Computer underground Digest Sun Feb 22, 1998 Volume 10 : Issue 13 ISSN 1004-042X Editor: Jim Thomas (cudigest@sun.soci.niu.edu) News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu) Archivist: Brendan Kehoe Shadow Master: Stanton McCandlish Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Field Agent Extraordinaire: David Smith Cu Digest Homepage: http://www.soci.niu.edu/~cudigest CONTENTS, #10.13 (Sun, Feb 22, 1998) File 1--Bruce Sterling's Closing Sppech / CFP '98 File 2--cDc Global Domination Update #24 File 3--"Intranet Security: Stories from the Trenches", Linda McCarthy File 4--Cu Digest Header Info (unchanged since 7 May, 1997) CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN THE CONCLUDING FILE AT THE END OF EACH ISSUE. --------------------------------------------------------------------- Date: Sat, 21 Feb 1998 18:27:04 -0800 (PST) From: Jim Thomas Subject: File 1--Bruce Sterling's Closing Sppech / CFP '98 CFP Closing Speech, Austin, Feb 20, 1998 Literary Freeware -- Not for Commercial Use Hi, my name's Bruce Sterling, I'm a local writer and a CFP veteran. I'm grateful for this chance to once again bring you the fabulous benefits of my freelance pontifications. When I first got involved in the computer civil liberties scene, it was 1990. We'd just had a Secret Service raid here in Austin that had shut down a science fiction publisher. This was a strange and rude intrusion in my daily life, this was an advent calculated to waken me from my dogmatic slumbers. The more I learned about this computer crime raid, the more peculiar and significant it seemed. I ended up writing an entire book about it. I was hoping the book would encourage some informed debate, and maybe the deeper political issues behind the computer revolution could somehow all be put straight. Now, eight years later, almost to the day, we have these four hundred interested and relevant parties all meeting here in Austin to get together face to face and thrash some of these things out. And you can even earn legal credit for it. This gives me a warm sense of closure, a very fulfilled feeling. There's plenty of thrash at CFP. There's always a lot of thrash. Very interesting thrash. Not a lot of permanent legal results, though. If you glance back over the past eight years and examine the whole enterprise to date, what you see is very remarkable. In the world of computers, privacy, and freedom, crises go in and out of vogue, but they are very rarely settled in any permanent legislative way. The only real permanence is the thrash itself. I'd go so far as to call this a new status quo. Permanent technological revolution. Permanent thrash. I was very intrigued by the remarkable presentation of our first keynote speaker, Mr. Kahin. It was a very congenial and gentle speech: "modest" was a word he used a lot. I don't think I've ever, ever heard an Administration science and technology expert describe the aims of American government as "modest." This was a remarkable confession this gentleman was making. In so many words, he said that policy development is cyberspace is just plain too hard to do. There are too many competing values to achieve a workable political balance. The Administration is simply too overwhelmed by all this random electronic thrashing, all this buzzing and bleeping. So they'll simply modestly step back and let the mighty forces of technology and private enterprise thrash the situation out on their own. And maybe twenty years from now, when things calm down and get safer for elected American politicians, we may see some actual laws passed. Well, of course this statement is very good news for the techno-libertarian post-industrial contingent. Really, there ought to be corks popping in the offices of WIRED magazine over this keynote speech. The Bay Area WIRED folks are very into all this: emergence, and market power, and bottom-up entrepreneurism, and the sublime beauty of nonlinear network economics that are profoundly Out of Control. And let's face it, after that stinking Decency Act debacle, a hands-off policy smells terrific. I think you can make some good arguments that there are aspects of reality that governments should be very modest about. Our keynote speaker pointed out that the real nodes in the World Wide Web are words. Hotlinked key words. So this isn't merely chips and wires that we are talking about. This is language. When government tries to regulate and police the structure of language, this is generally considered to be double-plus ungood. There's a long tradition of restraint and modesty here. The First Amendment may be a local ordinance, but it's clearly served us rather well, and the First Amendment says, "make no law." Be modest. Make no law. But point of view is worth eighty IQ points. From another point of view, to say that American government should be modest in a flagship technology is a very weird thing to say. I have never before heard a federal official confess that some aspect of industrial development is simply beyond the mental grasp of government. That it just plain moves too fast to figure out, so we might as well throw up our hands and step back out of its way. This is a radical admission to make. It's very out of the ordinary. Rocket scientists are said to be pretty smart people, but that didn't lead the federal government to declare that NASA is impossible to manage politically, so that rockets should be best left to Westinghouse and General Dynamics. I don't think there are many Congressmen who fully grasp quantum chromodynamics, either. But you would never see the Administration say that quarks are too complex for government, and that relativity and subatomic physics should be left to the greater wisdom of the private sector. But that's the Internet policy. No actual government. Some form of emergent self-regulating governance. To me, that was the core message of CFP 98. They really are just plain giving up. That was the mellow, birdlike sound of the twilight of sovereignty. The era of big government is over; the era of puzzled, shrunken, benignly indifferent government is at hand. It's the giant sucking sound of abdicated responsibility. So what fills the power vacuum? I would argue that it is already being filled by a different and more modern political arrangement: not bureaucracy, but ad-hocracy. I believe that the best known ad-hocracy, the classic version, and certainly the one that gets the most admiring press, is the internet engineering task force. These guys get plenty of ink for their wonderful, cooperative, networking, non-governmental, emergent, non-hierarchical way of organizing their enterprise. They're a role model, a paradigm even. And that management model seems to work pretty well on the Internet. What do ad-hocracies look like in other contexts? Say, a business context. I would argue that Silicon Valley is a giant ad-hocracy. You see a particularly virulent aspect of this, in weird, market-bubble, casino-economy, Silicon Valley IPOs. Esther Dyson wrote a quite good article about this in the New York Times recently, in which she pointed out that many Silicon Valley companies are basically digital paper-tigers. They don't actually develop and sell products. Not even software, not even ones and zeros. They simply pitch high-concepts, sell stock in the vaporware, cash out for the venture capitalists behind the curtain, and then they are acquired by larger firms. If you look for an actual industrial enterprise, something with deliverables and a cash flow, there's simply no there there. Hollywood film production companies are long-established ad-hocracies. Show business has always been good at this. The entertainment industry. The military-entertainment complex. You're pitchforking a bunch of freelancers together, exposing some film, using the movie as the billboard to sell the ancillary rights, and after the thing gets slotted to video, everybody just vanishes. But in the political realm, I would argue that America's most famous and powerful ad-hocracy is that nebulous entity that our First Lady refers to as "the massive right-wing conspiracy." And here we find our flagship industry giving an odd little lurch. That's the grating sound of a postindustrial iceberg hitting us below the waterline. It's not pleasant to have the established order seriously menaced and frightened by their sense of a covert conspiracy. I don't believe in conspiracy in the grand Joseph McCarthy paranoiac tradition, but I do believe in a real and powerful right-wing ad-hocracy of Clinton's political enemies. I think it's self-evident, it doesn't challenge my credulity. I think these right-wing activist people are basically very much like CFP. They're all on each other's Rolodexes, they're all on each other's mailing lists, they all know each others' funding agencies, think tanks and industrial backers. And when anything, no matter how far-fetched or bizarre, comes up that might conceivably harm the President, that information is disseminated around the country and around the world at lightning speed. It's data-mined, and catalogued, and embroidered, and re-cycled, and re-circulated endlessly, and spun and spun and spun. The "massive right-wing conspiracy" is what our friends at the infowar contingent at RAND corporation like to call a "segmented, polycephalous influence network." It's a loosely linked, leaderless enterprise which is constructed rather like an art movement, or a literary movement. It doesn't have elections, laws, bylaws, a code of ethics, a code of morals, or any kind of brakes. It can't be defeated militarily any more than Russians could defeat Afghan guerrillas or Americans defeat the Viet Cong. And this isn't merely a theoretical exercise. The thing is as real as dirt. It has real power. You don't have to stretch too far to perceive this as a menace to democracy. It's certainly a real and visible menace to the established order, because it can throw sand in the works at any of a hundred different points, and there's no headquarters where the established order can hit back. When the established order hits back, it hits back with another, rival ad-hocracy. You may have seen James Carville -- a very interesting and significant postmodern figure -- appearing on television to publicly declare war on the Ken Starr investigation. I noticed some pundits scoffing at this declaration -- "Carville thinks he's in the bunker! Carville thinks he's an army! The Cajun's off his rocker!" This scoffing has a very hollow sound to me. It reminds me of Stalin asking how many divisions the Pope has. The Pope doesn't use divisions, Comrade Stalin. But the Pope knows the ground in Poland, and he can put a stake through your undead heart with no problem. James Carville has never been elected to any office. As far as I can see, James Carville has no legitimate or constitutional role in our society whatsoever. All James Carville possesses is a deep knowledge of the media, a gift for spin, a big Rolodex, and a lot of people who owe him favors. Oh, and a law degree, too, somewhere at the bottom of the list. But when the Clinton Administration goes to the mattresses, this guy is the *first* guy they call. You're not going to see James Carville declaring large areas of American reality off limits because they are beyond his mental grasp. You're not going to see James Carville declaring that he ought to be modest, and let the info-pundits and the venture capitalists decide what to do with digital media. The guy will do with digital media what he does with *all* media, bend it to his own uses. This is what ad-hocratic political power looks like in a heavily mediated and thoroughly networked society. I don't know what you call that form of power, but it sure doesn't look like anything I recognize from a high-school civics text. And it's not unique to the United States. Prime Minister Blair has proved that it works great in Britain. If you want to see how it develops in another social context -- a deeply non-American context -- take a good look at postmodern Russia. Yeltsin's campaign manager is a man named Anatoly Chubais, the Carville of Russia. This man is basically running the entire Russian government off of his laptop. I happen to have a very warm and kindly feeling about literary movements. I'd hate for the government to think that my cyberpunk literary ad-hocracy was some kind of organized menace against civil order, and that we should all be grilled in Congress by an unAmerican activities committee. It might be kind of an honor -- for a Texan writer it would be quite an honorable thing to walk down the trail of tears with John Henry Faulk and J. Frank Dobie -- but I don't think this would be a political plus for the American Republic. But I think it can be demonstrated that ad-hocracy can be a living menace to civil order. Let's take the Lewinsky wiretapping business. For eight years I've been to CFP, and for eight years I've heard the law and order contingent tell us that wiretapping is the only sure weapon against mafias, dope runners, terrorists and child pornographers. I don't remember Presidential sex partners being on that list, but it's getting pretty clear to rest of us that they are way, way up there as targets of opportunity. Here we've got a wiretapping development that may bring down an Administration, annul two elections, and plunge our country into years of debilitating public shame and trauma. You know, if terrorists or dope dealers did us a grievous harm like that, we'd pursue those evil sons of bitches to the ends of the earth. But instead it's our Justice Department, in league with a networked rabble of oppo research freaks with a sick need to monitor and surveill people's sex lives. Hey, thanks a lot, Mr. Law-and-Order Body-Wire. I'm sure my two innocent daughters will sleep a lot safer in their beds after you've ritually sacrificed the nation's chief executive in a neurotic orgy of national sex panic. After this gratifying experience, I'm anxious to see your wiretapping powers expanded radically, so that more American women, and their mothers, can be turned into felons for lying about their sex lives. You guys need more plug-in jacks and headphones, it's important for our nation's safety and stability. So after you clean that prurient filth off your tape heads, tell me just one more time why you're so eager to have Digital Telephony. It's very much a pattern. National moral sex panics have definite political advantages. Ad-hocracies specialize in this sort of agitation. The Christian right specializes in provoking reflexive loathing for homosexuality. For years we've seen law enforcement trumpet the terrifying menace of child pornography on computer networks. If a rightist adhocracy can checkmate the king through a mini-Profumo scandal, it's going to be open season on politician's sex lives for as far as the eye can see. What is all this about, what's the commonality here? It's a profoundly undemocratic process of shutting down informed debate by cynically exploiting sexual hot-button issues. We're supposed to be so panicked and stampeded by the specter of kidporn that we somehow miss the fact that the FBI is installing a Walkman jack in our phones. You see, it's just plain too complicated and technical for us to make up our minds about! So let's just panic! At least we can provoke some vigorous action that way. There's a flipside to the government's public abdication of competence to regulate and judge. It's the unspeakable, invisible, national-security underworld. Wired Power without the inconvenience of democracy. The taps, the tapes, the dossiers, ECHELON, the secret war against crypto -- none of this is remotely democratic. This is a frozen Cold War underworld accountable to none. If we can't regulate ourselves in an open, above-board fashion, spooks traditionally expand to fill the power vacuum. I would argue that in a true information society, private spookdom is bound to flourish. We all take on a mild flavor of spy. The walls between spy, journalist, pundit, spin-doctor, guru, opinion leader, and political operative become ever more vaporous. Don't believe me? Look around yourself. The day may come when powerful ad-hocracies abandon the pretence of legality, and simply crush public figures to death with the raw pressure of surveillance. In much the same way that Princess Di and her scandalous boy-toy were bloodily crushed to death by the sheer pressure of tabloid harassment. Or it may be that ad-hocracies will display some real benefits for real-world public order. We might see ad-hocracies for sewage lines, or ad-hocracies for railroads and highways and electrical power. People have been talking electronic democracy for quite a while now. It looks good on paper, or maybe it would be more accurate to say that it looks good glowing on a screen. But where's the demo? I've yet to see even the smallest American town, or the smallest unit of actual functional government, becoming fully electronic. Virtual communities -- they don't seem to be living up to their hype. They seem to work just about as well as other traditional American intentional communities. Pilgrim pioneers, hippie communes, Amish barn-raisings... these things are hard work. Most Americans prefer TVs to quilting bees. Most Americans want to kick back in the suburbs and have entertainment piped in. And virtual communities have never worked out their bad apple problem, their free rider problem. Spam has damaged USENET in ways that malicious hackers could only dream about. Network ad-hocracies are very good at forming a hostile overlay over the deeper infrastructure. They don't seem to be much good at all at forming structures themselves. Because ladies and gentlemen, real political structures have *structure!* They have laws, regulations, rights, grants of citizenship, constitutions, true faith and allegiance. It's hard to fake all those things with a Rolodex, an email list, and a starry-eyed sense of techno-optimistic benevolence. You know, the computer revolution really loves itself. It's all about publicity really, it's about moving data fast and cheap, so maybe it's only natural that it gets entranced by its own hype. But you know, this isn't the last technological revolution that you and I are going to witness. When I turn my eyes to the future, I really have to wonder what kind of precedent we're setting here. What kind of precedent are we bequeathing to the organizers and attendees of "Biotech Freedom and Privacy?" Because you can smell that one on the wind. You got the medical priesthood under seige by eager entrepreneurs, tremendous market demand, bathtub genetic sequencers, cheaper and cheaper equipment, cloned sheep on the front page, activists like Kevorkian and Richard Seed all ready to jump out of their basements and carry out a propaganda of the deed.... And we already know what outlaw pharmaceuticals look like. These cats aren't like computer outlaws, guys who are nine-tenths teenage ideologue. These dope people have revenue streams bigger than countries and they play for keeps. I would also point out that this very week the FBI did us the favor of busting a couple of biowar militia freaks. There's often some kind of loudly trumpeted FBI action during Computers Freedom and Privacy. Usually it's a computer bust. This time it's anthrax. You can take that little chunk of data and make of it what you may. But maybe the next techno-revolution won't play out like this one. It may be that there is something unique and special about the world of computation. We can't seem to build permanent structures; so maybe we're not a permanent problem. Come the year 2000, we may well find that some large percentage of the planet's installed computers simply cease to work. Computation may be America's flagship industry, but when you see how people live in computation, they're not like the settled aristocrats on the first class deck of the Titanic. They're a lot like the post-iceberg Titanic. They have a raft called the IBM mainframe, and then another raft called Apple II, and then a raft called Macintosh, and then they make a frantic leap sideways to Windows 95, dropping heaven only knows how much precious data in the transfer. And those who somehow fall overboard, end up stiff and pale and bobbing in the chill dark waters of technical obsolescence. Maybe that's what we have to offer to the future here at CFP. Pundits destined to sink without a trace, our solemn pontie all take on a mild flavor of spy. The walls between spy, journalist, pundit, spin-doctor, guru, opinion leader, and political operative become ever more vaporous. Don't believe me? Look around yourself. The day may come when powerful ad-hocracies abandon the pretence of legality, and simply crush public figures to death with the raw pressure of surveillance. In much the same way that Princess Di and her scandalous boy-toy were bloodily crushed to death by the sheer pressure of tabloid harassment. Or it may be that ad-hocracies will display some real benefits for real-world public order. We might see ad-hocracies for sewage lines, or ad-hocracies for railroads and highways and electrical power. People have been talking electronic democracy for quite a while now. It looks good on paper, or maybe it would be more accurate to say that it looks good glowing on a screen. But where's the demo? I've yet to see even the smallest American town, or the smallest unit of actual functional government, becoming fully electronic. Virtual communities -- they don't seem to be living up to their hype. They seem to work just about as well as other traditional American intentional communities. Pilgrim pioneers, hippie communes, Amish barn-raisings... these things are hard work. Most Americans prefer TVs to quilting bees. Most Americans want to kick back in the suburbs and have entertainment piped in. And virtual communities have never worked out their bad apple problem, their free rider problem. Spam has damaged USENET in ways that malicious hackers could only dream about. Network ad-hocracies are very good at forming a hostile overlay over the deeper infrastructure. They don't seem to be much good at all at forming structures themselves. Because ladies and gentlemen, real political structures have *structure!* They have laws, regulations, rights, grants of citizenship, constitutions, true faith and allegiance. It's hard to fake all those things with a Rolodex, an email list, and a starry-eyed sense of techno-optimistic benevolence. You know, the computer revolution really loves itself. It's all about publicity really, it's about moving data fast and cheap, so maybe it's only natural that it gets entranced by its own hype. But you know, this isn't the last technological revolution that you and I are going to witness. When I turn my eyes to the future, I really have to wonder what kind of precedent we're setting here. What kind of precedent are we bequeathing to the organizers and attendees of "Biotech Freedom and Privacy?" Because you can smell that one on the wind. You got the medical priesthood under seige by eager entrepreneurs, tremendous market demand, bathtub genetic sequencers, cheaper and cheaper equipment, cloned sheep on the front page, activists like Kevorkian and Richard Seed all ready to jump out of their basements and carry out a propaganda of the deed.... And we already know what outlaw pharmaceuticals look like. These cats aren't like computer outlaws, guys who are nine-tenths teenage ideologue. These dope people have revenue streams bigger than countries and they play for keeps. I would also point out that this very week the FBI did us the favor of busting a couple of biowar militia freaks. There's often some kind of loudly trumpeted FBI action during Computers Freedom and Privacy. Usually it's a computer bust. This time it's anthrax. You can take that little chunk of data and make of it what you may. But maybe the next techno-revolution won't play out like this one. It may be that there is something unique and special about the world of computation. We can't seem to build permanent structures; so maybe we're not a permanent problem. Come the year 2000, we may well find that some large percentage of the planet's installed computers simply cease to work. Computation may be America's flagship industry, but when you see how people live in computation, they're not like the settled aristocrats on the first class deck of the Titanic. They're a lot like the post-iceberg Titanic. They have a raft called the IBM mainframe, and then another raft called Apple II, and then a raft called Macintosh, and then they make a frantic leap sideways to Windows 95, dropping heaven only knows how much precious data in the transfer. And those who somehow fall overboard, end up stiff and pale and bobbing in the chill dark waters of technical obsolescence. Maybe that's what we have to offer to the future here at CFP. Pundits destined to sink without a trace, our solemn pontifications reduced to the weightless state of so much long-forgotten newsgroup chatter. No monument, just the churn. Floppies change shape and won't fit the new machines, CD-ROMs flake apart and delaminate. And government was wisest just to step back and let us be. We're glad they didn't have to warp the Constitution to fit our peculiar needs, because when it was all summed up in retrospect, we were gone like the 17-year cicada. But you know -- I can live with that. I prefer evanescence to catastrophe. When I think about all the scaremongering, and alarm stories, and gloomy predictions about computer crime that I've had to absorb over the past eight years, I feel very proud of the American republic. I think we've done an incredible job of assimilating this technology. When I went to CFP One, that event was a total freak scene. There were convicted criminals and their arresting officers buying each other drinks in the bar. In newpaper stories of 1990 you had to define the word "modem." But here we are eight years later and websurfing is a genuinely popular enterprise, it's like Monday Night Football or country line-dancing. I can live with hype, as long as we have a chance to keep making new mistakes. Sure, we've got ad-hocracies scurrying around in the woodwork destabilizing the American democratic process, but let's get real. This is America we're talking about. It's seen hard times and hard, hard tests. Slavery, civil war. Machine politics, the Tweed Ring, Tammany Hall, Chicago in the 20s. Jim Crow. Watergate. Texas state politics. Louisiana politics, for heaven's sake. The railroads, the steel mills, the robber barons. The military industrial complex. We survived all that. We look good now. We have resilience. We toughed it out. We have hope as a culture, we're not afraid to reinvent ourselves. We make ludicrous spectacles of ourselves that cause civilized people to wonder if we've lost our minds, but there's nothing new about that. It's what Americans always do. Let's look at the general situation here, the big picture. Stock market at an all time high. Balanced federal budget, practically kind of. We even have patches of deflation. Deflation! I'm a middle-aged man and I never in my life saw deflation, I thought it was a mythical beast. And there's jobs, even! They may be burn-out jobs in the high-end sector, with burger-flipping service jobs at the low end, but hey, at least there's work around. The computer industry is a very strange flagship industry to have, but Dell is headquartered in Austin, and Dell just set a bunch of new sales records. It's an industry! The Texas oil industry smells really bad. The Texas cattle industry has screwflies, brucellosis and droughts. I'm down with this Texas chip and computer thing. It's working out down here. In fact, I really suspect that this historical moment may be a little Golden Age for our community. Compared to what else has been going on, and compared to what else may be coming, this seems like a little Belle Epoque. We're no longer so eccentric that we seem freakish, and yet we have not yet settled down quite so much that we've become wallpaper. The electronic frontier is no longer a howling wilderness, and it hasn't yet matured into a decaying rust-belt slum. We've really got it good! When it's all said and done, my primary concern in the year 1998 is that we ought to be enjoying this more. I think the computer community just plain works too hard. We're all wrapped up in the eighty-hour weeks, and the piles of mounting email, and the constantly bleeping cellphones. We need to learn to kick back. We need to live less like galley slaves and more like human beings. We may never have it this good again. That's why I've made it my personal goal at this CFP to try and buy everybody a beer. The con's over now, our beloved CFP ad-hocracy is shutting down for another twelve months. There's one important thing about ad-hocracies, a charming quality they have. If you just get them outside of the video surveillance, and away from their podiums and microphones, and add a little social lubricant in the form of a couple of beers, they spontaneously disintegrate into parties. And I don't mean grim, committed, political parties. I mean good old-fashioned yahoo-style parties. When you come right down to it, virtual communities are a pretty thin and cerebral parody of actual communities. But I can slap a patch on that problem right now. You're in my home town. This is Austin. Slackerville. Berkeley on the Colorado. Come on out of the public spotlight, let's mosey on over to my house and let our hair down. It's not a black-tie do, it's very laid back and Texan. You're gonna have to twist off your own beer caps and nibble your own chips and sandwiches, but at least you can wear whatever the hell you want. Expectations are low, and the entry barriers are nonexistent. Nancy and I will be glad to have you. Let's get actually communal, let's have a little life-affirming celebration. Let's tie one on. So I dunno about you, but I'm outta here. Last guy out of the building has to log off and shut down! ------------------------------ Date: Fri, 20 Feb 1998 22:33:13 -0800 (PST) From: editor@CULTDEADCOW.COM Subject: File 2--cDc Global Domination Update #24 FOR IMMEDIATE RELEASE GLOBAL DOMINATION UPDATE _______________ http://www.cultdeadcow.com/cDc_files/ ____________________ _ _ ((___)) [ x x ] cDc Communications \ / Global Domination Update #24 (' ') February 15th, 1998 (U) Est. 1984 - * - Busy, busy, busy. The file-packs took a back-seat for a bit during the holiday season and the mad dash to an undisclosed location in the French Quarter for HoHoCon '97! Unfortunately, this time it was invite-only. Thanks to everyone who attended for making it the best HoHoCon yet! Here's a coupla files. Practice your phonics. ________________________________/text files\________________________________ 346:"The Man With The Creosote Grin" by Oxblood Ruffin. 347:"SPANK MY MONKEY" by Lady Carolin. 348:"When Cults Collide" by The Nightstalker. 349:"High School Reunion: The Nardcore Adventures of Reid Fleming" by Reid Fleming. 350:"Where Have My Heroes Gone?" by KSM. File submissions: editor@cultdeadcow.com - * - Thanks to the following items of influence this time around: WAREZ: dFx's STICKFIGHTER XXIX PRINT: _Apocalypse WOW_ by James Finn Garner MUSIC: Weasel MX RERUNS: Hogan's Heroes and The Six Million Dollar Man BEVERAGES: Coca Cola straight-up. _______________________________/ - x X x - \________________________________ Fools better recognize: CULT OF THE DEAD COW is a gift to the women of this world and the trademark of cDc communications. Established in 1984, the cDc is the largest and oldest krewe in telecom, inventor of the e-zine and stool loosener to sysadmins everywhere. Each and every issue is produced on an Apple II for genuine effect. Yo, bee-atch! Find the flavor at these fine locations: World Wide Web: http://www.cultdeadcow.com http://www.L0pht.com/cdc.html FTP/Gopher: ftp://ftp.cultdeadcow.com/cDc Usenet: alt.fan.cult-dead-cow BBS: 806/794-4362 Entry:KILL Any questions, jackass? Grandmaster Ratte' cDc/Phat Daddy & Pontiff Email: gratte@cultdeadcow.com Postal: POB 53011, Lubbock, TX, 79453, USA "cDc. Hyperbole is our business." _____________________________________________________________________________ Copyright(c)1998 Oxblood Ruffin, Straight Buttah & cDc communications ------------------------------ Date: Mon, 16 Feb 1998 08:39:27 -0800 From: "Rob Slade" Subject: File 3--"Intranet Security: Stories from the Trenches", Linda McCarthy BKINTRSC.RVW 971122 "Intranet Security: Stories from the Trenches", Linda McCarthy, 1998, 0-13-894759-7, U$29.95/C$41.95 %A Linda McCarthy %C One Lake St., Upper Saddle River, NJ 07458 %D 1998 %G 0-13-894759-7 %I Prentice Hall %O U$29.95/C$41.95 800-576-3800 201-236-7139 fax: +1-201-236-7131 %O betsy_carey@prenhall.com %P 260 p. %T "Intranet Security: Stories from the Trenches" Data security is more than somewhat akin to the weather. Many people talk a good line about how important it is to their company, but few invest the time, money, vigour, and rigour to make it really effective. There are some very good, practical, computer security books on the market. Leaving aside the really bad ones, though, there are also a great number of works that take a rather pompous academic approach to the concepts only, leaving the actual details of real dangers and protection as an exercise to the reader. McCarthy takes a different tack. Each chapter in this book is an authentic case study, with the names changed to protect the unfortunate. While this means that the text can't be easily used as a reference, with quick indexing of specific tasks, the content is firmly based in the real world, and informed with the author's insights into how people actually do react in an emergency. Techies may be unhappy with the lack of technical details in the inquiries. Too bad. Security is much more of a management issue than a technical one, and the stories show that clearly. The result is, therefore, much closer to "Digital Woes" (cf. BKDGTLWO.RVW) or "Computer-Related Risks" (cf. BKCMRLRS.RVW) than, say, "Practical UNIX and Internet Security" (cf. BKPRUISC.RVW). The book is also very readable. The chapters follow a format that includes a fictional worst case scenario, then presents the incident itself, gives a summary of the problems that led to the predicament, and finally suggestions for avoiding the trouble. The text is almost light, and loaded with personal entries both as observations of company situations and lively trivia. (I, too, have a sister much younger than I am.) Each investigation is chosen with a view to emphasizing a particular security problem or issue. Chapter one shows that without an incident response procedure, and exception report communications, even detection of attacks can fail to protect the enterprise. The danger of shrink-wrapped, out-of-the-box solutions is demonstrated in chapter two. As I noted at the beginning, data security gets a lot of lip service, particularly from management. Chapter three reveals the wrong way for executives to promote security--and also tells you how to do it right. Security requires a cooperative effort, as chapter four points out, and failure to specify areas of responsibility can result in loopholes and vulnerabilities. Chapter five looks at another area that gets more speeches than spending--training. Risk assessment, and the risk of not assessing risks, is the theme of chapter six. Where chapter four looks at the negligence in determining roles with respect to security, chapter seven finds that drawing the lines too finely can also result in gaps in coverage and protection. Over the years I have railed against antivirus procedures that are not effective because they are too draconian for people to actually use if they want to get work done. Chapter eight discloses the problem with unrealistic policies in any field of security. As chapters four and seven point out the potential difficulties where individual partners each leave security to the other, so chapter nine demonstrates the same problem between companies doing business together. Chapter ten points out the importance of encryption--the backbone of all data security--in every area of corporate activity. Finally, the techies can be happy with chapter eleven. It gives a detailed log of a system penetration. I will forgive McCarthy her use of the term "hacker" (she does mention the hacker/cracker controversy) for someone bent on security breaking, since she so forcefully derides the image of the invader as an "evil genius." An appendix provides contact information for tools, products, incident response teams, and security organizations. I was rather disappointed to find that Internet references for a number of the tools do not specify full location information, that relatively few security organizations are listed, that the antiviral systems mentioned are not of the top rank, and, most important of all, none of the international emergency response teams are from Canada. This book belongs on every security and management bookshelf. For the non-specialist manager, it provides enough background to prompt the right questions and concerns. For the head down data security specialist ... when was it you needed to make that pitch to the executive committee? copyright Robert M. Slade, 1997 BKINTRSC.RVW 971122 ====================== rslade@vcn.bc.ca rslade@sprint.ca slade@freenet.victoria.bc.ca BCVAXLUG Admin Chair http://peavine.com/bcvaxlug/ DECUS Canada Communications, Desktop, Education and Security groups ------------------------------ Date: Thu, 7 May 1997 22:51:01 CST From: CuD Moderators Subject: File 4--Cu Digest Header Info (unchanged since 7 May, 1997) Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically. CuD is available as a Usenet newsgroup: comp.society.cu-digest Or, to subscribe, send post with this in the "Subject:: line: SUBSCRIBE CU-DIGEST Send the message to: cu-digest-request@weber.ucsd.edu DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS. The editors may be contacted by voice (815-753-6436), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115, USA. To UNSUB, send a one-line message: UNSUB CU-DIGEST Send it to CU-DIGEST-REQUEST@WEBER.UCSD.EDU (NOTE: The address you unsub must correspond to your From: line) Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on RIPCO BBS (312) 528-5020 (and via Ripco on internet); CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. In ITALY: ZERO! BBS: +39-11-6507540 UNITED STATES: ftp.etext.org (206.252.8.100) in /pub/CuD/CuD Web-accessible from: http://www.etext.org/CuD/CuD/ ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/ aql.gatech.edu (128.61.10.53) in /pub/eff/cud/ world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/ wuarchive.wustl.edu in /doc/EFF/Publications/CuD/ EUROPE: nic.funet.fi in pub/doc/CuD/CuD/ (Finland) ftp.warwick.ac.uk in pub/cud/ (United Kingdom) The most recent issues of CuD can be obtained from the Cu Digest WWW site at: URL: http://www.soci.niu.edu/~cudigest/ COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ------------------------------ End of Computer Underground Digest #10.13 ************************************