Computer underground Digest Sun 21 Feb, 1999 Volume 11 : Issue 11
ISSN 1004-042X
Editor: Jim Thomas (cudigest@sun.soci.niu.edu)
News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)
Archivist: Brendan Kehoe
Copy ediler: Etaion Shrdlu, Jr.
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Ian Dickinson
Cu Digest Homepage: http://www.soci.niu.edu/~cudigest
CONTENTS, #11.11 (Sun, 21 Feb, 1999)
File 1--REVIEW: "Top Secret Intranet", Fredrick Thomas Martin
File 2--REVIEW: "Upgrading and Repairing PCs", Scott Mueller/Craig Zacke
File 3--REVIEW: "I Love the Internet But I want My Privacy Too", Chris P
File 4--REVIEW: "Stopping Spam", Alan Schwartz/Simson Garfinkel
File 5--REVIEW: "HTML: The Definitive Guide", C. Musciano/Bill Kenned
File 6--REVIEW: "Fighting Computer Crime", Donn B. Parker
File 7--REVIEW: "A History of Modern Computing", Paul E. Ceruzzi
File 8--REVIEW: "Naked In Cyberspace", Carole A. Lane
File 9--Cu Digest Header Info (unchanged since 10 Jan, 1999)
CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN
THE CONCLUDING FILE AT THE END OF EACH ISSUE.
---------------------------------------------------------------------
Date: Fri, 19 Feb 1999 08:37:04 -0800
From: "Rob Slade, doting grandpa of Ryan and Trevor"
Subject: File 1--REVIEW: "Top Secret Intranet", Fredrick Thomas Martin
BKTPSCIN.RVW 990117
"Top Secret Intranet", Fredrick Thomas Martin, 1999, 0-13-080898-9,
U$34.99/C$49.95
%A Fredrick Thomas Martin
%C One Lake St., Upper Saddle River, NJ 07458
%D 1999
%G 0-13-080898-9
%I Prentice Hall
%O U$34.99/C$49.95 800-576-3800, 416-293-3621
%P 380 p.
%S Charles F. Goldfarb Series on Open Information Management
%T "Top Secret Intranet"
Does anyone else think it is ironic that this book is part of a series
on *open* information management? No, I didn't think so.
Part one is an introduction to Intelink, the intranet connecting the
thirteen various agencies involved in the US intelligence community.
Chapter one is a very superficial overview of some basics: who are the
departments, packet networks, layered protocols, and so forth. The
description of Intelink as a combination of groupware, data warehouse,
and help desk, based on "commercial, off-the-shelf" (COTS) technology
with Internet and Web protocols, in chapter two, should come as no big
surprise.
Part two looks at the implementation (well, a rather high level
design, anyway) of Intelink. Chapter three reviews the various
government standards used as reference materials for the system, which
boil down to open (known) standards except for the secret stuff, for
which we get acronyms. There is a quick look at electronic intruders,
encryption, and security policy in chapter four. Various security
practices used in the system are mentioned in chapter five, but even
fairly innocuous details are lacking. For example, "strong
authentication" is discussed in terms of certificates and smartcards,
but a challenge/response system that does not send passwords over the
net, such as Kerberos, is not, except in the (coded?) word "token."
Almost all of chapter six, describing tools and functions, will be
immediately familiar to regular Internet users. Chapter seven takes a
return look at standards. The case studies in chapter eight all seem
to lean very heavily on SGML (Standard Generalized Markup Language)
for some reason.
Part three is editorial in nature. Chapter nine stresses the
importance of information. (Its centerpiece, a look at statements
from some of the Disney Fellows from the Imagineering division is
somewhat paradoxically loose with the facts.) The book closes with an
analysis of intelligence service "agility," using technology as an
answer to everything except interdepartmental rivalries.
Probably the most interesting aspect of the book is the existence of
Intelink at all, and the fact that it uses COTS components and open
standard protocols. (Of course, since it was defence money that
seeded the development of the Internet in the first place, one could
see Intelink simply as a belated recognition of the usefulness of the
product.) For those into the details of the US government's more
secretive services there is some mildly interesting information in the
book. For those charged with building secure intranets there is some
good pep talk material, but little assistance.
copyright Robert M. Slade, 1999 BKTPSCIN.RVW 990117
======================
rslade@vcn.bc.ca rslade@sprint.ca robertslade@usa.net p1@canada.com
Find virus, book info http://victoria.tc.ca/techrev/rms.htm
Mirrored at http://sun.soci.niu.edu/~rslade/rms.htm
Linked to bookstore at http://www97.pair.com/robslade/
Comp Sec Weekly: http://www.suite101.com/welcome.cfm/computer_security
Robert Slade's Guide to Computer Viruses, 0-387-94663-2 (800-SPRINGER)
------------------------------
Date: Mon, 15 Feb 1999 08:31:37 -0800
From: "Rob Slade, doting grandpa of Ryan and Trevor"
Subject: File 2--REVIEW: "Upgrading and Repairing PCs", Scott Mueller/Craig Zacke
BKUPRPPC.RVW 981120
"Upgrading and Repairing PCs", Scott Mueller/Craig Zacker, 1998,
0-7897-1636-4, U$54.99/C$78.95/UK#51.49
%A Scott Mueller scottmueller@compuserve.com
%A Craig Zacker craig@zacker.com
%C 201 W. 103rd Street, Indianapolis, IN 46290
%D 1998
%G 0-7897-1636-4
%I Macmillan Computer Publishing (MCP)
%O U$54.99/C$78.95/UK#51.49 800-858-7674 317-581-3743 info@mcp.com
%P 1531 p. + CD-ROM
%T "Upgrading and Repairing PCs"
There are all kinds of computer help, repair, maintenance,
troubleshooting, and upgrading books on the market. A great many try
to give you a quick overview of what you need to know. With the
personal computer market expanding it's options on a pretty much daily
basis, though, generally what you need is more in the line of an
encyclopedia. *Your* particular problem tends to be the one left out.
This book, however, leaves very little out.
Chapter one is a short history of the PC since the first IBM PC in
1981, or actually slightly before. The defining characteristics, and
components, of a PC are given in chapter two, including a very
realistic overview of the market and major players. Microprocessor
information is given in chapter three. However, this chapter is
unlike any I have ever seen in another repair or troubleshooting book.
There are tables and lists of detailed processor specifications,
including the most important for any upgrader--the socket sizes and
specifications. The chapter proceeds through conceptual material
first and then in turn through all kinds of individual processors, so
at first run it can be a bit confusing. The motherboard is covered in
chapter four, with form factors, chipsets, the BIOS, interface
connectors, and bus sockets. The various types and functions of
memory, with attention to practical as well as theoretical details,
are described in chapter five.
Chapter six gets into the area that possibly causes the most trouble,
and therefore has the greatest potential for usefulness, in PC
hardware: power supplies, the NVRAM (better known as CMOS) battery,
and even UPS (Uninterruptible Power Supply) systems. Keyboards and
mice are covered in significant detail in chapter seven. Display
hardware is outlined in chapter eight, with information on both
monitors and adapters. I was slightly disappointed in the lack of
detail on audio devices in chapter nine, but only in comparison with
the prior material. The content was easily equal to any other general
upgrade guide. Chapter ten provides useful specifics on I/O ports,
dealing with serial and parallel ports, port replacement technologies,
and storage interfaces. Magnetic storage, in chapter twelve, gives
very solid information on characteristics, formatting, and
installation of drives, and covers tapes and cartridge media as well
as the usual floppy and hard drives. Both CD-ROM and DVD systems are
covered in depth in chapter thirteen. Chapter fourteen's review of
printers is a decent enough overview of the technology, but not as
detailed or useful as other sections. There are some interesting
points about portable computers in chapter fifteen, but, again, this
is not one of the better sections.
Chapter sixteen looks at building a system, and, while there is some
duplication of material covered in earlier chapters, there is a good
deal of new content as well. Diagnostics, testing, and maintenance
provides a lot of very practical advice, although the sequence of
topics in chapter seventeen can be jumpy at times. (Given the scope
of the rest of the book, the dismissal of viruses in a single
paragraph is disappointing: and unfortunately consistent with what I
have seen in all too many computer retail and repair shops.) The
review of software troubleshooting must be, of necessity, limited, but
chapter eighteen also demonstrates a much greater comfort with MS-DOS
than later Windows systems, and doesn't mention others such as Linux.
File systems and data recovery fare much the same in chapter nineteen.
Chapter twenty seems to be something of a historical artifact,
covering some rather oddball IBM systems up to the XT 286. (Of
course, if you have one of these, this chapter is a goldmine.) Some
general, but very useful, advice on documenting your system finishes
off the book in chapter twenty one. Appendices list a variety of
information, probably the most useful being a catalogue of vendor
contacts. The entries are quite detailed, although I note a US-
centric bias: a number of non-US companies are listed by their
American sales office.
I can say with assurance that none of the books on upgrading or repair
of personal computers has had the scope of this one. This is not
simply due to the size, although that certainly helps. The material
is readable and clear, and there is very little fluff. Certainly some
sections are not quite up to the overall standard, but for the central
unit itself, the book is without peer. I can readily agree with the
rather effusive book jacket comments: they are not, as I first
thought, mere hype. For anyone involved in computer maintenance and
repair, be it in a retail or technical support role, this reference
has immense value. And for serious hobbyist users, it can provide a
great deal of interest, as well as definite help when you need it.
copyright Robert M. Slade, 1998 BKUPRPPC.RVW 981120
======================
rslade@vcn.bc.ca rslade@sprint.ca robertslade@usa.net p1@canada.com
Find virus, book info http://victoria.tc.ca/techrev/rms.htm
Mirrored at http://sun.soci.niu.edu/~rslade/rms.htm
Linked to bookstore at http://www97.pair.com/robslade/
Comp Sec Weekly: http://www.suite101.com/welcome.cfm/computer_security
Robert Slade's Guide to Computer Viruses, 0-387-94663-2 (800-SPRINGER)
------------------------------
Date: Tue, 16 Feb 1999 08:31:39 -0800
From: "Rob Slade, doting grandpa of Ryan and Trevor"
Subject: File 3--REVIEW: "I Love the Internet But I want My Privacy Too", Chris P
BKILIWMP.RVW 990110
"I Love the Internet But I want My Privacy Too", Chris Peterson, 1998,
0-7615-1436-8, U$16.95/C$25.00
%A Chris Peterson cpeterson@aol.com
%C 3875 Atherton Road, Rocklin, CA 95765-3716
%D 1998
%G 0-7615-1436-8
%I Prima Publishing
%O U$16.95/C$25.00 800-632-8676 916-632-4400 fax: 916-632-1232
%O mattj@primapub.com www.primapublishing.com
%P 226 p.
%T "I Love the Internet But I want My Privacy Too"
My wife is the office Information Wizard. Not holding a technical
job, she has her finger on the pulse of what goes on and who needs to
know about it. She constantly amazes not only her co-workers, but
also friends and family, by her ability, given only a name, to get
into contact with a person or company within mere minutes. She uses
that secret and arcane source of data known to its initiates only as--
the phonebook.
Very funny, you say. Well, I have a serious point to make. Three of
them, actually. The first is that there is a great deal of publicly
available information about you. The second is that most people do
not know how to effectively use such information, and so are easily
startled by someone who does. Did you know that, given your address,
I can find your name and phone number? No, I don't have to use the
Internet. I go to the library and look in the "Criss-Cross"
directory. Which brings me to my third point: the net is not the be-
all and end-all snooping tool.
Chapter one rambles over a variety of topics, seemingly concentrating
on the fact that some people would like information about you, and
that information is available on the Web. Proprietary, and thus not
public, databases are discussed in chapter two. Chapter three talks
about the information you may trail through cyberspace without knowing
it. However, the material has a rather suspect technical background.
Besides getting the number of IP addresses wrong, the text confuses
chat rooms and Usenet newsgroups, and has a description of cookies
that fails at several points. In addition, the "privacy profile"
exercise uses a site that has a function dealt with by another site in
an unrelated domain. No mention is made of the dangers inherent in
this practice. Some stories about information gathering by employers
starts out chapter four, but it moves on to a miscellaneous collection
of instances of personal harassment and other unpleasantness. Medical
information, unrelated to the Internet, is reviewed in chapter five.
Chapters six and seven both look at children on the net. The material
on pornography is definitely overhyped, to the point of decrying the
loss of the Communications Decency Act, but the examination of
commercial abuse of children's trust is rather good. A couple of
drawbacks of blocking software is mentioned, though not the hidden
agendas that some have.
Chapter eight looks at some technologies that assist in maintaining
privacy, such as anonimizing sites and encryption. The explanations
contain a large number of small errors, and ultimately don't do much
ot help non-specialists understand the issues. Some US regulations
regarding privacy are discussed in chapter nine, although most is
unrelated to the net. An Internet extension to the US Social Service
Administration is reviewed in chapter ten. More US work on
regulations is mentioned in chapter eleven.
While the book does discuss a number of issues of privacy related to
the Internet, it does so in a ragged and often disorganized manner.
Much of the content of the book has nothing to do with the Internet,
and some of the material is only just short of hysteria, with little
attempt at balance. Technical discussions are either missing or
incorrect, and this lack of background degrades the value of the book
as a whole. Overall, the level is that of a general magazine article,
and is unlikely to be of significant use to the Internet using public.
copyright Robert M. Slade, 1999 BKILIWMP.RVW 9901101
Free electronic distribution permitted
======================
rslade@vcn.bc.ca rslade@sprint.ca robertslade@usa.net p1@canada.com
Find virus, book info http://victoria.tc.ca/techrev/rms.htm
Mirrored at http://sun.soci.niu.edu/~rslade/rms.htm
Linked to bookstore at http://www97.pair.com/robslade/
Comp Sec Weekly: http://www.suite101.com/welcome.cfm/computer_security
Robert Slade's Guide to Computer Viruses, 0-387-94663-2 (800-SPRINGER)
------------------------------
Date: Mon, 18 Jan 1999 11:44:23 -0800
From: "Rob Slade, doting grandpa of Ryan and Trevor"
To: p1@canada.com
Cc: cips-security-sig@interchange.ubc.ca
Subject: File 4--REVIEW: "Stopping Spam", Alan Schwartz/Simson Garfinkel
BKSTPSPM.RVW 981030
"Stopping Spam", Alan Schwartz/Simson Garfinkel, 1998, 1-56592-388-X,
U$19.95/C$29.95
%A Alan Schwartz alansz@araw.mede.uic.edu
%A Simson Garfinkel simsong@vineyard.net
%C 103 Morris Street, Suite A, Sebastopol, CA 95472
%D 1998
%G 1-56592-388-X
%I O'Reilly & Associates, Inc.
%O U$19.95/C$29.95 800-998-9938 fax: 707-829-0104 nuts@ora.com
%P 208 p.
%T "Stopping Spam"
Eternal vigilance is the price of junk free email. Therefore, readers
expecting to find a quick fix for spam in this book are possibly going
to be disappointed. Those who persevere, however, will find much
useful material that is both interesting, and valuable in the fight
against unsolicited and commercial mass mail bombing.
Chapter one details the problem with a definition of spam, the
functionally differing types of spam, the different intention of spam
(including reputation attacks), and the reasons why spam should be
combatted, rather than merely tolerated and deleted. A historical
background to the situation is provided in chapter two. This includes
mention of viral programs (plus a repetition of the myth that CHRISTMA
EXEC caused a mass shutdown of VNET). the primary emphasis, though,
is on the Green Card Lawyers, Cyberpromotions, and others of that ilk.
(A warning against vigilante actions is also germane.) The current
position is described very briefly in chapter three. Groups of
spammers and spamming tools are noted. (Perhaps the authors do not
want to give anyone ideas, but the technology section is very terse
indeed.) In closing, a nightmare future spam scenario is provided.
Chapter four provides a solid technical background for further
discussion of spam, covering mail agents and the mail and news
protocols. A number of steps that the average computer user can take
are listed in chapter five. The range from hiding your identity or
preventing address "harvesting" (not all the suggestions are
convenient), to the more active detecting of spammers behind spoofing
techniques, and reporting to authorities. Similar advice for
newsgroups is given in chapter six, emphasizing specific programs like
NoCeM.
Chapter seven moves into larger areas of responsibility with advice on
both policy and practical configuration settings to reduce both
incoming and outgoing spam. The larger net community is addressed in
chapter eight.
An appendix lists a wide variety of resources, but the annotations may
not always give you the complete picture. For example, the Spam Media
Tracker Web site is listed, but at a relatively old address. This, of
course, happens all the time on the net, but it is stranger that there
is no mention of the spam-news mailing list, the original (and
ongoing) source for the site.
It would, or course, be prohibitive to identify all international
agencies dealing with spam. However, do note that only US government
offices are noted as departments to report to.
While understandable, the tone of moral outrage that colours the
initial chapters may not be as helpful as a calmer precis. As the
book hits its stride, though, it provides a good deal of helpful and
useful information. All ISPs (Internet Service Providers), corporate
network administrators, and net help desks should have a copy of this
reference handy. Any serious Internet user will also find it well
worth the price. As the authors put it, in slightly different words,
the only thing necessary for the triumph of spammers is that good
users do nothing.
copyright Robert M. Slade, 1998 BKSTPSPM.RVW 981030
======================
rslade@vcn.bc.ca rslade@sprint.ca robertslade@usa.net p1@canada.com
Find virus, book info http://victoria.tc.ca/int-grps/techrev/rms.html
Robert Slade's Guide to Computer Viruses, 0-387-94663-2 (800-SPRINGER)
------------------------------
Date: Thu, 4 Feb 1999 08:12:41 -0800
From: "Rob Slade, doting grandpa of Ryan and Trevor"
Subject: File 5--REVIEW: "HTML: The Definitive Guide", C. Musciano/Bill Kenned
BKHTMLDG.RVW 981115
"HTML: The Definitive Guide", Chuck Musciano/Bill Kennedy, 1998,
1-56592-492-4, U$32.95/C$46.95
%A Chuck Musciano cmusciano@aol.com
%A Bill Kennedy bkennedy@activmedia.com
%C 103 Morris Street, Suite A, Sebastopol, CA 95472
%D 1998
%G 1-56592-492-4
%I O'Reilly & Associates, Inc.
%O U$32.95/C$46.95 800-998-9938 fax: 707-829-0104 nuts@ora.com
%P 608 p.
%T "HTML: The Definitive Guide", 3rd edition
If you are serious about designing documents and Web pages with HTML
(HyperText Markup Language) then you *must* have this book.
First of all, it *is* definitive. Many books, though much longer,
don't begin to match the depth of this current work. Musciano and
Kennedy cover the standard HTML up to 4.0, and, more importantly,
include the non-standard extensions of Netscape and Internet Explorer.
The basics, text, rules, multimedia, links, lists, forms, tables,
frames and more are all thoroughly covered, point by point and
attribute by attribute. There is even the SGML (Standard Generalized
Markup Language) DTD (Document Type Definition) for HTML 4.0. (This
must be definitive: it's the definition of the language.)
Second, it *is* a guide, and a very good one. Lemay's "Web Publishing
With HTML" (cf. BKWPHTML.RVW) still holds an edge as the most
approachable beginner's introduction to Web page creation, but
Musciano and Kennedy can easily welcome the newcomer as well. The
structure is logical and the explanations are crystal clear.
In spite of all this, the book contains even more. Web design is not
given a separate section, but seamlessly permeates every section of
the book. Readers are constantly reminded that while extensions may
be fun, not everyone in the world has the same browser. Alternative
methods are suggested for non-standard effects and functions.
Shortcuts, suitable to only one browser or server, are recommended
against in order to ensure the utmost compatibility with all systems.
The authors no longer have coverage of CGI (Common Gateway Interface)
programming, but they do explain the use of email to collect form
data, which is much more useful for maintainers of small Web sites
without access to extensive server functions.
All this, and readable, too. The content is straightforward and
lucid. While you might not read this book for laughs, it is not the
tome to choose to put yourself to sleep at night, either.
I can recommend this book, without reservation, to anyone who wants to
learn HTML programming and use. It is, still, the definitive guide
and the only one I find I need to keep on my shelf.
(The fact that my review has been misquoted on the back cover of the
last two editions of this book has had no influence at all on this
review.)
copyright Robert M. Slade, 1996, 1997, 1998 BKHTMLDG.RVW 981115
======================
rslade@vcn.bc.ca rslade@sprint.ca robertslade@usa.net p1@canada.com
Find virus, book info http://victoria.tc.ca/techrev/rms.htm
Mirrored at http://sun.soci.niu.edu/~rslade/rms.htm
Linked to bookstore at http://www97.pair.com/robslade/
Robert Slade's Guide to Computer Viruses, 0-387-94663-2 (800-SPRINGER)
------------------------------
Date: Wed, 10 Feb 1999 12:19:41 -0800
From: "Rob Slade, doting grandpa of Ryan and Trevor"
Subject: File 6--REVIEW: "Fighting Computer Crime", Donn B. Parker
BKFICMCR.RVW 981106
"Fighting Computer Crime", Donn B. Parker, 1998, 0-471-16378-3,
U$34.99/C$49.50
%A Donn B. Parker dparker@sric.sri.com
%C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8
%D 1998
%G 0-471-16378-3
%I John Wiley & Sons, Inc.
%O U$34.99/C$49.50 416-236-4433 fax: 416-236-4448 rlangloi@wiley.com
%P 512 p.
%T "Fighting Computer Crime: A New Framework for Protecting
Information"
Parker feels that too much of the data security field concentrates on
technical answers to the problems of reliability, integrity, and
availability of data, and doesn't pay sufficient attention to those
people who are deliberately out to read, steal, or ruin your
information and systems. Personally, I find it rather ironic that he
defines "crimoids," in chapter one, as minor events promoted to much
higher significance by the media, and public misperceptions. In the
non-specialist realm, more people spend more time worrying about
"hackers" than ever back up their drives. (I am reminded of a friend;
an intelligent and educated person who started his career programming
large and sophisticated information systems and who has now risen to
the executive ranks; who has for years refused to get a modem for his
home computer. In spite of his frequently expressed desire for access
to the Internet, and my repeated assurances that with his current
computer and operating system there is no hidden danger, he remains
convinced that the mere attachment of a modem to his machine will
allow someone to break into his computer and damage it.)
Who, then, is this book written for? The author does not say, but
what he does say in the preface seems to indicate that he is not
writing for those whose business cards make reference to security. (I
have neither argument nor inclination to dispute Parker's assertion
that security "professionals" do not really deserve the designation.)
But if this text is aimed at the general public, chapter one's
emphasis on the dangers and lack of protection would seem more
inclined to incite further panic, rather than a realistic and measured
response.
Chapter two is an interesting and useful examination of an often
unasked question in the field: what is the nature of the information
we are supposedly securing? There are valuable side points, such as
both the danger and the opportunity in the security arena presented by
the Year 2000 problem. At the same time, I have to note that an
erroneous description of the Cascade virus is an example of Parker's
asserting points that are just beyond the available facts, and, for me
anyway, has an unfortunate effect on the trustworthiness of the work
as a whole. The review of cybercrime, in chapter three, has more
reference to journalism and other forms of fiction than to reality,
but I have to agree with everything said there. Computer misuse and
abuse is discussed in chapter four. (As if to make up for chapter
two, the section on viruses is very good.) Network misuse is covered
in chapter five, and although I still have trouble believing in the
reality of salami attacks (Parker's sole example is said to have
resulted in a conviction, but no citation is given) I am a bit more
willing to accept his broader definition. Chapter six is extremely
strong in portraying a realistic and broadly based analysis of
characteristics of computer criminals. A similarly informed and
balanced approach distinguishes chapter seven, regarding hacker
culture, but there is also a universally condemnatory tone that is not
wholly justified by the facts as presented. Chapter eight is a very
helpful first step for those wanting to deal in the art of computer
security.
Chapter nine reviews the deficiencies in most current security
practices, noting overprotection in some areas while ignoring
loopholes in others, and a flowery jargon that serves mostly to hide
the fact that security people just don't feel very comfortable with
what is going on. However, Parker's new model of security, in chapter
ten, while it is very clear and useful, does not extend recent work
in, say, electronic commerce. On the one hand, this congruence does
support the model, but on the other, one can't really say it is too
novel. The popular, but demonstrably incomplete, risk assessment
study is de-emphasized in favour of a more difficult, but more
realistic, baseline security standard in chapter eleven. Details on
how to conduct such a study are very helpfully given in chapter
twelve, although the benchmark chart is going to be much harder to
come by than is made clear in the text. Chapter thirteen provides a
practical and useful set of criteria for determining control
objectives. A number of security tactics are detailed in chapter
fourteen. Chapter fifteen takes the larger strategic view. (I was
delighted to see the inclusion of a section on corporate ethics in
this chapter. Recently I contracted to produce a security document
for an educational institution, and was told to take the section on
ethics out.) Management of security, in chapter sixteen, includes
provisions for training, policy, and other factors. Chapter seventeen
finishes off with a look to the future. The material, while thought-
provoking, is possibly more likely to generate arguments than
solutions.
Parker's stance on security in general definitely puts him in the camp
of the professional paranoids. However, absent the first and last
chapters, there is a lot of good, solid knowledge here to help educate
any security practitioner. The material in the second half of the
book is just as valuable to the security process as the more technical
works such as "Practical UNIX and Internet Security" (cf.
BKPRUISC.RVW) by Spafford and Garfinkel, albeit in quite a different
way. An informed security policy is every bit as important as a good
set of "access" controls.
copyright Robert M. Slade, 1998 BKFICMCR.RVW 981106
======================
rslade@vcn.bc.ca rslade@sprint.ca robertslade@usa.net p1@canada.com
Find virus, book info http://victoria.tc.ca/techrev/rms.htm
Mirrored at http://sun.soci.niu.edu/~rslade/rms.htm
Linked to bookstore at http://www97.pair.com/robslade/
Robert Slade's Guide to Computer Viruses, 0-387-94663-2 (800-SPRINGER)
------------------------------
Date: Wed, 3 Feb 1999 08:35:41 -0800
From: "Rob Slade, doting grandpa of Ryan and Trevor"
To: p1@canada.com
Subject: File 7--REVIEW: "A History of Modern Computing", Paul E. Ceruzzi
BKHSMDCM.RVW 981107
"A History of Modern Computing", Paul E. Ceruzzi, 1998, 0-262-03255-4,
U$35.00
%A Paul E. Ceruzzi nasem001@sivm.si.edu
%C 55 Hayward Street, Cambridge, MA 02142-1399
%D 1998
%G 0-262-03255-4
%I MIT Press
%O U$35.00 800-356-0343 manak@mit.edu www-mitpress.mit.edu
%P 398 p.
%T "A History of Modern Computing"
In the introduction, Ceruzzi sets forth a fairly ambitious scope for
the book. Hardware, software, politics, and even major companies like
IBM are to be explored. The book concentrates on the United States
because of its dominant position in the industry, but does explore
significant movements by other powers. (The movements have to be
*very* significant, and the exploration is relatively minimal.) The
text is not to be a mere catalogue of machines, but will examine
meaning and historical moment. (This is evident even in the
introduction, where we are told that American dominance of technical
commerce is due to the relationship of the US government, and
particularly military, to the computer business.)
Chapter one looks at the initial movements of the computer in the
realm of commerce. The author has made serious attempts to make this
more than a listing of machines, with references to meetings and
transfer of ideas between designers. There are also mentions of those
who tend to be ignored in the popular histories. One example is the
note that the first commercial use of UNIVAC came three years after
the Lyon's Electronic Office, which is covered in more detail in "LEO:
The First Business Computer" (cf. BKLEOFBC.RVW). Still it is hard to
say that this does much to extend histories that are already
available. The determining characteristic of chapter two appears to
be advances in storage technology, both in the move through core to
transistors for main memory (and processing) and the disk drive. The
chapter is, however, somewhat unfocussed, at one point detailing
companies, at another discussing aspects of architecture, and in
another listing products.
Chapter three covers a lot of ground in its look at software, dealing
with compilers and languages, operating systems, intellectual
property, and antitrust "unbundling" attempts, all up to the late
1960s. The rise of the minicomputer, documented in chapter four,
starts with a long series of instances of mainframe use. Indeed, it
is not so much about minis as about DEC, and takes an interesting look
at changes in business and technical "culture." Business and market
forces in the sixties and early seventies are the main focus of
chapter five. Most of chapter six reviews the development and
production of semiconductor circuits over the same period, but there
is also a brief discussion of the beginnings of computer science
education.
Chapter seven documents the early days of personal computers, of
whatever size, through the seventies. A mix of business startups (and
closures) and some significant developments makes up chapter eight.
Chapter nine is supposed to concentrate on the eighties and nineties,
but the technologies it emphasizes; UNIX, LANs, and the Internet; all
had their roots in the late sixties. A brief look at future
directions concludes in chapter ten.
While interesting and instructive, the work is hardly exhaustive. For
example, while in current business terms the importance of the Altair,
and the impetus it gave to Microsoft, cannot be disputed, when looking
at personal computing as a whole the significance of Apple Corporation
is beyond question, yet the Apple ][ and the Macintosh seem to be
viewed as mere extensions of existing technology. Ceruzzi has
provided an accurate and very balanced review of the past fifty years
of computing, as well as good analysis and interesting stories, but
nothing much beyond that.
copyright Robert M. Slade, 1998 BKHSMDCM.RVW 981107
======================
rslade@vcn.bc.ca rslade@sprint.ca robertslade@usa.net p1@canada.com
Find virus, book info http://victoria.tc.ca/techrev/rms.htm
Mirrored at http://sun.soci.niu.edu/~rslade/rms.htm
Linked to bookstore at http://www97.pair.com/robslade/
Robert Slade's Guide to Computer Viruses, 0-387-94663-2 (800-SPRINGER)
------------------------------
Date: Thu, 28 Jan 1999 08:24:00 -0800
From: "Rob Slade, doting grandpa of Ryan and Trevor"
Subject: File 8--REVIEW: "Naked In Cyberspace", Carole A. Lane
BKNKDCSP.RVW 981122
"Naked In Cyberspace", Carole A. Lane, 1997, 0-910965-17-X, U$29.95
%A Carole A. Lane
%C 462 Danbury Road, Wilton, CT 06897-2126
%D 1997
%G 0-910965-17-X
%I Pemberton Press Books/Online Inc.
%O U$29.95 800-248-8466 203-761-1466 fax: 203-761-1444
%O johnb@onlineinc.com www.onlineinc.com/pempress
%P 544 p.
%T "Naked In Cyberspace: How to Find Personal Information Online"
Oh, go and stand over in the corner with Senator Exon.
Those reading the title (and the promotional reviews in many
magazines) might be forgiven for thinking this was an examination of
the state of privacy or personal information online. Those who get to
the subtitle will probably think that this will tell you how to find
personal information on the net. The second group will be a lot
closer than the first, but won't really be correct either.
Part one is a kind of general introduction to the topic: basically it
seems to be a kind of promotional brochure. Chapter one states that
information can be valuable (surprise), that information can be
accessed in various ways via computers (double surprise), and gives a
kind of randomized table of contents for the book. One point to be
made is that the text seems to hold "cyberspace" and "online" as
synonymous with "involves a computer," since chapter two starts
talking about searching databases by emphasizing the importance of the
speed of your computer. It goes on to talk about CD-ROMs, give a
minimalist description of boolean logic, pass briefly over the fact
that computer databases may contain mistakes (many estimates suggest
that a quarter to a third of all such records are in error), and
finishes by extolling the virtues of information brokers. The author
is obviously not comfortable with searching for information on the
Internet: we are told of all kinds of trivial information (nothing
important) that can be found on the net, but never how, in chapter
three. Chapter four suggests that you can find information about
people from proprietary databases, and finishes with a hard-hitting,
in-depth investigation of Ross Perot--using the information found on
his promotional Web site! The obligation to talk about privacy is
given a token nod in chapter five, which primarily emphasizes the fact
that information obtainable via computer could be obtained other ways
so don't gimme no grief about this book, OK?
Part two looks at what you might use record searching for. Chapter
six looks at finding people, but almost as soon as it starts it admits
that the options in this category are too many, and that it can only
give you a random, and extremely limited, sampling. Pre-employment
screening is discussed in chapter seven, but almost none of it relates
to computer accessible records at all. Recruiting is limited to
searching online (and usually commercial) resume banks in chapter
eight. The job related newsgroups aren't mentioned at all, and there
is no talk of using topical searches to find specialist skills.
Tenant screening is limited to credit referencing (which it doesn't
tell you how to do) in chapter nine. Chapter ten lists some
proprietary databases where you might be able to find out about
assets, and has a much longer section dealing with assets that you
won't be able to find. "Competitive Intelligence" (aka "industrial
espionage"?) again has nothing to say about computers (and very little
to say at all) in chapter eleven. (Appropriate number, don't you
think?) There are some proprietary databases, and even some publicly
available resources, in chapter twelve for finding experts in
different fields, although, again, only a tiny sample. How to find
rich people to hit up for charity is minuscule in chapter thirteen.
The review of private investigation doesn't give you any resources
beyond how to contact PI professional groups.
Part three looks at types of personal records. These include chapters
on biographies, general indices, telephone directories, staff and
professional directories, mailing lists, news, photographic images,
quotations, bank records, credit and financial records, consumer
credit records, criminal justice records, motor vehicles, death, tax
records, medical and insurance records, public records, adoption,
celebrity, genealogical records, political records, and demographic
records. Most of the information is contained in proprietary
databases, and much of it is not available via computer at all, let
alone online. The best chapter, in terms of comprehensive and useful
guidance combined with accessible data, is on genealogy.
The remainder of the book is essentially appendices, listing related
books, periodicals, organizations, and databases.
Basically, this work spends a lot of time suggesting that you *can*
find information out about people, and doesn't put much effort into
telling you how you can. There is a heavy reliance on commercial
information services, and, as noted, not all of the information
sources are available to you from home, let alone via the Internet. A
great deal of data relating to the topics covered *can* be found on
the Internet, but the author does not appear to be aware of that. If
you want to set yourself up as an information broker, this text might
get you started. The contact information for the various database
sources is useful, although you can find the same at your local
library. Which may be available online.
copyright Robert M. Slade, 1998 BKNKDCSP.RVW 981122
======================
rslade@vcn.bc.ca rslade@sprint.ca robertslade@usa.net p1@canada.com
Find virus, book info http://victoria.tc.ca/int-grps/techrev/rms.htm
Mirrored at http://sun.soci.niu.edu/~rslade/rms.htm
Linked to bookstore at http://www97.pair.com/robslade/
Robert Slade's Guide to Computer Viruses, 0-387-94663-2 (800-SPRINGER)
------------------------------
Date: Sun, 10 Jan 1999 22:51:01 CST
From: CuD Moderators
Subject: File 9--Cu Digest Header Info (unchanged since 10 Jan, 1999)
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically.
CuD is available as a Usenet newsgroup: comp.society.cu-digest
Or, to subscribe, send post with this in the "Subject:: line:
SUBSCRIBE CU-DIGEST
Send the message to: cu-digest-request@weber.ucsd.edu
DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS.
The editors may be contacted by voice (815-753-6436), fax (815-753-6302)
or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115, USA.
To UNSUB, send a one-line message: UNSUB CU-DIGEST
Send it to CU-DIGEST-REQUEST@WEBER.UCSD.EDU
(NOTE: The address you unsub must correspond to your From: line)
CuD is readily accessible from the Net:
UNITED STATES: ftp.etext.org (206.252.8.100) in /pub/CuD/CuD
Web-accessible from: http://www.etext.org/CuD/CuD/
ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/
wuarchive.wustl.edu in /doc/EFF/Publications/CuD/
EUROPE: ftp.warwick.ac.uk in pub/cud/ (United Kingdom)
The most recent issues of CuD can be obtained from the
Cu Digest WWW site at:
URL: http://www.soci.niu.edu/~cudigest/
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
------------------------------
End of Computer Underground Digest #11.11
************************************
<--">Return to the Cu Digest homepage
Page maintained by: Jim Thomas - cudigest@sun.soci.niu.edu