to try to figure out
how to go about cracking a particular cipher.

Bauer examines both sides, which is an important plus.  If you need to
decide how strong an encryption algorithm or system is, it is
important to know how difficult it might be to break it.

Chapter one looks at Steganography, the science of hiding in plain
sight, or concealing the fact that a message exists at all.  In this
he first demonstrates a wide ranging historical background which is
quite fascinating in its own right.  Basic encryption concepts are
introduced by the same historical background, but move on to a very
dense mathematical discussion of cryptographic characteristics in
chapter two.  Encryption functions are started in chapter three, and
it is delightful to have examples other than Julius Caesar's
substitution code.  Polygraphic substitutions are in chapter four and
the math for advanced substitutions is in chapter five.  Chapter six
introduces transpositions.  Families of alphabets, and rotor
encryptors such as ENIGMA, are reviewed in chapter seven.  Keys are
discussed in chapter eight, ending with a brief look at key
management.  Chapter nine covers the combination of methods resulting
in systems such as DES (Data Encryption Standard).  The basics of
public key encryption is introduced in chapter ten.  The relative
security of encryption is introduced in chapter eleven, leading to
part two.  However, it also ends with a discussion of cryptology and
human rights, concentrating mainly, although not exclusively, on the
US public policy debates.

Part two examines the limits of functions used in cryptography, and
thus the points of attack on encryption systems.  Chapter twelve
calculates complexity, and thus the size of brute force attacks.
Known plaintext attacks are the basis of chapters thirteen to fifteen,
looking first at general patterns, then at probable words, and finally
at frequencies.  Frequency leads to a discussion of invariance in
chapter sixteen.  Chapter seventeen follows with a look at key
periodicity.  Alignment of alphabets is covered in chapter eighteen.
Of course, cryptographic users sometimes make mistakes, and chapter
nineteen reviews the different errors and various ways to take
advantage of them.  Chapter twenty one looks at anagrams as an
effective attack on transposition ciphers.  The concluding chapter
muses on the relative effectiveness of attacks and of cryptanalysis
overall.

Those seriously interested in cryptology will really need to be
serious: brush up on your number theory if you want to use this book
for anything.  On the other hand, Bauer's history and vignettes from
the story of codes and the codebreakers are interesting, amusing, and
accessible to anyone.

copyright Robert M. Slade, 1998   BKDECSEC.RVW   980804

------------------------------

Date: Tue, 22 Sep 1998 13:34:40 -0800
From: "Rob Slade, doting grandpa of Ryan and Trevor" 
Subject: File 6--REVIEW: "MCSE: The Core Exams in a Nutshell", Michael Moncur

BKMCSENS.RVW   980806

"MCSE: The Core Exams in a Nutshell", Michael Moncur, 1998,
1-56592-376-6, U$19.95/C$28.95
%A   Michael Moncur mcsenut@oreilly.com
%C   103 Morris Street, Suite A, Sebastopol, CA   95472
%D   1998
%G   1-56592-376-6
%I   O'Reilly & Associates, Inc.
%O   U$19.95/C$28.95 800-998-9938 fax: 707-829-0104 nuts@ora.com
%P   401 p.
%T   "MCSE: The Core Exams in a Nutshell"

The MCSE core exams in a nutshell.  Where they most definitely belong.

This book covers the Networking Essentials (70-058), NT Workstation
4.0 (70-073), NT Server 4.0 (70-067), NT Server in the Enterprise
(70-068), and Windows 95 (70-064) exams.  Each chapter gives a brief
introduction to the exam, explaining the type of material that it
covers.  A page or two of objectives lists the content that the reader
will need to know, and apply, and provides a reference within the
chapter for that objective.  The text itself is very clear.  Limiting
itself to the basics of what you will be asked, the wording is lucid
and, paradoxically, far more understandable than other volumes that
try to try to teach you everything they know about (say) network
essentials.  "On the Exam" boxes point out how Microsoft sees the
world, and the occasional "In the Real World" points out where knowing
too much can get you into trouble.  There are suggested practical
exercises that will help make some of the theoretical material real
and a practice test with explanations of all answers.  Also included
is a "Highlighter's Index" that repeats the most important items in
point form.

Not only does this save you shelf space, but it is, in all likelihood,
the most effective study guide as well.  Simulated test programs would
be an additional asset, but other than that, this has the basics, and
no clutter.

copyright Robert M. Slade, 1998   BKMCSENS.RVW   980806

------------------------------

---------- Forwarded message ----------
Date: Mon, 5 Oct 1998 11:17:59 -0800
To: p1@cmpnetmail.com
Subject: File 7--REVIEW: "Introduction to Security Technologies", Michael P. Ress

VDINSCTC.RVW   980808

"Introduction to Security Technologies", Michael P. Ressler/Charles
Blauner, 1995, 1-57305-067-9, U$1295.00
%A   Michael P. Ressler
%A   Charles Blauner
%C   Room 3A184, 8 Corporate Place, Piscataway, NJ   08854
%D   1995
%G   1-57305-067-9
%I   Bellcore
%O   U$1295.00 800-521-CORE fax: 908-336-2559
%P   224 min., 5 tapes, 260 p.
%T   "Introduction to Security Technologies"

This five tape series is saved from being the proverbial "talking
head" only because the video feed of the "head" in question is
frequently interrupted by shots of lecture foils.  The presentation
uses text slides in almost every case.  As the presenter states, at
the end of pretty much every tape, the material is very brief and
conceptual, giving very few details.  In fact, the contents of each
tape would be most suitable as the introductory chapter to a book on
the relevant topic, since little more is done than to give a
definition of the subject and some related issues.  The use of video
seems to be completely unnecessary, since the material could be
presented just as well with an audio tape and copies of the foils
(which are, in fact, provided).

The first tape, only twenty minutes long, talks about issues in
distributed systems security.  The fundamentals are not well
addressed, and the presentation is somewhat confused.  In fact, the
totality of distributed systems security is not addressed, and the
main concerns are on single sign-on, encrypted or tunneling channels,
and ticket access management for authentication.

The UNIX security basics tape is very basic, including some history,
file naming, and operations of some of the elementary security
utilities such as chmod (used for changing file permissions).  There
is discussion of some slightly higher level concepts, such as the fact
that the password file is world readable by default.  There is also
some mention of the fact that "trusted" hosts can be a vulnerability.
However, about half of this tape is given over to a promotional
demonstration of an AT&T UNIX security analysis tool.

The third tape seems slightly out of place, since its discussion of
Internet firewalls comes prior to the material to be later provided
introducing the Internet.  Oddly, the presentation of packet filtering
is poorly explained and quite limited, whereas the explanation of the
proxy server is pretty clear.  This is the reverse of the usual case.
As with tape two, some of the space is given over to a demonstration
of the AT&T PINGWARE product.

Tape four introduces TCP/IP and Internet security.  Most of the
material actually concentrates on a description of the Internet,
packet encapsulation of Internet data, and a brief overview of basic
Internet applications.  In terms of security, Sun Microsystems gets
hit on for its invention of remote procedure calls and the Portmapper
program.  The remaining material seems to boil down to "it's scary out
there: you'd better learn something."

The final item looks at DCE (Distributed Computing Environment)
security.  This is a slightly more detailed, and specific, version of
tape one.  (With the change of presenter we see a subtle change in
"presentation" values.  For whatever reason, the video taping was
allowed to include a good deal of Blauner facing away from the
audience.  The impression left is that he is much more comfortable
with his presentation software than he is with the audience.)

It is difficult to think of anyone to recommend this product to.  On
the one hand, it could be calculated that for the price of one
registration to a three or four day security course, you could give
your whole department (and all future incoming staff) a morning of
training.  On the other hand, this is not the first morning of such a
course, but rather the first half hour of each morning of a five day
course.  The actual content has been written in a number of places
well enough to be read and understood in ten to fifteen minutes per
topic.  The presentation is not thrilling enough to catch the
attention of those who could not be bothered to read it.

Not even if you served popcorn.

copyright Robert M. Slade, 1998   VDINSCTC.RVW   980808

------------------------------

Date: Wed, 14 Oct 1998 09:47:26 -0800
From: "Rob Slade, doting grandpa of Ryan and Trevor" 
Subject: File 8--REVIEW: "Blueprint to the Digital Economy", Don Tapscott/Alex Lo

BKBLDIEC.RVW   980801

"Blueprint to the Digital Economy", Don Tapscott/Alex Lowy/David
Ticoll, 1998, 0-07-063349-5, U$24.95/C$35.95
%A   Don Tapscott
%A   Alex Lowy
%A   David Ticoll
%C   300 Water Street, Whitby, Ontario   L1N 9B6
%D   1998
%G   0-07-063349-5
%I   McGraw-Hill Ryerson/Osborne
%O   U$24.95/C$35.95 800-565-5758 fax: 905-430-5020
%P   410 p.
%T   "Blueprint to the Digital Economy: Creating Wealth in the Era of
      E-Business"

The first paragraph of the preface tries to explain the purpose of the
book, as is usual.  Stripped of its new age jargon, the section
appears to say that a lot of people talked about how business might
use new communications.

This work is mostly a collection of essays from extremely important,
and therefore very busy, industry leaders.  In other words, most of
the papers have been written by PR departments.  Remaining articles
have been contributed by "independent consultants" looking for
business or speaking engagements.  The results are predictable.

Part one is entitled "The New Rules of Competition" but doesn't say
much about it, beyond generally opining that we are moving to a more
cooperative age.  (The Age of Aquarius, presumably.)  The first and
last essays in the section demonstrate that the rapidly changing times
provide limitless opportunities for meaning-challenged buzzphrases and
content-free diagrams.  The bracketed papers hope that General Motors,
IBM, Intel, and Sun Microsystems will be ready for whatever comes
along.

Part two informs us of the startling fact that the times they are a
changing.  (Surprise!)  Businesses are seeing change in the fields of
banking, newspapers, family snaps, education, telecommunications, and
courier services.  I must make note of Carol Twigg's excellent
contribution, which presents not only hard "customer" data, but real
technology as well.  It is one of the few interesting bits in this
aggregation of promotional puff pieces.

Part three is supposed to tell us how the new technologies will help
businesses to cope.  Instead, Oracle is still flogging network
computers.  We are informed that the Internet is a good thing.  Nortel
tells us that the Internet is a good thing but needs to be made as
reliable as the phone.  Sprint tell us that the Internet is a good
thing but needs to be made as reliable as the phone.  Xerox tells us
that we need a new browser.  (Actually, Weiser and Brown's paper is
much more interesting than that sounds, but isn't really a lot more
useful in business terms.)

Part four supposedly looks at governance in a networked age.  One of
the essays is an apologia for the Clinton administration policies,
another is a vague, hand-waving explanation of "cyberspace."  However,
Stephen Kobrin's incisive examination of the futility of the concept
of territoriality when applied to the net, and Vinton Cerf's
unsurprising but well-grounded look at criminal misbehaviour online
elevate the quality of the section significantly.

Last night I reviewed a book that warned about the dangers of
potentially ignorant, unfiltered, biased, and opinionated information
being disseminated on the Internet, mixed in with and disguising the
few real gems of information.  This current work proves that the same
point can be made about published, and highly publicized, books.

copyright Robert M. Slade, 1998   BKBLDIEC.RVW   980801

------------------------------

Date: Thu, 25 Apr 1998 22:51:01 CST
From: CuD Moderators 
Subject: File 9--Cu Digest Header Info (unchanged since 25 Apr, 1998)

Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically.

CuD is available as a Usenet newsgroup: comp.society.cu-digest

Or, to subscribe, send post with this in the "Subject:: line:

     SUBSCRIBE CU-DIGEST
Send the message to:   cu-digest-request@weber.ucsd.edu

DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS.

The editors may be contacted by voice (815-753-6436), fax (815-753-6302)
or U.S. mail at:  Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115, USA.

To UNSUB, send a one-line message:   UNSUB CU-DIGEST
Send it to  CU-DIGEST-REQUEST@WEBER.UCSD.EDU
(NOTE: The address you unsub must correspond to your From: line)

CuD is readily accessible from the Net:
  UNITED STATES: ftp.etext.org (206.252.8.100) in /pub/CuD/CuD
    Web-accessible from: http://www.etext.org/CuD/CuD/
                  ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/
                  aql.gatech.edu (128.61.10.53) in /pub/eff/cud/
                  world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/
                  wuarchive.wustl.edu in /doc/EFF/Publications/CuD/
  EUROPE:         nic.funet.fi in pub/doc/CuD/CuD/ (Finland)
                  ftp.warwick.ac.uk in pub/cud/ (United Kingdom)


The most recent issues of CuD can be obtained from the
Cu Digest WWW site at:
  URL: http://www.soci.niu.edu/~cudigest/

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views.  CuD material may  be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission.  It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified.  Readers are encouraged to submit reasoned articles
relating to computer culture and communication.  Articles are
preferred to short responses.  Please avoid quoting previous posts
unless absolutely necessary.

DISCLAIMER: The views represented herein do not necessarily represent
            the views of the moderators. Digest contributors assume all
            responsibility for ensuring that articles submitted do not
            violate copyright protections.

------------------------------

End of Computer Underground Digest #10.51
************************************

Computing-Related Links

Any questions, drop Jim Thomas a note at: cudigest@sun.soci.niu.edu