Computer underground Digest Sun 28 Feb, 1999 Volume 11 : Issue 13
ISSN 1004-042X
Editor: Jim Thomas (cudigest@sun.soci.niu.edu)
News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)
Archivist: Brendan Kehoe
Commie Radiator: Etaion Shrdlu, Mssr.
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Ian Dickinson
Cu Digest Homepage: http://www.soci.niu.edu/~cudigest
CONTENTS, #11.13 (Sun, 28 Feb, 1999)
File 1--"There is no such thing as Information" (Netfuture #84)
File 2--Islands in the Clickstream. The Enemy Within (Real Y2K Bug)
File 3--"First-Hand Lesson in Censorship" - SSU (D. McCullah)
File 4--Re: SUU student punished for visiting Hitler site
File 5--Spanish Government Censors Net
File 6--Virginia criminalizes "Up Yours"
File 7--SB 881 Virginia Computer Crimes Act; electronic mail.
File 8--Breaking News: Netscape browser security hole
File 9--Cu Digest Header Info (unchanged since 10 Jan, 1999)
CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN
THE CONCLUDING FILE AT THE END OF EACH ISSUE.
---------------------------------------------------------------------
Date: Tue, 9 Feb 1999 16:23:24 -0500
From: Stephen Talbott
Subject: File 1--"There is no such thing as Information" (Netfuture #84)
Source: Issue #84 / February 9, 1999
Technology and Human Responsibility
Editor: Stephen L. Talbott (stevet@oreilly.com)
On the Web: http://www.oreilly.com/~stevet/netfuture/
You may redistribute this newsletter for noncommercial purposes.
THERE IS NO SUCH THING AS INFORMATION
In NF #81 ("Here's to the Information Age: A Toast") I pointed out our
curious usage of the word "information". On the one hand, it can mean
anything and everything -- "stuff", as many are apt to put it. Of course,
"stuff" is a perfectly legitimate word, and so is "information". When, at
the end of a conversation, I say "Okay, send me the information", both
parties know what is being referred to, since the context has made it
clear. Similarly, when I say "Okay, give me that stuff", there's not
likely to be any confusion.
But while it may be useful to have a word meaning not much more than
"whatever it is we were just talking about", you wouldn't expect such a
spineless and inconsequential term to carry around a halo of glory. You
wouldn't expect to hear, for example, about the "Age of Stuff". Yet we
hear every day about the "Age of Information". What is going on?
Where Information Shines
-----------------------
This is where the second aspect of "information" comes into the picture --
the halo-bearing aspect. Let's look at its distinguishing marks:
** Information comes, first of all, in discrete entities of some sort --
in "bits" or "pieces" -- which we can store in databases. It's nicely
countable, so that we can talk, for example, about doubling the size of
our databases. (See "The Great Knowledge Implosion" below.)
** Second, information is thought to be sharp-edged and unambiguous. It
is valid or invalid, up-to-date or out-of-date, true or false.
** Also, information can be conveyed without loss or distortion from one
place to another. In this way databases can be exactly duplicated.
** And, lastly, information is subject to precise manipulation and control
-- which, of course, is what information-processing tools are all about.
Now, I hope all this puts you in mind of the preceding discussions of the
polar relation between accuracy and meaning. And, if it does, you will
doubtless have noticed that the idea of information described here looks
very much like another attempt at a "one-pole magnet". If, in
communication, you achieve absolute accuracy -- if the "information" you
communicate is something you can control and count and transmit reliably,
bit by well-defined bit, from one database to another -- then you're no
longer talking about communication at all. That is, your accurate terms
aren't any longer *about* anything, just as the p's and q's of the pure
logician are no longer about anything.
The text you transmit may be, say, the text of the Emancipation
Proclamation. But the text is not its meaning. (It's amazing how
naturally we lose sight of this distinction today.) The text can be
reliably transmitted, but the significance of the text cannot. Meaning,
Owen Barfield has remarked, cannot be conveyed; it can only be suggested.
Information as Statistical Artifact
----------------------------------
In a sense, none of this is as controversial as you might think. The
criteria for information listed above derive historically from the
mathematical theory of communication, developed at mid-century by Norbert
Wiener and Claude Shannon, among others. Their aim was for reliability,
precision, and control, but along the way a funny thing happened: meaning
disappeared from view.
As Warren Weaver famously put it in one of the first essays explicating
the new theory of communication: in a given context the word "yes" might
well represent the same "amount" of information as the entire text of the
King James Bible. (See Shannon and Weaver, *The Mathematical Theory of
Communication*.) That's just the way the theory works. Information,
according to this theory, is a statistical artifact of the communication
process and must not be confused with the content of communication, or
with meaning.
The upshot of this fact is that the easiest way to maximize the amount of
information over a communication line (in the theory's terms) is to hook
up a random noise generator to it. (You will be forgiven the thought that
the Internet is just one massive attempt to illustrate this point.)
Weaver, when mentioning the direct connection between noise and
information, goes on to remark that this connection "beautifully
illustrates the semantic trap into which one can fall if he does not
remember that `information' is used here with a special meaning".
The trap is one few people any longer care to avoid. While the earlier
theorists were careful to point out (again, in Weaver's words) that
"information must not be confused with meaning", the term quickly
overleapt all such hedges, even as the speakers tried to retain the mantle
of authority derived from the technical theory.
Toward the Destruction of Polarity
---------------------------------
So we come back to those observations by Russell and Einstein. (See
"Please Don't Love Me Only for My Architecture" above.) You can drive
single-mindedly toward the pole of accuracy only by excluding meaning from
consideration. Perfectly quantified relationships are precise,
unambiguous -- and empty. Bring their meaningful content into view, and
they're no longer empty, but neither are they any longer precise and
unambiguous.
Finding our way into the productive interplay of these polar opposites is
part of our job today. We *must* seek the greatest accuracy possible in
all our cognitive undertakings. And we *must* probe the deepest meaning
of the terms we are trying to be accurate about.
This is not a simple trade-off -- a polarity never is. It's not that you
have to give up one or the other pole. Magnets *can* be strengthened; you
strengthen one pole by also strengthening the other. It's a matter of
struggling to hold the two poles together in unity despite the ever
greater tension between them. This work, of course, gets harder and
harder the further we carry it, but it is the work we are called to do.
It is, most fundamentally, the way our minds need to work.
The problem is that nearly everything in the technological society presses
toward the destruction of this polar tension and balance. We find
ourselves on a series of impossible quests for a one-pole magnet, as
indicated by many of the most prestigious keywords of our day:
information, efficiency, precision, productivity, logic .... Even when a
polar dynamic is glimpsed, it is almost immediately denied. In *The
Mathematical Theory of Communication*, Weaver articulates
the vague feeling that information [mathematically defined] and meaning
may prove to be something like a pair of canonically conjugate
variables in quantum theory, they being subject to some joint
restriction that condemns a person to the sacrifice of the one as he
insists on having much of the other.
I was shocked when I first came across these words. Had this pillar of
conventional science actually discerned the richly textured polarity that
underscores the drive toward emptiness in so many scientific disciplines?
But, no, it immediately became clear that Weaver didn't "get it" at all.
For in the same essay, when he is imagining how one might begin to treat
meaning theoretically, he foresees our being able to talk about the "sum
of message meaning plus semantic noise", and also the "statistical
semantic characteristics" of a message. Clearly this was not a person who
recognized a polar interplay between quantifiable precision and some
opposing principle. Rather, he believed that any such opposing principle
could itself be quantified. What was going to enable his information-
related numbers to be *about* something was merely another set of numbers.
Given this fact, we can only shake our heads at Weaver's expression of
hope:
The concept of information developed in this theory at first seems
disappointing and bizarre -- disappointing because it has nothing to do
with meaning, and bizarre because it deals not with a single message
but rather with the statistical character of a whole ensemble of
messages, bizarre also because in these statistical terms the two words
*information* and *uncertainty* find themselves to be partners.
I think, however, that these should be only temporary reactions; and
that one should say, at the end, that this analysis has so
penetratingly cleared the air that one is now, perhaps for the first
time, ready for a real theory of meaning.
Almost exactly fifty years later we are still waiting for this theory from
cognitive scientists who, despite their protestations, remain fixated on
mathematics, logic, and syntax -- "one-pole researchers". Signs of
progress are hard to find.
The Loss of Balance
------------------
This brings us back to the two aspects of "information": on the one hand,
"stuff", and on the other hand, all the glamor of an influential technical
usage -- but one in which the notion of information has been stripped of
meaning. In both popular and scientific discourse, these two usages are
mixed up in a hopelessly incoherent way. We want the prestige of the
technical theory, but we also want to believe we're talking about the
meaningful content of communication rather than an obscure statistical
feature of the communication process. Unfortunately, we can't have both.
But that doesn't keep us from trying. Every laudatory reference to "The
Age of Information" is an attempt to have it both ways. The only thing to
be said about this contradictory, informational currency of the modern age
is that it doesn't exist.
The one-sided drive toward a purely mathematical grasp of something pre-
empts the polar balance of thought required for all understanding, and
finally deprives us of the "thing" we began to investigate in the first
place. But the human mind cannot function entirely without content, so we
inevitably import some sort of content through the back door, illicitly.
You will often find that even those who are explicating the technical
theory of information occasionally slip into a usage whereby information
becomes a content that can be transmitted -- an outrage against the
theory.
I think you have here a pretty good picture of the imbalance of the
technological society. At the pole of accurate abstraction and precise
manipulation, we find a well developed technical theory of information,
with its terms relatively sharp-edged and unambiguous. But at the other
pole, where we might hope to penetrate the depths of meaning with a
muscular "polar logic", we find Weaver's hope unfulfilled. Instead, we
see a word like "information" -- so far as it *does* aim toward meaningful
context -- dissolving into the limp shapelessness of "stuff". And we see
everywhere the confused assumption that, if we just concentrate a little
harder on the glamorous pole of precision, somehow profound revelation
will follow.
The alternative is to arrest the drive toward quantification before it
becomes absolute and destructive, and to bring it into tension with the
qualities of mind that give us content. We need to pursue meaning with
the kind of intensity that can counter and elevate our pursuit of
quantity, logic, and syntax.
Actually, while we do not have the theory of meaning Weaver hoped for (the
very idea of such a theory may be a contradiction), we do have some
remarkable *elucidations* of the meaning of meaning in the work of Owen
Barfield (see "Announcements and Resources" below), and I suspect that the
puzzles of the information age will yield to nothing less than a serious
reckoning with his work.
=================================================================
ABOUT THIS NEWSLETTER
NETFUTURE is a freely distributed newsletter dealing with technology and
human responsibility. It is published by The Nature Institute, 169 Route
21C, Ghent NY 12075 (tel: 518-672-0116). The list server is hosted by the
UDT Core Programme of the International Federation of Library
Associations. Postings occur roughly every couple of weeks. The editor
is Steve Talbott, author of *The Future Does Not Compute: Transcending the
Machines in Our Midst*.
Copyright 1999 by The Nature Institute.
You may redistribute this newsletter for noncommercial purposes. You may
also redistribute individual articles in their entirety, provided the
NETFUTURE url and this paragraph are attached.
NETFUTURE is supported by user contributions. For details, see
http://www.oreilly.com/~stevet/netfuture/support.html.
Current and past issues of NETFUTURE are available on the Web:
http://www.oreilly.com/~stevet/netfuture/
http://www.ifla.org/udt/nf/ (mirror site)
http://ifla.inist.fr/VI/5/nf/ (mirror site)
To subscribe to NETFUTURE send the message, "subscribe netfuture
yourfirstname yourlastname", to listserv@infoserv.nlc-bnc.ca . No subject
line is needed. To unsubscribe, send the message, "signoff netfuture".
Send comments or material for publication to Steve Talbott
(stevet@oreilly.com).
If you have problems subscribing or unsubscribing, send mail to:
netfuture-request@infoserv.nlc-bnc.ca
------------------------------
Date: Thu, 18 Feb 1999 18:31:47 -0600
From: Richard Thieme
Subject: File 2--Islands in the Clickstream. The Enemy Within (Real Y2K Bug)
Islands in the Clickstream:
The Enemy Within
The Enemy Within, a column on the human dimension of Y2K, was
published in the January 1999 issue of Information Security.
Copyright Information Security. It is available for
re-publication in company newsletters, but please email for
permission.
The Enemy Within
The real Y2K bug has a painfully familiar look.
BY RICHARD THIEME
Y2K is a planetary event, a bright radioactive dye in the arteries of our
hive mind. And these days, the hive is buzzing.
Our species can look pretty stupid. The comic strip "Dilbert" is a hit
because everybody in it looks dumb from the point of view of the one smart
person in the room: you, the reader. Y2K looks that way too, except it
isn't just a room. It's the whole planet.
And yet...what looks stupid is often an evolutionary adaptation that helps
us survive. Like short-term thinking.
The Human Side of the Cyborg
Denial is one of our best defenses, keeping us from being overwhelmed while
we process data at deeper levels. Many individuals, businesses and
countries ignored Y2K because it wasn't an immediate threat. This includes
the programmers who set up an entire civilization for a fall.
So although we "knew," on some level, that computer code and embedded chips
were two digits short of a full year, we skipped merrily through the woods
like Little Red Riding Hood. But now a real wolf is at the door, and we've
finally learned to pay attention.
But that's only part of the story. Many people have been working on Y2K for
years. They understood that Y2K is not so much a computer problem as a
project management problem, a war against a familiar enemy: our short-term
thinking. We are now marshalling our forces and coordinating logistical
support for the duration of that war.
But chips and computer code define only half the battlefield. The other
half is the head and heart of every community affected by the bug, from a
technical workgroup to a planetary civilization.
In all wars, the best-laid plans explode into chaos on the battlefield. As
foot soldiers cope with real bullets, the news back home must be managed so
civilians are enlisted in the cause, their resources mobilized, rather than
paralyzed by terror. The truth must be told in ways that call forth our
best efforts.
Y2K broke into our consciousness with a rash of alarming reports predicting
the breakdown of society. Journalists, televangelists and purveyors of
survivalist gear exploited the ignorance and fear of their various digital
flocks.
Questions from clients and online readers grew fearful: Should I convert
cash to gold? Buy guns? Move to a commune defended by its own militia? As
the first line of collective defense--denial, minimization,
rationalization--gave way, fight-or-flight kicked in. But fight what? That
left flight. But where should I run? Where should I hide?
Ironically, primordial responses such as these were triggered even more
strongly in sophisticated intellectuals who thought they were beyond them.
Their hidden "shadow selves" made them easy prey for millennium fever. Now
they've headed for the 'Net, TV and print the way many fled for the hills a
thousand years ago, the last time we imagined that the universe ticked to
our little culture's symbolic clock.
To Tell the Truth
Now, the first mass adrenaline rush has just about played out. Profiteers
will do their best to keep it alive. Meanwhile, utilities and banks, local
governments and military forces continue their mundane tasks, fixing
billions of lines of code, replacing millions of chips and switches.
But wars also require leaders that inspire the troops, keep civilians
enlisted in the cause, and see clearly through the smoke and confusion of
the battlefield. Their task is to articulate a vision of possibility and
promise linked to our real experience, then close the gap between them.
Human beings are remarkably resilient. Once we realize that a threat is
real and break it down into bite-sized chunks, our capacity for heroic
response is remarkable. All those doomsday scenarios projected into the
future forgot that feedback loops enable an organism to self-correct.
Some critical systems may very well not be ready. Redundant backup plans
for every contingency have been developed, from worldwide social unrest to
a few dark nights here and there. The human dimension is critical now,
because that will determine what happens next year.
Too much anxiety and fear can shut us down, making us feel helpless. Fritz
Perls said excitement is nothing but anxiety plus oxygen. So the task is to
pump up that anxiety and short-circuit the hardwired fight-or-flight
response.
In any list of coping skills, the fact of community is always at the top.
Community works. If the enemy is us, as Pogo said, the task of leadership
is to turn the enemy into an ally. We are the problem, but we are also the
solution. Once the truth of the battlefield is out and we know what we're
really up against, the best as well as the worst of humanity can show up.
(BULLETS)
We don't know what we don't know. Yes, there will be disruptions. Yes, the
stock market will (over)react. Yes, millennial fever will be contagious.
But a "time out" from our frantic pursuits isn't all bad. We can see things
in the dark when we are quiet that we can't see when the lights are on.
Hey, this is Planet Earth, not a Hollywood set. The universe can be
dangerous. Stars explode, galaxies collide. Better let go of things we
can't control and manage the rest.
Successful project management includes the human dimension. Managers and
leaders are responsible for telling the truth in a way that mobilizes our
resources and shifts us from an us/them mentality to "we have a problem."
In an insecure world, security begins with the acceptance of insecurity.
Then we can build structures that create security from the inside
out--structures of collaboration, threaded with feedback loops, in which we
are all held accountable to agreed-up goals and values.
**********************************************************************
Islands in the Clickstream is a weekly column written by
Richard Thieme exploring social and cultural dimensions
of computer technology. Comments are welcome.
Feel free to pass along columns for personal use, retaining this
signature file. If interested in (1) publishing columns
online or in print, (2) giving a free subscription as a gift, or
(3) distributing Islands to employees or over a network,
email for details.
To subscribe to Islands in the Clickstream, send email to
rthieme@thiemeworks.com with the words "subscribe islands" in the
body of the message. To unsubscribe, email with "unsubscribe
islands" in the body of the message.
Richard Thieme is a professional speaker, consultant, and writer
focused on the impact of computer technology on individuals and
organizations.
Islands in the Clickstream (c) Richard Thieme, 1998. All rights reserved.
ThiemeWorks on the Web: http://www.thiemeworks.com
ThiemeWorks P. O. Box 17737 Milwaukee WI 53217-0737 414.351.2321
------------------------------
Date: Wed, 24 Feb 1999 22:41:00 -0600 (CST)
From: Jim Thomas
Subject: File 3--"First-Hand Lesson in Censorship" - SSU (D. McCullah)
WIRED MAGAZINE
Declan McCullagh --> First-Hand Lesson in Censorship
by Declan McCullagh
9:00 a.m. 23.Feb.99.PST
Michaun Jensen's troubles began innocently enough in a computer lab at
Southern Utah University. She was researching a sociology paper
on censorship of offensive words and images.
Her first offense was viewing an erotic Web site. A student
complained. The lab monitor walked over to Jensen's computer and
warned her.
"He said, 'You need to stop,'" said Jensen, a 19-year-old junior.
Then she followed links to a Hitler Was A Pagan site, which
features a photo of Adolf Hitler alongside Italian dictator
Benito Mussolini with arm extended in a Fascist salute.
That was enough to prompt Gary Stewart, the student overseeing
the computer lab, to kick her out for violating the university's
rules on computer use.
It also fueled a campus debate -- including a front-page article
last week in the school newspaper -- that began simmering last
year over the breadth, scope, and constitutionality of the
policy, which bars students from downloading or viewing
"objectionable material."
Of course, Southern Utah University, nestled in conservative
Cedar City, Utah, is not alone in drawing up such rules. Many
administrators have grown nervous about Internet use, and in
their recent book, The Shadow University Alan Kors and Harvey
Silverglate list dozens of fear reaching examples.
Southern Utah University draws an unusually clear line, however,
barring computer users from reading controversial newspapers or
books online, even if the same publication appears in the school
library. The university says neither faculty members nor
students may use computers to "acquire, store, or display"
material that is "racially offensive" or "objectionable."
Jensen's professor argues that the school's library offers plenty
of books about Hitler, as well as microfiche copies of Playboy
going as far back as 1953.
------------------------------
Date: Wed, 24 Feb 1999 12:31:11 -0800 (PST)
From: Carl M. Kadie
Subject: File 4--Re: SUU student punished for visiting Hitler site
Some news (also available from http://www.eff.org/CAF):
The Southern Utah University has replaced the online version Computer
Policy with "The current policy is under review."
-- http://www.suu.edu/pub/policies/pp52acce.html
A report from the University Journal, the SUU student newspaper, is
now available online. It was originally published before the other
newspaper articles.
-- http://www.eff.org/CAF/cases/uj-ssu-edu.htm
------------------------------
Date: Wed, 24 Feb 1999 22:13:15 +0100
From: Jim Watt
Subject: File 5--Spanish Government Censors Net
Spanish Government Censors Net
---------------------------
Around three hundred years ago, the territory of Gibraltar became
British. Despite the fact that todays Gibraltarians reject any
suggestion of Spanish annexation, the Government in Madrid is
currently attempting an economic blockade following in the
footsteps of General Franco in the sixties, who closed the land
frontier.
Today we live in the world of the Internet, and in a recent
initiative the Gibraltar Government sponsored a web camera site
so that everyone can see what happens in real time.
The Spanish, who complained bitterly when they found Gibraltar
had an ISO country code of .gi and who still refuse to accept the
existance of international telephone code 350, have responded
by erecting blinds in front of the cameras, so that the world is
unable to see 'what goes on' at a border where motorists
suddenly have to queue for three hours to cross a few hundred
yards from one EU territory to another.
However, the issue is really censorship at its worst, a
government that is afraid to have its actions seen by the world
has something to hide.
Take a look at what the Spanish censor will allow you see at
http://frontier.gibnet.gi
'What have they got to hide?'
------------------------------
Date: Wed, 24 Feb 1999 13:40:07 -0500
From: Jamie McCarthy
Subject: File 6--Virginia criminalizes "Up Yours"
Source -- fight-censorship@vorlon.mit.edu
"Up Yours" and a hundred other stupid programs like it are
mailbombing tools. Some kid with a half a brain sat down and
wrote a program to send out a flood of unsolicited mail with a
forged return address; it takes advantage of open mail servers.
Yesterday, the Virginia State Legislature passed a law which makes
spamming a misdemeanor along with the more traditional forms of
computer theft: breaking into systems, erasing data, and so on.
Oh yes -- and if you distribute software which "facilitates"
spamming, you are subject to twice the penalties: $1000 per
offense, that is, per download of the software.
Thousands of ftp sites around the world that happen to host "Up
Yours" or similar programs will be operated by criminals, once the
governor signs this into law. Running an anonymous remailer that
fails to take steps to eliminate "bulk" mail abuse is probably
also illegal, since they "falsify" the header information.
The summary:
The bill provides for statutory civil damages of at least $500
for each and every illegal and unsolicited bulk electronic mail
message transmitted or actual damages, whichever is greater or
$1000 for each and every violation of the prohibition on
selling or distributing software which makes possible the
transmission of false e-mail.
The law:
B. It shall be unlawful for any person to sell, give or
otherwise distribute or possess with the intent to sell, give
or distribute software which facilitates or enables the
falsification of electronic mail header information or other
Internet routing information for the purpose of sending
unsolicited bulk electronic mail through or into the facilities
of an electronic mail service provider or its subscribers.
http://leg1.state.va.us/cgi-bin/legp504.exe?ses=991&typ=bil&val=sb881
http://leg1.state.va.us/cgi-bin/legp504.exe?991+ful+SB881
The ACLU is challenging the law.
http://www.zdnet.com/zdnn/stories/news/0,4586,2215334,00.html
--
Jamie McCarthy
jamie@mccarthy.org
http://jamie.mccarthy.org/
------------------------------
Date: Wed, 24 Feb 1999 22:19:00 -0600 (CST)
From: Jim Thomas
Subject: File 7--SB 881 Virginia Computer Crimes Act; electronic mail.
SB 881 Virginia Computer Crimes Act; electronic mail.
__________________________________________________________
Patron-William C. Mims
Summary as passed Senate:
Virginia Computer Crimes Act; electronic mail. Redefines
"computer services" for the purposes of the Virginia Computer
Crimes Act to include electronic mail or electronic message
services of an electronic mail service provider. The bill also
adds the following to the list of those acts constituting use
without authority or computer trespass: (i) using the services
of anelectronic mail service provider in contravention of the
authority granted by or in violation of the policies set by
the electronic mail service provider; (ii) falsifying e-mail
transmission information in connection with the transmission
of unsolicited bulk e-mail; and (iii) selling or distributing
software which makes possible the transmission of false e-mail
with the intent to facilitate the transmission of false
e-mail. The bill provides for statutory civil damages of at
least $500 for each and every illegal and unsolicited bulk
electronic mail message transmitted or actual damages,
whichever is greater or $1000 for each and every violation of
the prohibition on selling or distributing software which
makes possible the transmission of false e-mail.
------------------------------
Date: Wed, 24 Feb 1999 15:52:00 -0600
From: Bennett Haselton
Subject: File 8--Breaking News: Netscape browser security hole
There is a headline story on News.com at:
http://www.news.com/News/Item/0,4,32864,00.html?st.ne.fd.gif.d
about a security hole that I found and told them about a few
hours ago, in Netscape Communicator 4.x. The security hole
allows you to view any file on a person's hard drive if they use
Netscape Communicator for Windows.
Of the different browser bugs that ever been found, bugs that
allow you to read the contents of a person's hard drive are
considered *by far* the most serious. Only a handful have ever
actually been discovered.
The News.com article links to a page on Peacefire.org that
demonstrates the security hole at
http://www.peacefire.org/readfile/
(Note: this is *not* the same as the security hole that I found
in HotMail a few weeks ago, which you may have also gotten an
e-mail about.)
This is off the beaten path from the anti-Internet-censorship
issues that Peacefire works on (and that I usually send out
e-mails about), but I thought you might be interested since this
story is less than an hour old.
------------------------------
Date: Sun, 10 Jan 1999 22:51:01 CST
From: CuD Moderators
Subject: File 9--Cu Digest Header Info (unchanged since 10 Jan, 1999)
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically.
CuD is available as a Usenet newsgroup: comp.society.cu-digest
Or, to subscribe, send post with this in the "Subject:: line:
SUBSCRIBE CU-DIGEST
Send the message to: cu-digest-request@weber.ucsd.edu
DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS.
The editors may be contacted by voice (815-753-6436), fax (815-753-6302)
or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115, USA.
To UNSUB, send a one-line message: UNSUB CU-DIGEST
Send it to CU-DIGEST-REQUEST@WEBER.UCSD.EDU
(NOTE: The address you unsub must correspond to your From: line)
CuD is readily accessible from the Net:
UNITED STATES: ftp.etext.org (206.252.8.100) in /pub/CuD/CuD
Web-accessible from: http://www.etext.org/CuD/CuD/
ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/
wuarchive.wustl.edu in /doc/EFF/Publications/CuD/
EUROPE: ftp.warwick.ac.uk in pub/cud/ (United Kingdom)
The most recent issues of CuD can be obtained from the
Cu Digest WWW site at:
URL: http://www.soci.niu.edu/~cudigest/
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
------------------------------
End of Computer Underground Digest #11.13
************************************
<--">Return to the Cu Digest homepage
Page maintained by: Jim Thomas - cudigest@sun.soci.niu.edu