Computer underground Digest Sun 12 March, 2000 Volume 12 : Issue 01 ISSN 1004-042X Editor: Jim Thomas (cudigest@sun.soci.niu.edu) News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu) Archivist: Brendan Kehoe Copernicus Editor: Etaion Shrdlu, III Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Cu Digest Homepage: http://www.soci.niu.edu/~cudigest CONTENTS, #12.01 (Sun, 12 March, 2000) Subject: File 1: CuD hasn't gone away (yet) Subject: File 2: REVIEW: "The Network Press Encyc. of Networking" Subject: File 3: REVIEW: "Sams Teach Yourself E-Travel Today", Mark Orwoll Subject: File 4: REVIEW: "Bad Memory", Duane Franklet Subject: File 5: REVIEW: "The Cathedral and the Bazaar", Eric S. Raymond Subject: File 6: REVIEW: "Using Samba", R. Eckstein/D. Collier-Brown/P. Kelly Subject: File 7: REVIEW: "The Alien Years", Robert Silverberg Subject: File 8: REVIEW: "Database Nation", Simson Garfinkel Subject: File 9: REVIEW: "Intrusion Detection", Rebecca Gurley Bace Subject: File 10: REVIEW: "The Zero Hour", Joseph Finder Subject: File 11: REVIEW: "The Toyotomi Blades", Dale Furutani Subject: File 12: Subject: File 7--Cu Digest Header Info (unchanged since 12 Mar, 2000) Computer underground Digest Sun 12 March, 2000 Volume 12 : Issue 01 ISSN 1004-042X Editor: Jim Thomas (cudigest@sun.soci.niu.edu) News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu) Archivist: Brendan Kehoe Copernicus Editor: Etaion Shrdlu, III Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Cu Digest Homepage: http://www.soci.niu.edu/~cudigest --------------------------------------------------------------------- Date: Sat, 11 Mar 2000 15:11:50 -0600 (CST) From: Computer underground DigestSubject: File 1: CuD hasn't gone away (yet) This month marks CuD's tenth birthday (as it really been 10 years since the "hacker crackdowns" that began it all?). As many have noticed, CuD hasn't appeared for about six months primarily because the non-cyber obligations of the editors have been a bit overwhelming. Many of you have sent posts, articles, and other information in the past six months that hasn't appeared, and for which we apologize. Much of it is no longer timely and won't appear. However, we will attempt to publish as much of the recent material that remains "current," starting with the most recent book reviews by Rob Slade, which many readers missed. We will try to catch up on all of his reviews in the last six months. CuD will also be sent out from a new address (cudigest@sun.soci.niu.edu) beginning with this issue. CuD will continue the occasional blurbs on computer crime and security, but our focus will continue to be computer/techno-culture. Coming issues will feature online research ethics and especially online/distance learning. As always, we encourage substantive discussions, conference news and notes, and feature articles of between 400-800 K. Subscription and other information, as always, is at the end of each issue. Jim and Gordon ------------------------------ Date: Wed, 23 Feb 2000 07:59:10 -0800 From: "Rob Slade, doting grandpa of Ryan and Trevor" Subject: File 2--REVIEW: "The Network Press Encyclopedia of Networking", Werner F BKENCNTW.RVW 20000114 "The Network Press Encyclopedia of Networking", Werner Feibel, 2000, 0-7821-2255-8, U$84.99/C$127.95/UK#60.99 %A Werner Feibel %C 1151 Marina Village Parkway, Alameda, CA 94501 %D 2000 %G 0-7821-2255-8 %I Sybex Computer Books %O U$84.99/C$127.95/UK#60.99 800-227-2346 Fax: 510-523-2373 %P 1444 p. + CD-ROM %T "The Network Press Encyclopedia of Networking, Third Edition" Writing an encyclopedia is a difficult job, no question. It must be particularly difficult in a technical field. Feibel has obviously put a lot of work into the project, but the result remains problematic. First off, it is rather difficult to see this as an encyclopedia. There are a great many short entries simply defining terms, so the book might be closer to a dictionary. There are, though, a number of longer articles on major topics. The second point to make is that not all of the book is about networking. Granted, it is difficult to say where to draw the line between technologies, but a great number of listings refer to computers, particularly of the Wintel/PC variety, and have little or nothing to do with networking or communications. On the other hand, "AI" refers only to authentication information, with no mention of the rather more well known artificial intelligence. The original title was "Novell's Encyclopedia of Networking," and that still shows up in entries such as "Access Rights," where the material is completely NetWare specific. "//" is defined (Novell owned the UNIX trademark for a while) but not the Microsoft equivalent "\\." However, there is a rather good piece on the Windows NT Administrator account, among others, so Microsoft is by no means ignored. Some articles have a depth that is hard to find even in specialized books on the topic. For example, I have reviewed texts dedicated to firewalls that only describe packet filters, with no mention of proxy servers, let alone the two different types. There is an excellent essay on application proxy servers (albeit with lousy examples) in here, but it is followed by two rather shoddy pieces on circuit level proxies and firewalls respectively. And that, unfortunately, seems to be a rather big problem. For every good bit, there are several parts that are misleading, poorly explained, or flat out wrong. Some mistakes can be put down to pure carelessness, such as calling Corel "Lerel," or Teledesic "Teledisc." Other times the wording or explanation is negligent, such as the assertion that, in 7-bit ASCII, the eighth bit is used for parity. (This depends entirely on the situation.) Bang path addressing seems to be conceptually understood, but poorly illustrated, whereas it is hard to say whether the concept of "store and forward" is understood at all. It is difficult to see how listings like "DS" (as in the bandwidth levels of DS-1, DS-3, and so forth) explain anything. And I'd defy anyone to justify the definition of HTML (HyperText Markup Language) as a scripting language. The article on 56K modems has a number of errors, and even a logical fallacy. The discussion of agents makes no distinction between viruses and mobile code. (On the other hand, Fred Cohen might like that.) "Algorithm" contains a rather odd grab bag of examples. Lots of words and examples still fail to properly explain either the complete function or the usage syntax for anchor tags. The description of an antivirus confuses the various types of antiviral software with modes of operation. The entry for archie isn't too realistic, and is probably dated. The illustration for graded index fibre optic cable is completely backwards. "Hit" makes no reference to Web sites. Part of the problem is that Feibel seems quite willing to include his own, or at least very non-standard, terminology. "Cathedral" is used to refer to proprietary software, and, while Eric Raymond's piece on "The Cathedral and the Bazaar" is very good, I'm sure that even Raymond would agree that "open source" is more widely understood than "bazaar." "Optimistic security" is fairly easily construed, but it is not a term that is used in the security field. Since the entry for "typewriter" is obviously a joke, you have to peruse the Jargon File to find out that somebody wasn't having Feibel on about "bytesexual." Many extremely specialized terms get very brief entries that don't explain much. Ordering of the numbers section goes by the size of the number, not alphabetic ordering, so that 802.2 comes before 1000 which comes before 3780 which comes before 6611 which comes before 41449. Cable refers only to twisted pair, except that there are also separate listings for "cable, coaxial" and "cable, fiber-optic." Many protocols are not listed as themselves but as "protocol, ...," and, combined with the format for cross references, this appears to make "CHAP" refer to "Challenge Handshake Authentication Protocol" which refers to "CHAP" without ever telling you what it is. Cross references are also spotty: ADSL (Asymmetric Digital Subscriber Line), DSL (Digital Subscriber Line), SDSL (Symmetric Digital Subscriber Line), and VDSL (Very-high-speed Digital Subscriber Line) don't refer to each other, and none refer to HDSL (High-speed Digital Subscriber Line)--which refers to them all. The article on ActiveX is good, reasonably fair and complete. The definition of freeware is much better than in most dictionaries. Instant messaging is right up to the minute (as opposed to PGP, which hasn't been updated since the second edition, and BITNET which was probably out of date when the first edition came out). The listing for viruses is much better than I have come to expect. Overall, however, the work is simply not as reliable as one needs an encyclopedia to be. It might be handy as a reference to trigger a reminder, but if you don't already know the technology you cannot be sure that what you find here is the straight goods. copyright Robert M. Slade, 2000 BKENCNTW.RVW 20000114 ------------------------------ Date: Fri, 25 Feb 2000 08:09:49 -0800 From: "Rob Slade, doting grandpa of Ryan and Trevor" Subject: File 3--REVIEW: "Sams Teach Yourself E-Travel Today", Mark Orwoll BKETRAVL.RVW 20000119 "Sams Teach Yourself E-Travel Today", Mark Orwoll, 2000, 0-672-31822-9, U$17.99/C$26.95/UK#12.99 %A Mark Orwoll askmark@amexpub.com %C 201 W. 103rd Street, Indianapolis, IN 46290 %D 2000 %G 0-672-31822-9 %I Macmillan Computer Publishing (MCP) %O U$17.99/C$26.95/UK#12.99 800-858-7674 317-581-3743 info@mcp.com %P 302 p. %T "Sams Teach Yourself E-Travel Today" This guide would appear to be aimed primarily at those who are completely comfortable with the Internet, but are totally new to travel planning. There isn't much material on the net and its tools, but more pointers of the "oh yes, you will want to find out this type of information" type. Part one starts out with basic facts. Chapter one is a sampling of travel tools on Web sites, starting out with the suggestion that you learn how to use a search engine. (On your own.) How to bookmark Web sites is explained in chapter two. That might be just a tad patronizing, but chapter three's points on how to evaluate the reliability of a Web site are actually very good. Chapter four introduces the major tour guide sites. Web sites for foreign newspapers are mentioned as a good source of pre-travel info in chapter five, but Orwoll doesn't mention the fact that a very large number of foreign radio stations now also broadcast over the net. Government tourism sites are discussed in chapter six. Part two outlines the process of planning a vacation. Chapter seven gives you a quiz to determine what kind of traveller you are, although this doesn't seem to have an awful lot of relevance to the rest of the book. Chapter eight is a bit odd, and it tersely reprises a look at a couple of search engines. Unusual sources of information, such as the US State Department, the CIA World Factbook, and personal travel sites, are suggested in chapter nine. The sites in chapter ten seem to have been chosen almost randomly. There is limited information on weather and events in chapter eleven. Part three looks at booking travel online, with respective chapters discussing online travel agents, travel planning tools, hotels, airfare (with very good tips), rail, car rentals, and sea transport. Part four deals with other travel preparations. Chapter nineteen covers taking your laptop along, but doesn't mention such areas as taking along proof of purchase, electrical adapters, and phone systems and adapters (for modems). There are sites you can use to obtain information about required documents, discussed in chapter twenty. Digital cameras are recommended in chapter twenty one. Chapter twenty two closes with miscellaneous travel tips. There is a lot of joking around in the writing, to very little purpose. The humour does not really support the material under discussion, and even detracts a bit at times. The Internet content is fairly limited, and I found it a bit surprising how few Web sites were included, among the thousands that are out there. On the other hand, Orwoll does seem to go for quality. For those new to travel planning, this book should provide some valuable and useful suggestions. But you'll have to do a lot of work yourself. copyright Robert M. Slade, 2000 BKETRAVL.RVW 20000119 ------------------------------ Date: Mon, 28 Feb 2000 08:18:47 -0800 From: "Rob Slade, doting grandpa of Ryan and Trevor" Subject: File 4--REVIEW: "Bad Memory", Duane Franklet BKBDMMRY.RVW 20000122 "Bad Memory", Duane Franklet, 1997, 0-671-00066-7 %A Duane Franklet %C 1230 Avenue of the Americas, New York, NY 10020 %D 1997 %G 0-671-00066-7 %I Simon & Schuster %O +1-212-698-7541 %P 408 p. %T "Bad Memory" I liked this book. The plot is gripping, right up to the end. (The ending isn't exactly satisfying: you would think that Franklet, having dragged the reader through all manner of mayhem, would relent a bit and lighten up.) The central character is very sympathetic, as well as being very real. One part of the plot makes no sense, and doesn't fit with anything else, but it isn't essential, and doesn't necessarily detract from anything. The technology is generally pretty good, too. A lot of things are right, or almost so. (There is one piece of communications technology that seemed rather stupid to begin with, but turns out to be quite valid. Except that to discuss it would be to give the game away, and that wouldn't be fair.) Let's start with the technology parts that are right. The computer industry and work background is great. Realistic, not too far off the beam either way. The computers are authentic, if just a little bit dated for the time the book was written. The fact that computers would have different versions, levels, and configurations is true, though. The description of technical support is quite accurate. Even the undelete capability is used to good advantage. The specifics of various of the cracker attacks are unclear (not detailed), but don't work as well. The configuration of most machines that are described rely on DOS (possibly with Windows 3.x on top) and probably a Novell network. An H: drive is therefore probably not a local drive. An error message given at one point is for a floppy drive, not for a hard drive. "Address unavailable" wouldn't show up when doing low level packet sniffing on an Ethernet network. An Ethernet address could quite easily disappear from the net without a trace: all it would have to do is stop transmitting. (On Ethernet you don't want extraneous transmissions.) Windows, DOS, or Novell patches generally aren't distributed in the manner described, and certainly most of the patches so distributed would *not* immediately be implemented. A data security specialist would probably not hold an executive position at the level described. A company of the size and type described would probably have, at most, a handful of security people, rather than the department that seems to be available in the book. An outside security team of the type described would probably not be feasible: security is more of a management than a technical task, and having a bunch of outsiders come in and turn your company upside down would likely do more harm than good. One final note: cellular call detail definitely would be available to the account holder of record. Call detail, according to American law, must be made available to the paying party, and cell calls both made and received by the cell phone generate an airtime charge. Most people probably aren't aware of this, but even if you block caller ID, a call to an 800 number means the owner of the 800 number gets your number. copyright Robert M. Slade, 2000 BKBDMMRY.RVW 20000122 ------------------------------ Date: Tue, 29 Feb 2000 08:00:29 -0800 From: "Rob Slade, doting grandpa of Ryan and Trevor" Subject: File 5--REVIEW: "The Cathedral and the Bazaar", Eric S. Raymond BKCATBAZ.RVW 20000125 "The Cathedral and the Bazaar", Eric S. Raymond, 1999, 1-56592-724-9, U$19.95/C$29.95 %A Eric S. Raymond esr@thyrus.com esr@ccantares.scupa.edu %C 103 Morris Street, Suite A, Sebastopol, CA 95472 %D 1999 %G 1-56592-724-9 %I O'Reilly & Associates, Inc. %O U$19.95/C$29.95 800-998-9938 fax: 707-829-0104 nuts@ora.com %P 268 p. %T "The Cathedral and the Bazaar" At the top of the front cover, we have a quote from Guy Kawasaki telling us that this is "[t]he most important book about technology today, with implications that go far beyond programming." I'm not entirely sure that I can unreservedly go along with the bit about most important, but the far-reaching implications I can agree with wholeheartedly. This is a collection of essays, spanning many years. I tend to cringe at essay collections, since all too many of them have problems with staying on topic, finding a common audience, and presenting consistent readability. A single author tends to make a better job of fulfilling those factors, but doesn't always have much to deliver beyond a single and fairly unimportant idea again, and again, and again. Eric Raymond, however, can be counted upon to say well what he has to say. More importantly, he has something to say. These essays follow the common thread of the open source movement, but examine it from a variety of significant angles. An introduction briefly presents the case for considering open source. "A Brief History of Hackerdom" gives a historical background to the hacker culture, from which the open source movement got its primary roots. Ironically, while Raymond demonstrates erudition in his presentation of historical and social parallels in other fields, he neglects the non-UNIX computer hobbyist communities, such as Apple user groups, DECUS, and Fidonet. The eponymous "Cathedral and the Bazaar" recounts personal observations of an open source project, backed up by social analysis of the success. Drawing from Fred Brooks' "The Mythical Man-Month" (cf. BKMYMAMO.RVW), Raymond outlines the conditions under which Brooks' Law (throwing staff at a late project makes it later) does not apply, and establishes that open source is not a utopian dream, but a practical reality. "Homesteading the Noosphere" recalls the work Raymond has done with the Jargon File and "The New Hacker's Dictionary" (cf. BKNHACKD.RVW) in documenting the sociology of hacker culture, and is arguably the most important article in the book. One example is the insight that hacker culture is characterized by openness while the often confused cracker/pirate/phreak "community" is most definitely closed. "The Magic Cauldron" examines the viability and sustainability of the open source movement, and presents real and logical reasons for its survival. Finally, "Revenge of the Hackers" grounds all of this discussion very much in the real world with the cases of Linux, Netscape, and other open source examples. Not all of them are unqualified successes at this point, but they are evidence that open source is not just an academic speculation. As the dust jacket quote says, though, open source has meaning beyond software development. As David Brin pointed out the ironies of privacy in "The Transparent Society" (cf. BKTRASOC.RVW), and Jeffrey Pfeffer outlined in "The Human Equation" (cf. BKHUMEQU.RVW) the contradiction of making your staff work like a well-oiled machine by not treating your employees like machines, so Raymond's examples of technology development touch on an enormous range of human endeavour in work, management, and a variety of social interactions. While the projects discussed will have the greatest meaning for those who know programming, the lessons to be learned, and the social experiments to be explored, have implications for everyone. copyright Robert M. Slade, 2000 BKCATBAZ.RVW 20000125 ------------------------------ Date: Thu, 2 Mar 2000 15:38:44 -0800 From: "Rob Slade, doting grandpa of Ryan and Trevor" Subject: File 6--REVIEW: "Using Samba", R. Eckstein/D. Collier-Brown/P. Kelly BKUSAMBA.RVW 20000126 "Using Samba", Robert Eckstein/David Collier-Brown/Peter Kelly, 2000, 1-56592-449-5, U$34.95/C$51.95 %A Robert Eckstein %A David Collier-Brown %A Peter Kelly %C 103 Morris Street, Suite A, Sebastopol, CA 95472 %D 2000 %G 1-56592-449-5 %I O'Reilly and Associates %O U$34.95/C$51.95 707-829-0515 fax: 707-829-0104 nuts@ora.com %P 416 p. %T "Using Samba" Server Message Block (SMB) is a protocol used for simple client-server networking. More importantly, however, it is the protocol used in Microsoft's basic Windows products. There are Windows clients for other protocols, such as NFS (Network Subject: File System), but these are not supplied with the operating system and must be purchased separately. As well, these add-on clients are not as tightly coupled with the Windows operating system and its functions. Samba is a UNIX server program using the SMB protocol. This allows UNIX administrators to set up file and print sharing on UNIX machines, for access and use by Windows PCs without specialized clients on all the workstations. Chapter one is an introduction to Samba and the basic SMB concepts. Compilation and installation of Samba on the UNIX server are covered in chapter two. Setup of Windows clients is dealt with in chapter three, as well as some header level information about the protocol itself. The material details configuration of Windows 9x and NT separately, because of the slight differences in menus and dialogue boxes. The instructions are quite detailed, even down to the information that the IP 192.168.x.x address range can be used for internal LANs, although more time is spent with the 9x versions than with NT. Most of the rest of the book is spent on configuration options for Samba. Chapter four provides an outline of the smb.conf file and the basic preference settings. Browsing (functions advertising and searching for resources) and advanced file sharing choices are given in chapter five. Security related settings are discussed in chapter six, along with some practical tips. Chapter seven looks at printing and name resolution, while miscellaneous functions are presented in chapter eight. Chapter nine outlines not just troubleshooting tools, but also detailed procedures. Appendices list information on the use of SSL (Secure Sockets Layer), performance tuning, daemons and commands, as well as a command reference. The book is aimed at experienced UNIX administrators. The explanations of how Windows works will definitely be of help to these people. However, it is a bit of a pity that slightly more information wasn't included about UNIX for those not familiar with the system. While there certainly are good references for UNIX administration available (many of them coming from O'Reilly), it is arguably the case that the greater "market" for Samba is among those who administer Windows networks, and need the basic and reliable server functions that UNIX can provide. copyright Robert M. Slade, 2000 BKUSAMBA.RVW 20000126 ------------------------------ Date: Tue, 7 Mar 2000 08:49:21 -0800 From: "Rob Slade, doting grandpa of Ryan and Trevor" Subject: File 7--REVIEW: "The Alien Years", Robert Silverberg BKALNYRS.RVW 20000130 "The Alien Years", Robert Silverberg, 1998, 0-06-105111-X %A Robert Silverberg %C 10 East 53rd Street, New York, NY 10022-5299 %D 1998 %G 0-06-105111-X %I HarperCollins/Basic Books %O 212-207-7000 fax: 212-207-7433 information@harpercollins.com %P 488 p. %T "The Alien Years" Silverberg is an experienced novelist. He has some fairly complex characterization in this book, although the attempt to make this a multigenerational work strains the personae a bit. And, despite an early disparaging of H. G. Wells' cop out in "War of the Worlds," Silverberg's deus recidivus machina is every bit as forced. The titular aliens come among us with a highly advanced technology, about which little is said. Even though almost nothing can be inferred from the information that is given, there are still a number of contradictions in the book. Some of the contradictions seem to be simple carelessness. One section of the book, having given numbers for the population of a specific area, thereafter asserts a number of vehicles that means there are more cars running around than there are people to drive them. Having said that the world's population has been cut in half (with minor local variations) another section has the number down to about one percent. In regard to the population drop, the book outlines a collapse of government, communications, commerce, and transport (which even the book finds strangely extreme), and yet only a relative handful of people die in the kind of disruption that an event like that would create. Technology and production plummets, with car parts and even cloth becoming impossible to obtain, and yet intermittent times in the book find advanced weaponry, advanced computers, and advanced car models suddenly appearing. Let us start with some fairly basic technical problems. The alien technology is said to be able to stop electrical devices, including generators, batteries, and even simple light bulbs, from working. In regard to our own technology, this interference with electrical circuitry is said to stop any kind of transport. Diesel engines, as only one example, have electrical systems but do not require electricity to run: the ignition part of the diesel cycle relies on compressed air, and not an electric spark. However, the aliens are also able to be selective about this electrical impediment. Modems are specifically said to be forbidden, while telephones still work. (Mind you, later in the book everyone seems to be communicating via email, so this is yet another careless contradiction.) Since almost all telephone switches are digital, this means that codecs (coder/decoders) work while modems don't. A. C. Clarke and his comments about a sufficiently advanced technology to the contrary, this kind of "magic" still has to obey the laws of logic. The kind of differentiation required here strains the limits of the ability to determine intent in technical devices, which the work of Fred Cohen indicates is not reliably possible. Finally, we have a cracker breaking into the aliens' computer system. Given the ability to control electricity remotely for an entire planet, we have to figure that these guys know enough about TEMPEST technology to shield their computers from transmitting through the sewer pipes. Our lone cracker is also able to succeed where thousands of others, working in concert, with access to more technology, and knowing that it is possible, fail to follow in more than fifty years of trying. But that is probably to be expected. The computer technology in this book is Tekwars technology, Lawnmower Man technology, Sneakers technology: all graphics, flashes, and feeling. No function. The description of being able to "see" over a serial link, "feel" unknown systems at a distance, and "get behind" access controls that guard the only connection demonstrate a rather wilful ignorance of the realities and necessities of computer and communications technology, regardless of who builds it. copyright Robert M. Slade, 2000 BKALNYRS.RVW 20000130 : ------------------------------ Date: Thu, 9 Mar 2000 07:50:20 -0800 From: "Rob Slade, doting grandpa of Ryan and Trevor" Subject: File 8--REVIEW: "Database Nation", Simson Garfinkel BKDBSNTN.RVW 20000201 "Database Nation", Simson Garfinkel, 2000, 1-56592-653-6, U$24.95/C$36.95 %A Simson Garfinkel simsong@vineyard.net %C 103 Morris Street, Suite A, Sebastopol, CA 95472 %D 2000 %G 1-56592-653-6 %I O'Reilly & Associates, Inc. %O U$24.95/C$36.95 800-998-9938 fax: 707-829-0104 nuts@ora.com %P 312 p. %T "Database Nation: The Death of Privacy in the 21st Century" This is a very hard book to define. The title would indicate that it is a technical work, but databases do not figure either centrally or prominently in the work, and, while the technical material is not wrong, it is not always either significant or advanced. The subtitle, plus the dust jacket comments, plus the definition of privacy as "fundamentally about the power of the individual" (p. 5), would indicate that this is a political text. Indeed, the central recommendation of the book is that the US government should promulgate legislation regarding privacy. (This proposal, plus the very strong focus upon the situation and history of the United States will seriously limit the interest that the volume might have for those outside the US.) Chapter one starts out with a number of rather nasty scenarios, but the problems appear to refer more to bad design than they do to privacy as such. Indeed, this foreshadows the content of the book as a whole, since the technical material, when it does appear, points out shoddy engineering and insufficient planning rather than attacks on confidentiality. (On the other hand, as a harangue against poor preparation the work presents some excellent examples.) The statement that "unrestrained technology ends privacy" is made somewhat baldly. Since the political definition of privacy previously cited is the only one given in the book this is almost true by definition, but it is, as such, uninteresting. No support is made to give the assertion any other depth. The penultimate section of the opening chapter talks about opposing informational intrusions, but neither there nor at the few other points in the book that touch on the subject are we given a serious discussion of how this might be done. The last section is entitled "Why This Book" and makes reference to the wake up call that "Silent Spring" was for the environmental movement. However, the case being made against technology as necessarily the enemy of privacy would not seem to justify this position. Chapter two is a history of US record keeping and credit reporting, and the problems reported generally relate to authentication and integrity. One interesting point is that Garfinkel appears to be strongly in favour of a national combined database for the United States, a proposal that gives most other privacy analysts hives. Various problems with biometric systems are reviewed (quite well) in chapter three, but although the fact that UPS collects digitized signatures is mentioned, the point is weakened (as in a number of other areas of the book) by not including the proposed sale of this database. Automatic data collection is discussed, but the proposed alternatives are very weak, in chapter four. Chapter five looks at satellite, video, and other sensors. Medical records, and the special problems thereof, are covered in chapter six. The ideas of David Brin's "The Transparent Society" (cf. BKTRASOC.RVW) are opposed here (as in some other sections of the text), but the suggested alternative sounds very much like the "reciprocal openness" that Brin proposes. Chapter seven reviews direct marketing. Ownership of personal information is discussed in chapter eight, with a heavy emphasis on the debate over genetic data. A long overview of terrorism is followed by a brief, but very intense, examination of surveillance in chapter nine. (This includes a rather forced look at brain mapping as a forerunner of mind reading.) Chapter ten raises various points in respect of artificial intelligence and agent technology, but is confusing to follow. A call is made for more legislation in regard to privacy in chapter eleven. As well, Garfinkel tries to argue that technology is *not* privacy neutral, but the example used does not support the point: again we are looking at a clear case of poor design. Most of the writing is good, but there are numerous small and sloppy errors that are annoying. Sentences are misplaced, anecdotes are started but not finished, and arguments are not followed to completion. Garfinkel strives for balance in the material presented, but his own points seem weak. This debility is not a function of fairness, though. For instance, in chapter nine a table seems to clearly indicate that wiretaps play no role in counterterrorism, but this point is never pursued in the text. As far as making the case that privacy is under attack, other works seem to have done a better job. "The Electronic Privacy Papers" (cf. BKELPRPA.RVW), for example, presents far more evidence of US government action against privacy. "Privacy on the Line" (cf. BKPRIVLN.RVW) gives a better background, although it doesn't provide much in the way of direction. "Technology and Privacy" (cf. BKTCHPRV.RVW) is more advanced and has the benefit of an international overview. "The Transparent Society," previously mentioned, not only provides a good framework, but its counter- intuitive reversal of perspective ensures a thorough analysis. "Database Nation" is certainly readable and probably thought- provoking. It may not, however, be the book that the promotion is making it out to be. copyright Robert M. Slade, 2000 BKDBSNTN.RVW 20000201 ------------------------------ Date: Fri, 10 Mar 2000 07:57:16 -0800 From: "Rob Slade, doting grandpa of Ryan and Trevor" Subject: File 9--REVIEW: "Intrusion Detection", Rebecca Gurley Bace BKNTRDET.RVW 20000202 "Intrusion Detection", Rebecca Gurley Bace, 2000, 1-57870-185-6, U$50.00/C$74.95 %A Rebecca Gurley Bace %C 201 W. 103rd Street, Indianapolis, IN 46290 %D 2000 %G 1-57870-185-6 %I Macmillan Computer Publishing (MCP) %O U$50.00/C$74.95 800-858-7674 317-581-3743 http://www.mcp.com %P 339 p. %T "Intrusion Detection" Bace's take on this topic (and title) provides a solid and comprehensive background for anyone pursuing the subject. Concentrating on a conceptual model the book is occasionally weak in regard to practical implementation, but more than makes up for this textual deficiency with a strong sense of historical background, developmental approaches, and references to specific implementations that the practitioner may research separately. (Look, guys, can we give the reviewers a break here and work on *some* variation in the title?) Chapter one presents a history of intrusion detection starting with system accounting, through audit systems, to the most recent research and experimental systems. The definitions and concepts focus from broad security theory to specific intrusion detection principles and variants in chapter two. Intrusion detection requires analysis of system and other information, and chapter three describes the sources for this data. Chapter four may be somewhat disappointing to security managers in that the discussion of analysis is academic and possibly weak in tone, even though real systems are used as illustrations. The review of possible responses, in chapter five, includes warnings against inappropriate overreactions. Vulnerability analysis, including a close look at controversial tools like COPS, SATAN, and ISS, is dealt with in chapter six. Chapter seven talks about technical issues that are still to be addressed. (The organization of this chapter is a bit loose, with some sections, such as those on reliability and analysis, seeming to overlap material.) Real world challenges are the topic of chapter eight, along with examples of attacks and intrusion detection system (IDS) design considerations. This section seems to reprise much of the content of the vulnerabilities chapter. Dealing with legal issues, evidence, and privacy in chapter nine it is nice to see some newer examples than the old "berferd" and "wiley hacker" standards. Chapter ten's review of intrusion detection systems, and actions to take if penetrated, addresses the informed user. Security administrators and strategists, at the executive level, are presented with everything from the need for security goals to globalization in chapter eleven. Designers get a few general guidelines in chapter twelve, along with comments from those who have been implementing exemplary systems. Chapter thirteen is a realistic look at future developments in attacks and defence. Of the other "Intrusion Detection" books, Terry Escamilla's (cf. BKINTRDT.RVW) is simply not in the same league, being basically a promotional brochure. "Network Intrusion Detection," by Stephen Northcutt (cf. BKNTINDT.RVW), is likewise not as clever as it thinks it is. Edward G. Amoroso (cf. BKINTDET.RVW) is very close in both quality and usefulness, and possibly has the edge in practical terms, although his book is a bit narrower in focus. Bace provides a comprehensive overview and conceptual background that will ensure this text becomes a basic security reference. copyright Robert M. Slade, 2000 BKNTRDET.RVW 20000202 ------------------------------ Date: Thu, 24 Feb 2000 07:22:01 -0800 From: "Rob Slade, doting grandpa of Ryan and Trevor" Subject: File 10--REVIEW: "The Zero Hour", Joseph Finder BKZEROHR.RVW 20000118 "The Zero Hour", Joseph Finder, 1996, 0-380-72665-3 %A Joseph Finder %C 1350 Avenue of the Americas, New York, NY 10019 %D 1996 %G 0-380-72665-3 %I Avon Books/The Hearst Corporation %O +1-800-238-0658 avonweb@hearst.com %P 432 p. %T "The Zero Hour" This is a thriller, with the standard financier-driven-mad-by-bungled- US-attempt-to-kidnap-him-leading-to-his-wife's-death-bent-on-revenge- by-destroying-US-financial-system-by-ruining-the-computer-network plot. Now, Finder seems to have had some pretty high-powered help, given some of the names in the acknowledgements. In fact, the book gets an awful lot of technology right, where most fiction gets it wrong. There is, for example, some really excellent stuff on bomb forensics. The description of recovery of the previous track on a re-recorded tape is bang on. The social engineering that goes on, from both sides, is pretty good, too. Even bugging technology is more realistic than usual. But there are still some problems. The process of tracking down a cell phone has good points and bad points. A cell phone can be located by localizing the tower it is transmitting to, and you can even narrow that down by measuring signal strength between towers. But that information is available more or less immediately, since the cell system has to know where the phone is in order to place a call to it. In addition, cell phones do transmit even when they are not actually on the air. But not, as the book seems to indicate, continuously. Every few minutes a cell phone broadcasts its presence. Therefore, the cell system would know where the phone is pretty much all the time, even if a call had not been placed. (In fact, the bomber in the story is rather lucky: a cell phone transmission nearby could very well trigger a complex electronic rig.) Cryptography gets its ups and downs, too. The story correctly states that "open" cryptographic algorithms are probably stronger than proprietary ones. However, it seriously mistakes the fact that keys are more important than algorithms. At one point the bad guys rejoice in the fact that they have a copy of crypto software, even though the passwords (keys) have all been changed. In another place, the size of the key space is seriously underestimated. Finder repeats the old saw about the NSA having all the crypto keys in the world in a database somewhere. As someone has pointed out, for even moderately secure keys, the key field address space contains more addresses than there are hydrogen atoms in the universe, and even if the NSA could somehow hide extra universes inside black holes tucked away in pockets of Maryland, the resulting gravitational effects would probably give the game away. (Also, a book cipher is not a substitution cipher, it's more of a variation on a one time pad.) Communication, as usual, gets treated particularly badly. A US based pager could not be tested in Europe, since the tower would be just a tad beyond reach. Even a satellite pager would be out of the footprint. And if a pager system did have connections in Europe, you could probably get the pagers there. Microwave telecommunications signals between towers are *all* digital. It is possible to tap fibre optic cable. (Difficult, but possible.) And a tap on coaxial cable does not need to break the cable: a simple vampire tap will do, and it's a snap to remove. There are more, but I'll stop with my favorite topic. Viruses, of course. Marking a file as hidden would pretty much ensure that it never got executed: it's not a good way to hide a virus. Marking a file as hidden would pretty much ensure that it did *not* get transferred from disk to the computer, since almost all copy programs copy files rather than disk images. If there are millions of copies of the virus everywhere, it's a pretty good bet that at least one of them has already been executed. And a PC virus is pretty much guaranteed not to have any effect on a mainframe. copyright Robert M. Slade, 2000 BKZEROHR.RVW 20000118 ------------------------------ Date: Thu, 17 Feb 2000 17:05:49 -0800 From: "Rob Slade, doting grandpa of Ryan and Trevor" Subject: File 11--REVIEW: "The Toyotomi Blades", Dale Furutani BKTYTMBL.RVW 20000108 "The Toyotomi Blades", Dale Furutani, 1997, 0-312-96667-9 %A Dale Furutani %C 175 Fifth Ave., New York, NY 10010 %D 1997 %G 0-312-96667-9 %I St. Martin's Press %O 212-674-5151 fax 800-288-2131 www.tor.com www.stmartins.com %P 212 p. %T "The Toyotomi Blades" Furutani's mystery is readable, well-written, and intelligent. As only one example of the realism, he has a sleuth who does *not* take every chance to run off after the crooks himself, while avoiding giving any information to the authorities. The central character is a programmer, but technology does not play a large part in the story. Computers do get used twice, one time a little better than the other. First, the not so good. At one point in the story, a fax is received where an image can't be made out because of poor resolution. So, our hero suggests that computer enhancement be used to bring out the details. There is even some discussion of finding edges in an image, and all that. Unfortunately, there are two problems with the computer image recovery as described. The first is that computer enhancement of images requires a lot of understanding of optics, something which the author doesn't seem to have. Computer enhancement works well for bringing out detail in, for example, images where the contrast is very low. This has been used to find, for the first time, that Uranus has bands just like Jupiter and Saturn. Computer enhancement can also be used to sharpen fuzzy images. However, it does this by calculating, and then subtracting, effects due to optical dispersion and interference. In fact, the process described in the book, which eliminates small "errors," would ruin any possibility of doing this kind of image enhancement. The other problem is that the image in question is a fax. This means that it has already been digitized, at a very low resolution and contrast, which would, again, damage the chances for a successful image recovery. On the other hand, the computer mapping application used in the book is quite marvelous. The images that are of importance in the book turn out to be parts of a map. Not just any map: a treasure map. Our hero does not have all of the pieces, and the placement of some pieces that are available is unknown. But by comparing the possible arrangements of map pieces against known terrain, the characters in the book are able to come up with a reasonably short list of potential sites. This is quite realistic. In fact, it has been used in classical studies, not with maps, but with fragments of text on papyrus. By comparing snippets of text (I seem to recall one instance of four characters on two lines) with known works, researchers have been able to identify and even reassemble fragments that otherwise would have remained so much confetti. Overall, it's quite a delight to find something that uses computers realistically for once. copyright Robert M. Slade, 2000 BKTYTMBL.RVW 20000108 ------------------------------ Date: Sun, 12 Mar 2000 1:51:01 CST From: CuD Moderators Subject: File 12--Cu Digest Header Info (unchanged since 12 Mar, 2000) Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically. CuD is available as a Usenet newsgroup: comp.society.cu-digest Or, to subscribe, send post with this in the "Subject:: line: SUBSCRIBE CU-DIGEST Send the message to: cu-digest-request@weber.ucsd.edu DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS. The editors may be contacted by voice (815-753-6436), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115, USA. To UNSUB, send a one-line message: UNSUB CU-DIGEST Send it to CU-DIGEST-REQUEST@WEBER.UCSD.EDU (NOTE: The address you unsub must correspond to your From: line) The mailing list is automated, so no human lies at the other end. CuD is readily accessible from the Net: UNITED STATES: ftp.etext.org (206.252.8.100) in /pub/CuD/CuD Web-accessible from: http://www.etext.org/CuD/CuD/ ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/ wuarchive.wustl.edu in /doc/EFF/Publications/CuD/ EUROPE: ftp.warwick.ac.uk in pub/cud/ (United Kingdom) The most recent issues of CuD can be obtained from the Cu Digest WWW site at: URL: http://www.soci.niu.edu/~cudigest/ Readers wishing to auto-set their browsers to receive the latest issue of CuD can point to: http://www.soci.niu.edu/~cudigest/latest.html COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ------------------------------ End of Computer Underground Digest #12.01
Return to the Cu Digest homepage
Page maintained by: cudigest@cudigest.org