Received: by lemuria.sai.com (/\==/\ Smail3.1.21.1 #21.11) id ; Thu, 20 Jan 94 01:57 EST Received: from vm42.cso.uiuc.edu by mv.mv.com (8.6.4/mem-931109) id BAA11763; Thu, 20 Jan 1994 01:45:58 -0500 Message-Id: <199401200645.BAA11763@mv.mv.com> Received: from VM42.CSO.UIUC.EDU by vm42.cso.uiuc.edu (IBM VM SMTP V2R2) with BSMTP id 2890; Thu, 20 Jan 94 06:32:31 UTC Received: from VM42.CSO.UIUC.EDU (NJE origin LISTSERV@UIUCVM42) by VM42.CSO.UIUC.EDU (LMail V1.1d/1.7f) with BSMTP id 2805; Thu, 20 Jan 1994 06:04:38 +0000 Date: Wed, 19 Jan 1994 22:16:00 CST Reply-To: TK0JUT2@MVS.CSO.NIU.EDU Sender: CU-DIGEST list From: TK0JUT2%NIU.bitnet@VM42.CSO.UIUC.EDU Subject: Cu Digest, #6.08 To: Multiple recipients of list CUDIGEST Computer underground Digest Wed Jan 19 1994 Volume 6 : Issue 08 ISSN 1004-042X Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET) Archivist: Brendan Kehoe (Improving each day) Acting Archivist: Stanton McCandlish Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Copy Edselator: H. E. Ford CONTENTS, #6.08 (Jan 19 1994) File: 1--Proposed Computer-related Sentencing Guidelines/Hearings File: 2--Re: Cu Digest, #6.07: CPSR lives down from my expectations (#1) File: 3--Re: Cu Digest, #6.07: CPSR lives down from my expectations (#2) File: 4--"Terminal Compromise" by W. Schwartau (Book Review) File: 5--Pit Stops Along The Info Turnpike File: 6--FBI Pushes for Enhanced Wiretap Capabilities Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically from tk0jut2@mvs.cso.niu.edu. The editors may be contacted by voice (815-753-0303), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115. Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on the PC-EXEC BBS at (414) 789-4210; and on: Rune Stone BBS (IIRG WHQ) (203) 832-8441 NUP:Conspiracy; RIPCO BBS (312) 528-5020 CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. EUROPE: from the ComNet in LUXEMBOURG BBS (++352) 466893; In ITALY: Bits against the Empire BBS: +39-461-980493 ANONYMOUS FTP SITES: AUSTRALIA: ftp.ee.mu.oz.au (128.250.77.2) in /pub/text/CuD. EUROPE: ftp.funet.fi in pub/doc/cud. (Finland) UNITED STATES: aql.gatech.edu (128.61.10.53) in /pub/eff/cud etext.archive.umich.edu (141.211.164.18) in /pub/CuD/cud ftp.eff.org (192.88.144.4) in /pub/Publications/CuD halcyon.com( 202.135.191.2) in mirror2/cud ftp.warwick.ac.uk in pub/cud (United Kingdom) KOREA: ftp: cair.kaist.ac.kr in /doc/eff/cud COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ---------------------------------------------------------------------- Date: Wed, 19 Jan 94 15:19:21 PST From: CuD Moderators Subject: File 1--Proposed Computer-related Sentencing Guidelines/Hearings ((MODERATORS' NOTE: CuD 6.05 reported EFF's contributions to the proposed sentencing guidelines amending penalties for computer infractions. Below is the notice of public hearings and the text of the proposed computer-related modifications. The entire text can be obtained from the EFF archives ftp.eff.org in the pub/EFF/Issues/Legal/sentencing.amendment directory)). FEDERAL REGISTER VOL. 58, No. 243 Notices UNITED STATES SENTENCING COMMISSION Sentencing Guidelines for United States Courts Part V 58 Fed. Reg. 67522 DATE: Tuesday, December 21, 1993 ACTION: Notice of proposed amendments to sentencing guidelines, policy statements, and commentary; request for public comment. Notice of hearing. SUMMARY: The Commission is considering promulgating certain amendments to the sentencing guidelines, policy statements, and commentary. The proposed amendments and a synopsis of issues to be addressed are set forth below. The Commission may report amendments to the Congress on or before May 1, 1994. Comment is sought on all proposals, alternative proposals, and any other aspect of the sentencing guidelines, policy statements, and commentary. DATES: The Commission has scheduled a public hearing on these proposed amendments for March 24, 1994, at 9:30 a.m. at the Education Center (concourse level), South Lobby, Thurgood Marshall Federal Judiciary Building, One Columbus Circle, NE., Washington, DC 20002-8002. Anyone wishing to testify at this public hearing should notify Michael Courlander, Public Information Specialist, at (202) 273-4590 by March 10, 1994. Public comment, including written testimony for the hearing, should be received by the Commission no later than March 18, 1994, to be considered by the Commission in the promulgation of amendments due to the Congress by May 1, 1994. ADDRESSES: Public comment should be sent to: United States Sentencing Commission, One Columbus Circle, NE, Suite 2-500, South Lobby, Washington, DC 20002-8002, Attention: Public Information. FOR FURTHER INFORMATION CONTACT: Michael Courlander, Public Information Specialist, Telephone: (202) 273-4590. SUPPLEMENTARY INFORMATION: The United States Sentencing Commission is an independent agency in the judicial branch of the United States Government. The Commission is empowered under 28 U.S.C. 994(a) to promulgate sentencing guidelines and policy statements for federal sentencing courts. The statute further directs the Commission to review and revise periodically guidelines previously promulgated and authorizes it to submit guideline amendments to the Congress no later than the first day of May each year. See 28 U.S.C. 994(o), (p). Ordinarily, the Administrative Procedure Act rule-making requirements are inapplicable to judicial agencies; however, 28 U.S.C. 994(x) makes the Administrative Procedure Act rulemaking provisions of 5 U.S.C. 553 applicable to the promulgation of sentencing guidelines by the Commission. The proposed amendments are presented in one of three formats. First, the majority of the amendments are proposed as specific revisions of a guideline, policy statement, or commentary. Second, for some amendments, the Commission has published alternative methods of addressing an issue, shown in brackets. Commentators are encouraged to state their preference among listed alternatives or to suggest a new alternative. Third, the Commission has highlighted certain issues for comment and invites suggestions for specific amendment language. Section 1B1.10 of the United States Sentencing Commission Guidelines Manual sets forth the Commission's policy statement regarding retroactivity of amended guideline ranges. Comment is requested as to whether any of the proposed amendments should be made retroactive under this policy statement. Although the amendments below are specifically proposed for public comment and possible submission to the Congress by May 1, 1994, the Commission emphasizes that it welcomes comment on any aspect of the sentencing guidelines, policy statements, and commentary, whether or not the subject of a proposed amendment. The amendments below are derived from a variety of sources, including: monitoring and hotline data, case law review, and the recommendations of the Judicial Conference of the United States, Department of Justice, Federal and Community Defenders, Practitioners' Advisory Group, Probation Officers' Advisory Group, American Bar Association Sentencing Guidelines Committee, Families Against Mandatory Minimums, individual judges, probation officers, attorneys, and others. Publication of a proposed amendment or issue for comment reflects only the Commission's determination that the amendment or issue is worthy of public comment. As a resource when considering the proposed amendments, working group reports prepared by Commission staff are available for inspection at Commission offices or off-site duplication. The reports contain empirical and legal sentencing research focusing on (1) money laundering offenses; (2) computer-related offenses; (3) public corruption offenses; and (4) controlled substance offenses/role in the offense. Contact the Commission's public information specialist at (202) 273-4590 for details. Authority: 28 U.S.C. Section 994(a), (o), (p), (x). William W. Wilkins, Jr., Chairman. Computer-Related Offenses Chapter Two, Parts B (Offenses Involving Property) and F (Offenses Involving Fraud or Deceit) 1. Synopsis of Proposed Amendment: This amendment adds Commentary to SectionSection 2B1.1 (Larceny, Embezzlement, and Other Forms of Theft; Receiving, Transporting, Transferring, Transmitting, or Possessing Stolen Property), 2B1.3 (Property Damage or Destruction), and 2F1.1 (Fraud and Deceit; Forgery; Offenses Involving Altered or Counterfeit Instruments Other than Counterfeit Bearer Obligations of the United States) to address harms that may be significant in computer-related cases but not adequately accounted for by the loss table. In addition, this amendment revises Appendix A (Statutory Index) for violations of 18 U.S.C. 1030 to reference the offense guidelines that most appropriately address the underlying harms. Proposed Amendment: The Commentary to Section 2B1.1 captioned "Application Notes" is amended by inserting the following additional note:] "15. In cases in which the loss determined under subsection (b)(1) does not fully capture the harmfulness and seriousness of the conduct, an upward departure may be warranted. For example, an upward departure may be warranted if the offense involved a substantial invasion of a privacy interest. Although every violation of 18 U.S.C. Section 1030(a)(2) (intentional, unauthorized access of financial or credit card information) constitutes an invasion of a privacy interest, the Commission does not consider each such invasion to be a substantial invasion of a privacy interest. When the primary purpose of the offense was pecuniary, a sentence within the applicable guideline range ordinarily will be sufficient. By contrast, an upward departure may be warranted if the financial records of a particular individual were accessed for a non-pecuniary motive.". The Commentary to Section 2B1.3 captioned "Application Notes" is amended in Note 4 by inserting "or interference with a telecommunications network" immediately before "may cause". The Commentary to Section 2B1.3 captioned "Application Notes" is amended by inserting the following additional note: [*67523] "5. In a case in which a computer data file was altered or destroyed, loss can be measured by the cost to restore the file. If a defendant intentionally or recklessly altered or destroyed a computer data file and, due to a fortuitous circumstance, the cost to restore the file was substantially lower than the defendant could reasonably have expected, an upward departure may be warranted. For example, if the defendant intentionally or recklessly damaged a valuable data base, the restoration of which would have been very costly but for the fortuitous circumstance that, unknown to the defendant, an annual back-up of the data base had recently been completed thus making restoration relatively inexpensive, an upward departure may be warranted.". The Commentary to Section 2F1.1 captioned "Application Notes" is amended in Note 10 by deleting the period at the end of subdivision (f) and inserting in lieu thereof a semicolon; and by inserting the following additional subdivisions: "(g) the offense involved a substantial invasion of a privacy interest; (h) the offense involved a conscious or reckless risk of harm to a person's health or safety.". Appendix A (Statutory Index) is amended in the line beginning "18 U.S.C. 1030(a)(2)" by deleting "2F1.1" and inserting in lieu thereof "2B1.1"; in the line beginning "18 U.S.C. 1030(a)(3)" by deleting "2F1.1" and inserting in lieu thereof "2B2.3"; and in the line beginning "18 U.S.C. Section 1030(a)(5)" by deleting "2F1.1" and inserting in lieu thereof "2B1.3". ------------------------------ Date: Mon, 17 Jan 94 15:21:28 -0800 From: erikn@GOLDFISH.MITRON.TEK.COM(Erik Nilsson) Subject: File 2--Re: CuD, #6.07: CPSR lives down from my expectations (#1) I would like to respond to Bryce Eustace Wilcox's article in CUD #6.07, entitled "CPSR lives down from my expectations." Wilcox sez CPSR is: > a radical socialist/welfare-state lobby with a thinly veiled and > very active political agenda. Strong words, Bryce. As a CPSR member, I do not find that these words fit CPSR. CPSR isn't a socialist/welfare-state lobby, and there is _nothing_ veiled about our agenda. However, I won't microanalize your charges against CPSR, but rather fulfill your stated request: more information on what CPSR is and what CPSR stands for. The first thing to know about CPSR is that we discuss alot. CPSR is primarily composed of highly motivated and in many cases highly opinionated individuals, one of whom is Jim Davis and another of whom is me. Periodically, CPSR will be wracked by discussion on what CPSR's prioities should be. This is healthy and generally works out pretty well, and means that even one CPSR member, if they make a well reasoned argument, can ultimately sway the course of the entire organization. This has happened several times: when CPSR broadened its focus from computerized weapons systems to civil liberties and more computer use issues, and again when a small group in Seattle got CPSR directly involved in organizing and developing community networks, bringing the on-line world to the neighborhood. > CPSR is not simply a cyberspace civil rights lobby Damn strait. CPSR has other areas of concern, but our work on civil liberties for the on-line community has been very effective. More to the point, CPSR is not primarily a lobby organization at all, but an educational organization. To that end, we present all kinds of viewpoints in our newsletters, public forums, and so on. These are the views of our members or others, which, just like any college class or company department, cover a thankfully broad chunk of the political spectrum. We also file FOIA suits against government agencies who won't tell Americans things that by law they must tell us. I don't imagine that makes CPSR very popular with the NSA, the National Security Council, or the FBI, but I'm not sure that bothers me very much. I'm not a board member, so I can't speak with authority on CPSR's position on cyberspace, but my understanding of CPSR's position is as follows: If we look at how telephones have worked out, there have been positive and negative points. One positive point is that almost everybody has one, and in fact has access to one pretty much whenever they need one. Another good point is that, in theory, your telephone call is private. Not only does no one else (who doesn't have a warrant) have the right to listen to your call, they don't have a right to even know the call existed. One bad point is that each phone is hooked up to one LEC, and if the LEC is a goof (or, worse, you're using a COCOT, which all seem to be run by goofs), then you will have shitty service, and may not even be able to do what you wanted to do with the telephone. Furthermore, "regulated" monopolies have pretty much guaranteed that LECs will be goofy. The current NII slamdance may take care of the monopoly part, although it bears watching, remember the COCOTS. It would be a pity, however, if in finally untangling ourselves from Ma Bell's local loop apron strings, we somehow lose universal service. What good is all this whizzy new bandwidth, if you can't afford it, or even if you win the lottery, your friends can't afford it, so you can't visit them in cyberspace? Equally troubling, the FBI is now publicly and agressively demanding that the entire telecommunications infrastructure be modified, at untold expense, for automated wiretaps of _everything_ for voice and data. In a sense the FBI proposes to bug every car on the information highway, causing nothing but grief. Really, the proposed "new rules" are ludicrously broad. BBSs would appear to be covered, as are private networks. Running a little Appletalk net at home for printing? Better order that FBI-use-only dial-in line damn snappy, unless you want an in-depth field-trip through the criminal justice system. The FBI's actions combined with continuing BBS raids point out the extreme lack of regard in some quarters for civil liberties in cyberspace. Naturally, CPSR takes exception to these developments. CPSR's research and testimony was instrumental in keeping the FBI from creating a "suspect" database in the NCIC (a database of "suspicious" people who had never been charged with a crime), so we're comfortable tangling with the G-Men, and well-positioned to resist these disturbing developments. Here are some official words on CPSR: ------------------------------------------------------------------------ ************************************************************************ COMPUTER PROFESSIONALS FOR SOCIAL RESPONSIBILITY ************************************************************************ The mission of CPSR is to provide the public and policymakers with realistic assessments of the power, promise, and problems of information technology. As concerned citizens, CPSR members work to direct public attention to critical choices concerning the applications of information technology and how those choices affect society. Founded in 1981 by a group of computer scientists concerned about the use of computers in nuclear weapons systems, CPSR has grown into a national public-interest alliance of information technology professionals and other people. Currently, CPSR has 22 chapters in the U.S. and affiliations with similar groups worldwide. In addition to our National Office in Palo Alto, California, we maintain an office in Washington, D.C. Every project we undertake is based on five principles: o We foster and support public discussion of, and meaningful involvement in, decisions critical to society. o We work to correct misinformation while providing understandable and factual analyses about the impact of societal technology. o We challenge the assumption that technology alone can solve political and social problems. o We critically examine social and technical issues within the computer profession, both nationally and internationally. o We encourage the use of information technology to improve the quality of life. ************************************************************************ CPSR PROJECTS ************************************************************************ By sponsoring both national and local projects, CPSR serves as a catalyst for in-depth discussion and effective action in key areas: o The National Information Infrastructure o Civil Liberties and Privacy o Computers in the Workplace o Technology Policy and Human Needs o Reliability and Risk of Computer-Based Systems In addition, CPSR's chapter-based projects and national working groups tackle issues ranging from the implementation of Calling Number ID systems to the development of nanotechnology and virtual reality, from the use of computers in education to working conditions for computer professionals, from community networks to computer ethics. ------------------------------ Date: Sun, 16 Jan 1994 21:53:02 -0500 (EST) From: The Advocate Subject: File 3--Re: CuD, #6.07: CPSR lives down from my expectations (#2) Well i am glad to see the radical libertarian rush limbaugh reading writer has dropped out of CPSR. otherwise he would have hung around and like some bad avian from a poe story been crying out about socialism all day. I suppose the last time he used a pay phone out in the country he of course paid 3 dollars to handle the cost of the wire out to whatever cow patch he was in. And of course he pays in per mile to the state for the roads he uses. And when he drives out of town, and gets a soda, he of course pays the true market cost for the electricity to cool that. And when he flies out of those crappy western airports he of course throws a few dollars to the Air Traffic controllers along the way. We live in a society. sometimes we decide that certain items are public necessities. Consequently we decide to make them available to all without regards to means or geography. It's why we are a democracy. IF he doesn't like it, i suggest he move to hong kong. he may be happier there. ------------------------------ Date: 16 Jan 1994 00:47:44 -0600 From: ROBERTS%DECUS@MIMAS.ARC.AB.CA(Rob Slade, Ed. DECrypt & ComNet, Subject: File 4--"Terminal Compromise" by W. Schwartau (Book Review) Terminal Compromise (by Wynn Scwhartau) PUBLISHER: Inter.Pact Press 11511 Pine St. N. Seminole, FL 34642 813-393-6600 fax: 813-393-6361 "Terminal Compromise", Schwartau, 1991, 0-962087000-5, U$19.95/C$24.95 wschwartau@mcimail.com p00506@psi.com "Terminal Compromise" was first published in 1991, and was enthusiastically promoted by some among the security community as the first fictional work to deal realistically with many aspects of data communications and security. Although still available in that form, recently is has been "re-issued" in a softcopy "shareware" version on the net. (It is available for ftp at such sites as ftp.uu.net, ftp.netsys.com, soda.berkeley.edu and wuarchive.wustl.edu. Use archie to look for TERMCOMP.) Some new material has been added, and some of the original sections updated. Again, it has been lauded in postings on security related newsgroups and distribution lists. Some of you may be old enough to recall that the characters current in "Outland" sprang from a previous Berke Breathed cartoon strip called "Bloom County". Opus, at one point, held the post of movie reviewer for the "Bloom County Picayune". I remember that one of his reviews started out, "This movie is bad, really bad, abominably bad, bad, bad, bad!" He considers this for a moment, and then adds, "Well, maybe not *that* bad, but Lord! it wasn't good!" A fairly large audience will probably enjoy it, if such trivialities as language, characterization and plot can be ignored. For once the "nerds" don't get beat on; indeed, they are the heroes (maybe). The use of computers is much more realistic than in most such works, and many ideas that should have greater currency are presented. The book will also appeal to paranoiacs, especially those who believe the US federal government is out to get them. Consistency is the hobgoblin of little minds -- but it does make for a smoother "read". "Terminal Compromise" would benefit from a run through a style checker ... and a grammar checker ... and a spelling checker. Constructions such as "which was to be the hypocenter of the blast if the Enola Gay hadn't missed its target" and "National Bureau of Standards which sets standards" are understandable, although awkward. In other places it appears words might be missing, and you have to read over sentences several times to puzzle out the meaning. (The softcopy/shareware version comes off a little worse here, with fragments of formatting codes left in the text.) On second thought, forget the spelling checker. Most of the words are spelled correctly: they are simply *used* incorrectly. A reference to an "itinerant professional" has nothing to do with travelling. (Maybe he meant "consummate": I couldn't think of a synonym starting with "i".) The "heroine" trade was probably intended to refer to white powder rather than white slavery. There are two automobile "wreak"s. "Umbrage" is used twice. An obscure seventeenth century usage did once refer to shelter given by islands to a harbour, but it's stretching the language a bit to make it refer to a covering for the naughty bits. Umbrage usually refers to offence, suspicion, doubt or rage, as in "I take umbrage at what I suspect is a doubtful use of the language". Characterization? There isn't any. The major characters are all supposed to be in their forties: they all, including the President of the United States, speak like unimaginative teenage boys whose vocabulary contains no adjectives other than obscenities. This makes it difficult at times to follow the dialogue, since there are no distinctives between speakers. (The one exception is the president of a software firm who makes a successful, although surprising, translation from "beard" to "suit", and is in the midst of the most moving and forceful speech in the book, dealing with our relationship to computers, when the author has him assassinated.) The book is particularly hard on women. There are no significant female characters. None. In the initial introduction and background of the hero there is no mention of a significant other. It is something of a shock later to discover he is married, then that he is divorced. Almost all of the females are simply bedroom furniture. The portrayals remind one of the descriptions in "Don Quixote" of women "so gay, striking and beautiful that the sight of her impressed them all; so vividly that, if they had not already seen [the others], they would have doubted whether she had her match for beauty". Which raises another point. All of the hackers, except some of the Amsterdam crew, are fit, athletic and extremely attractive to the female of the species. Even among the I-Hack crowd, while there may be some certifiable lunatics, nobody is unkempt or unclean. These urbane sophisticates drink "Glen Fetitch" and "Chevas" while lounging in "Louis Boston" suits on "elegant ... PVC furniture". Given that the hackers save the day (and ignoring, for the moment, that they caused the trouble in the first place) there seems to be more than a touch of wish fulfillment involved. (Schwartau tries to reiterate the "hackers aren't evil" point at every opportunity. However, he throws away opportunities to make any distinctions between different types of activities. Although the different terms of phreaks, hackers and crackers are sprinkled throughout the story they are not well defined as used by the online community. At one point the statement is made that "cracking is taking the machine to its limit". There is no indication of the divisions between phreaks, hackers and crackers within their various specialties, nor the utter disdain that all three have for virus writers. Cliff Stoll's "Hanover (sic) Hacker", Markus Hess, is described as a "well positioned and seemingly upstanding individual". This doesn't jibe with Stoll's own description of a "round faced, slightly overweight ... balding ... chain smoking" individual who was "never a central figure" with the Chaos Computer Club, and who, with a drug addict and a fast buck artist for partners "knew that he'd screwed up and was squirming to escape".) What little character is built during the story is unsteady. The author seems unable to decide whether the chief computer genius is one of the good guys or the bad. At times he is mercenary and self-centred; at others he is poetic, eloquent and visionary; in yet other scenes he is mentally unbalanced. (He also appropriates the persona and handle of another hacker. We are never told why, nor are we ever informed of what happened to the original.) Following the characters isn't made any easier by the inconsistency of naming: in the space of five paragraphs we find that our hero, Scott Byron Mason (maybe) is the son of Marie Elizabeth Mason and Louis Horace Mason. Or possibly Evelyn Mason and Horace Stipton Mason. The main academic studying viral programs is Dr. Les (or Arnold) Brown (or Sternman) who is a professor at Sheffield (or MIT). (Interestingly, there is an obvious attempt to correct this in the later "softcopy" version of the book. At times the "corrections" make the problem worse.) For a "thriller", there is very little tension in the story. The unveiling of the plot takes place on a regular step by step basis. There is never any hint that the hero is in the slightest personal danger: the worst that happens is that one of his stories is quashed. Indeed, at the end of the book the computer attacks seem basically all to have succeeded, credit card companies are bankrupt, banks are in a mess, airlines are restricted, phone systems are unreliable and the bad guys are in charge. Yet our heroes end up rich and happy on an island in the sun. The author seems to be constantly sounding the alarm over the possibility of this disaster, but is unwilling, himself, to face the tremendous personal suffering that would be generated. Leaving literary values aside, let us examine the technical contents. The data security literate will find here a lot of accurate information. Much of the material is based on undisputed fact; much of the rest brings to light some important controversies. We are presented with a thinly disguised "Windows", a thinly disguised Fred Cohen (maybe two?), a severely twisted Electronic Freedom Foundation and a heavily mutated John Markoff. However, we are also presented with a great deal of speculation, fabrication and technical improbabilities. For the technically adept this would be automatically disregarded. For the masses, however (and this book seems to see itself in an educational light), dividing the wheat from the chaff would be difficult if not impossible. As with names, the author appears to have problems with the consistency of numbers. In the same paragraph, the softcopy version has the same number quoted as "over 5000", "almost 5000" and "three thousand". (It appears to have been "corrected" or updated from the original version without reading the context). A calculation of the number of hackers seems to be based upon numbers pulled out of the air, and a computer population an order of magnitude larger than really exists. The "network", seemingly referring to the Internet, has a population two orders of magnitude too large. Four million legal copies, with an equal number of pirate copies, of a virus infected program apparently result in only "between 1 and 5 million" infections. (I *knew* a lot of people had bought Windows but never used it!) Not the most prolific virus we've ever seen. Schwartau seems uncertain as to whether he wants to advertise real software or hide it. At various times the characters, incessantly typing to each other across the (long distance) phone lines use "xtalk" (the actual filename for Crosstalk), "ProCom" (ProComm, perhaps?), "ComPro" and "Protalk". They also make "4800 BAUD" connections (technically unlikely over voice grade lines, and even if he meant "bits per second" 4800 is rather an odd speed) and communicate with "7 bits, no parity, no stop bits" parameter settings. (The more common parameter settings are either 8 bits, no parity or 7 bits, even parity. You *must* have stop bits, usually one. And to forestall the obvious criticism, there is no indication in the book that a "non-standard" setting is being used for security reasons.) We are, at places in the text, given detailed descriptions of the operations of some of the purported viral programs. One hides in "Video RAM". Rather a stupid place to hide since any extensive video activity will overwrite it. (As I recall, the Proto-T hoax, which was supposed to use this same mechanism, started in 1991. Hmmm.) Another would erase the disk the first time the computer was turned on, which leads one to wonder how it was supposed to reproduce. (This same program was supposed to be able to burn out the printer port circuitry. Although certain very specific pieces of hardware may fail under certain software instructions, no printer port has ever been numbered among them.) One "hidden file" is supposed to hide itself by looking like a "bad cluster" to the system. "Hidden" is an attribute in MS-DOS, and assignable to any file. A "bad cluster" would not be assigned a file name and therefore would never, by itself, be executed by any computer system. We also have a report of MS-DOS viri wiping out a whole town full of Apple computers. Schwartau is not averse to making up his own virus terminology, if necessary. ("Stealth" is also reported as a specific virus.) At one point the book acknowledges that viral programs are almost invariably detected within weeks of release, yet the plot relies upon thousands of viri remaining undetected for years. At another point the use of "radio broadcasts" of viral programs to enemy systems is advocated, ignoring the fact that the simplest error checking for cleaning "noise" from digital radio transmissions would eliminate such activity. A number of respected security experts have expressed approval of "Terminal Compromise". This approbation is likely given on the basis that this book is so much better than other fictional works whose authors have obviously had no technical background. As such the enthusiasm is merited: "Terminal Compromise" raises many important points and issues which are currently lost on the general public. Unfortunately, the problems of the book, as a book, and the technical excesses will likely restrict its circulation and impact. As a fictional work the lack of literary values are going to restrict both its appeal and longevity. As an exhortative or tutorial work, the inability to distinguish between fact and fiction will reduce its value and effectiveness in promoting the cause of data security. copyright Robert M. Slade, 1993 BKTRMCMP.RVW 931002 ------------------------------ Date: Sun, 16 Jan 94 20:58:18 PST From: David.Batterson@F290.N105.Z1.FIDONET.ORG(David Batterson) Subject: File 5--Pit Stops Along The Info Turnpike Pit Stops Along The Info Turnpike by David Batterson Following are some thoughts gathered about the [and I'm getting sick of hearing the term] Information Superhighway, and some products that hope to catch some of the road travel business. AT&T is obviously bullish on the future, and not only because it offers long distance phone service. It now owns EO, Inc. (which makes the EO Personal Communicator, the expensive cousin to Apple's Newton), as well as Pensoft Corp., which makes EO's Perspective information management software. The EO Personal Communicator hasn't exactly taken the world by storm, but then again, the Newton hasn't either. John Sculley puffed his chest and crowed how the Newton was going to take off like a rocket; then Sculley shot off the launch pad instead. I've been trying to get an EO review unit since last summer, and still no luck yet. I could go buy one at one of 351 Office Depot superstores if I had the spare change, but I don't. 8^/ The CEO of EO is Alain Rossmann, who helped found C-Cube, Inc. (a market leader in digital still image and digital video compression technologies), and he was also a co-founder of Radius, Inc. Besides having an MBA, Rossmann has Masters degrees in civil engineering, math and physics. Rossmann said that "Pensoft has developed a breakthrough product with Perspective, and simultaneously created a data environment that allows customers with AT&T EO Personal Communicators to retrieve, store and manage a rich fabric of information from stock quotes and airline schedules to multimedia data." He adds that "Pensoft's data architecture, combined with EO's wireless access to the nation's information superhighway [whoop, there it is again!] is a powerful enabler for content publishing." Even though EO user get a free subscription to AT&T Mail, nowhere in the EO presskit is there any e-mail address for the company. Ironically, the EO spec sheet is headlined: "Always in Touch." Yeah, but I guess it's a carefully guarded secret how to reach them online. Wouldn't want to bother them with questions or anything, would we? Joel Silberman, Marketing Manager, Wireless Networking Group at National Semiconductor Corp., continues the line of thinking about PDAs. "The next generation of PDAs, hand-held terminals, subnotebooks are clearly on track to providing end users good tools on which to conveniently work," Silberman told me recently. "Wireless solutions such as WLAN cards, messaging/paging cards, and Personal Wireless Systems (like National Semiconductor's AirShare radio modules used with Traveling Software's new LapLink Wireless) are enabling technologies which when coupled with user-friendly software applications (such as LapLink) provide end users unparalleled convenience in accessing and sharing information on our new PDAs," he said. Silberman added that "new applications will allow for more reliable data collection and tracking, more productive doctors and nurses, and customer service and convenience that will drive the adoption of computers becoming consumer products." He thinks that "AirShare is significant because it brings the concept of personal, cordless wireless systems on the scene." and it will "set the stage for a host of products" that permit "a reliable way of sharing data in a local area while remaining mobile." Silberman likes the idea that "the information comes to me instead of me going to the data." If you want to send Silberman information, try: tjossc@tevm2.nsc.com. Mark Eppley, CEO of Traveling Software, isn't shy about expressing an opinion either. He e-mailed me that "basically, in terms of true consumer wireless on and off ramps to this much publicized info hwy, we are NOT there yet. I like using the auto industry to help explain where wireless technology is today." "There were two primary inventions that had a dramatic impact on making the automobile a widely used consumer product," Eppley said. "The first was the electric starter which became common place around 1921. We are now seeing the equivalent of 'electric starters' in the new crop of PDAs and portables with PCMCIA wireless card options." Eppley said "the second event that expanded the acceptance of the auto, was the automatic transmission in 1942. This is exactly what we need for the wireless data industry to take off. LapLink Wireless is really the first such automatic transmission. It's the first product that will automatically accomplish data communications by the mere fact of walking within range of the radio transceivers," he said. Right now, even though many of us--including journalists--get a lot of data via our fax machines and fax modems, how do we extract it for further use? I sure don't like retyping anything if I can help it. And until more PR agencies and in-house departments get up-to-speed on e-mail, then we'll just have to use fax software with OCR capability. I've been testing FaxWorks Pro 3.0 for several months now, and find it serves my faxing needs quite well. Its OCR feature converts text to all the popular word processing formats or to plain ASCII text. Below is the exact text read by the FaxWorks OCR module, from a fax of CuD information: Computer underground Digest is a weekly electronic journal/newsletter. Sub5cription5 are available free via e-mail from tkOjut2@mv5.c5o.niu.edu. The editor5 ma!j be contacted b!j voice (815-753-0303), FAX (815-753-G302) or 5nailmail at: Jim Thoma5, Department of Sociology, NIU, DeKalb, IL 60115. As you'll see, the FaxWorks OCR got everything right, except reading some of the "s" characters as a "5" instead, and a "y" character came out as "!j" for some reason. But with a quick search and replace, you can fix those misreads easily. That's what good data management today requires: quickness! FaxWorks Pro is from SofNet, Inc. in Atlanta, no Internet address was provided. Big surprise. In spite of the media frenzy, the "data thoroughfare" is still a long way off for most of us. Meanwhile most users are still dealing with the Windows 3.1 communication bottleneck, which limits reliable asynchronous data transfers above 19.2K bps. Pacific CommWare has now released TurboCom/2, an update of its drop-in replacement for the native Windows comm driver. It now takes advantage of the 16550 UART (Universal Asynchronous Receiver/Transmitter) chip used in the better 14.4K bps (and faster) internal modems. [Your newer PC may also have 16550 UART serial ports installed If not, you can upgrade.] What does this mean? You can then have up to 115.2K bps speeds, and support up to four high-speed serial ports simultaneously. And TurboCom/2 Plus allows you to use up to NINE serial ports. Will Windows 4.0 (aka the Chicago project) have new comm drivers making it unnecessary to buy add-ons like TurboCom/2? Quite possibly. Pam Edstrom, VP at Waggener Edstrom--Microsoft's PR firm--told me the other day that the next Windows will have a "Vcom.36, 32-bit communications driver, written as a virtual device" and it's "being developed internally." Pacific CommWare puts its e-mail addresses on its letterhead, so I'll give them to you: 3445374@mcimail.com, or 71521.760@compuserve.com. And last we look at another significant part of the Communique Interstate: BBBs and the massive amount of messaging going on there. The only way that users can deal with the glut of e-mail, public mail and files is with offline mail readers. I've tested and used a number of them including OffLine eXpress (OLX), Blue Wave and VbReader. My current reader of choice is Silver Xpress Off-Line Mail Reader, Ver. 4.0. It's not a Windows program, although "a Windows version is coming this year," Andrea Santos at Santronics Software told me. Silver Xpress--a shareware program that's widely available on BBSs--has many unique features not found in other mail readers. Many more are in development, Santos told me, and the new product will be called Gold Xpress. Silver Xpress has "in excess of 5,000 registrations," Santos said, "and we guess about 2-5% of users are registering." Santronics did list their BBS number (305-248-7815) but they didn't list an Internet address, but luckily I had it already: andrea.santos@f42.n105.z1.fidonet.org. So there you have it: some very different companies and their attempts to steer their way onto the {you know what], and extract a few dollars from your digital bank account. Happy trails, travelers. ### David Batterson has written for various computer publications, and weekly newspapers, including WIRED, PC TODAY, ComputorEdge (San Diego), WILLAMETTE WEEK (Portland), The Weekly News (Miami), and Bay Area Reporter (S.F.). This article may be freely distributed for noncommercial usage, but may not be published without permission. Thank you in advance for your proper use. * Evaluation copy of Silver Xpress. Day # 55 --- via Silver Xpress V4.00 [NR] -- uucp: uunet!m2xenix!puddle!290!David.Batterson Internet: David.Batterson@f290.n105.z1.fidonet.org ------------------------------ Date: Thu, 13 Jan 1994 21:29:44 EST From: Alert@washofc.cpsr.org Subject: File 6--FBI Pushes for Enhanced Wiretap Capabilities Source: CPSR ALERT,Volume 3.01 January 13, 1994 FBI Pushes for Enhanced Wiretap Capabilities In the past month, FBI officials have indicated publicly that they are continuing to push for enactment of legislation to mandate the building in of electronic surveillance capabilities into most telecommunications equipment. In addition, there are also reports that the Department of Justice is investigating the possibility of recommending changes in the law to allow for military personnel and equipment to be used by law enforcement for electronic surveillance of Asian speakers. On December 8, FBI Director Louis Freeh spoke at the National Press Club where he stated: In order to keep up with the criminals and to protect our national security, the solution is clear. We need legislation to ensure that telephone companies and other carriers provide law enforcement with access to this new technology. Communications Daily reported that the FBI and the telecommunications carriers have formed a working group to discuss the problem and that the companies might implement the capabilities voluntarily. This working group has met several times. Scripps Howard News Service reported on December 5 that the Department of Justice is considering proposing new legislation to allow the military to assist with wiretaps of Asian suspects. Currently the military is prohibited by the 1878 Posse Comitatus Act, which prohibits the use of military personal and resources in civilian law enforcement activities. It was amended in 1981 to allow for use of military personal and equipment for advice and assistance in drug interdiction. Freeh reportedly told Scripts Howard that "I think that if we had access to 50 or 100 qualified linguists in the Asian language[s] we could probably monitor by ten times our ability to do court-authorized surveillances of Asian organized crime groups." Civil liberties groups are concerned about the military conducting domestic electronic surveillance, especially in light of the recent disclosures by CPSR of the National Security Agency's role in the development of the Digital Signature Standard and the Digital Telephony Proposal. Sources inside the administration indicate that the long awaited inter-agency review of government encryption policy, including Clipper, the Digital Telephony Proposal and export control is due out by the end of January. The report is expected to be classified. ((CPSR ALERT can be obtained on-line from alert@washofc.cpsr.org)) ------------------------------ End of Computer Underground Digest #6.08 ************************************