Computer Knowledge Newsletter – June 1998 Issue

In This Issue:

Virus News

Consolidations. You may have noted several consolidations in the anti-virus business recently. First, Symantec announced they will be licensing the IBM engine for inclusion into their Norton Anti-Virus program. In another move Network Associates (makers of McAfee) has made an offer for Dr. Solomon’s. There is no telling what this will do to the actual anti-virus products but it’s clear that the industry is consolidating and attempting to provide full security solutions from single companies instead of having you go to one company for a firewall and another for a client anti-virus program and yet another company for a network-based anti-virus program.

General Security

ISP as Big Brother. Did you ever think about your ISP? Chances are you never notice them; you just call them up, collect your mail, send mail, and use them as your gateway to the internet. But, consider that because you can do all these things through your ISP, your ISP can monitor all those things.

Using packet sniffer techniques an ISP can, in theory, monitor everything a customer does and compile a significant amount of information about that customer.

Should this worry you? Probably not a great deal if you are using a national ISP. National ISPs can have more than 300,000 customers and 45,000 dial-in ports. Monitoring all these for a specific user would be difficult at best. However, corporations and other smaller operations that connect to the internet will very much have the capability to do this monitoring through single ports. Indeed, it’s one way corporate information technology departments keep track of users on the internet. E-mail can also be monitored for purposes of compliance with company directives.

Bottom line: If there are rules relating to your use of the internet via the connection you’ve been given, it would be best to follow them. Finding out if you are or not is simply a matter of your information technology people spending about $1,000 for a good packet sniffer (which they can also use to detect and track anomalous conditions).

Corporate Spy. Consider the following employee: Excellent work, a good co-worker, a potential friend, a good candidate for management fast track. Sound like the ideal employee? It most certainly does. The problem is, it’s also the profile of a good corporate spy!

Historically, your biggest threat from spying is from within. It’s well and good to take precautions against the outside threat (e.g., cross-cut shred documents that are being thrown away) but the inside threat is still a very real one. Now, consider what sorts of information someone spying on your organization might want: information valuable to you like your business strategies, upcoming plans, what’s in the R&D labs, etc. Finally, who is in the best position to get that information? That’s right, your best employee.

This is not to say that your best employee will sell information they may have; just a friendly reminder that you need to keep a watchful eye out.

Intruder Watch. Assuming you don’t have a super-powerful intruder detection program running on your network, what sorts of things should you, as an operator, be looking for in order to detect intrusion attempts? There are a few obvious ploys:

  • Watch for port scans. An intruder may be searching your network for entry points.
  • Watch for the use of tools that are designed to expose network holes (e.g., Security Administrator’s Tool for Auditing Networks).
  • Look for anyone trying to exploit holes left by operating system or software bugs (you should have fixed these as announced, but the intruder will still try to find them and that’s the indicator).
  • Look at password failures closely. If frequent, someone may be trying to guess a password.
  • Monitor and counter denial-of-service attacks.

And, while we’re on the subject of intruders, Network Associates, Inc. through their acquisition of Secure Networks, Inc. now has a “Honey Pot” technology that it can use to attempt to entrap hackers. Due out at the end of the year, this technology will basically establish a dummy network with what looks like enticing data on that network. A hacker will be drawn to this data and virtual network and, while there, the system will gain information about the hacker and their habits. The source of the hack will also be researched. While it may take a few visits to actually find the source of an attack, if it can be found, having the hacker spend time in the Honey Pot instead of in the real network is a benefit in itself. The downside is that the network administrator needs to have a good grounding in use of the technology.

Password Safety. Have you ever gotten an E-mail message saying you’ve been signed up for a particular service you’ve never heard of with a logon and password in the message–a logon and password that you’ve used before? Some users did recently from

Basically, in this case has been providing services to Ad Age Interactive and Ad Age is supposed to have requested its subscribers to registered with so they could take part it their services as well. This mass registration triggered’s E-mail response mechanism resulting in everyone getting a registration E-mail with their Ad Age username and password in it.

The real question, of course, is how often your various passwords get moved around from company to company as mergers and other business arrangements take place. Do you know where your password is tonight?

Another AOL Lapse. Another potential AOL lapse has been uncovered by both hackers and the press. This is not a technical lapse, but a personnel lapse.

Apparently many AOL customers forget their password and have to call customer support to get a new one. The customer service representative is supposed to completely identify the person on the line. This is usually done by getting a screen name, name, address, residence city, AND either credit card number or checking account number. It’s this latter piece of information that would be hard for someone to obtain and therefore serves as a good identifier.

Unfortunately, some customer service representatives have not been asking for the financial information. Since the rest of the information can be easily found in various directories, hackers have been able to hijack AOL accounts by simply getting the public information and then calling customer support and pretending to be that individual. Once they have the new password the account cannot be accessed by the real owner and the hacker has free access.

Moral: Don’t leave any accounts dormant for any length of time without at least checking them to make certain you can still access them. If you can’t contact the service provider immediately and get the matter taken care of.

Outlook Express Mail Bomb. A “feature” in Microsoft’s Outlook Express lets users break large E-mail attachments into small blocks (as small as 16K each) when sent to the same E-mail address. If a user wants to mail bomb your address all they have to do is send you a message with an extremely large file as an attachment and this option enabled. You would then receive thousands of messages; each with a small portion of the file attached.

Microsoft indicates they have no plans to remove this feature and it is not known to have caused any problems as yet; but the potential is there.

E-mail Delivery. Is your E-mail getting through to those you are sending it to? Are you certain?

As part of the on-going war on spam some carriers are blocking E-mail from other carriers. The reason is that a few national ISPs have not taken precautions against spammers using their mail server to forward unwanted mail to hundreds of thousands of users. When this happens, the attacked ISP’s address appears in all the unwanted E-mail and if it happens often enough, some other ISPs take action to protect their users by actually blocking mail from the attacked ISP until they take some security precautions. One of the readers of this newsletter actually found themselves in this situation and even though they were not to blame for anything their E-mail was blocked by the receiving service.

So, I’ll ask again: is your E-mail getting through? The only way you know for certain is if you get a response. You should never just assume an E-mail message got to its intended receiver unless you get a response. And, conversely, that’s one reason why for messages I know the sender wants me to get I always try to frame at least a “Thank you for the mail” response. It’s the polite thing to do.

Security Breach Hoax. Some folks are now getting messages like:

WaaHoo! Just sent some Email *from* YOU.
Scary, huh?!? To have your mailbox so open.

The simple fact is that you can type any return address into your E-mail program and make it appear as though folks are getting message from anyone. The key is comparing the path the message took (i.e., the mail server it was sent from and to some extent the routers it went through) to the actual user to help assure the return address is valid. The hoax here is in trying to scare you into thinking the hoaxer has done something special. The capability has been with E-mail programs on the internet from the start.

Information of Interest

OROM Technology. How would you like to have technology that is smaller than a business card (59x46x2 mm), holds 128MB, has no moving parts, and costs under $3? You might if optical read-only memory (OROM) takes off.

The card itself is stamped from plastic just like CD-ROMs, and so are very inexpensive. The top of the card consists of a matrix of small diffractive lenses; the bottom is a series of data “patches.” Each data patch contains 32K and there are about 5,000 patches on a card. The center of the card is transparent. In operation, the card would be inserted into a reader and aligned so that under each data patch is an organic light-emitting diode (OLED). When data is called from the card the appropriate OLED is lit and the light travels through the data patch and is then focused by the diffractive lens into a collector lens at the top of the reader. That lens then focuses the light through the center transparent area to a CMOS image sensor in the reader. This image sensor contains one million pixels and has on-chip high-speed analog-to-digital converters built in.

OROM technology appears to have great promise for maintaining static information in a highly portable format that is highly resistant to damage. Expect to see readers in maybe mid-1999. The technology is being developed by ioptics in Bellevue, WA.

Y2K DOS. Are you still using DOS for functions in your computer plans? If so you might want to be aware that there are a few Y2K issues with DOS. Microsoft has largely ignored these, but IBM has now introduced a Y2K compliant version of DOS: PC DOS 2000. If you need a new version of DOS to handle Y2K problems for you talk with IBM.

World Ends Anytime. Now that I have your attention, if you have an interest in science you might want to consider a daily visit to the Science Daily web site ( Link). There you will find many of the cutting-edge discoveries as they make their way out of the lab. Of course, like any “breaking news” site you do have to take the information with a skeptic’s eye; but it is interesting to see the stories develop.

Oh, yes, there was a story recently about the possibility of the world ending. Take a look at: [No longer available] to see a story titled: “Cosmic Cloud Could Burst Earth’s ‘Breathing Bubble,’ New Computer Simulation Shows” wherein you can learn that a computer simulation predicts that should the solar system move through an area of space with just a few more atoms per unit volume in it that the heliosphere bubble around the solar system could be disrupted and Earth could be exposed to neutral hydrogen which could completely disrupt the climate and increase cosmic rays. Stick around for a few hundred thousand years and find out.

Online Service vs. Content. Watch out world. The end of May a Bavarian court convicted a former CompuServe executive of trafficking child pornography over the internet–even though he had no direct role in placing it on the internet! A third party was sending the pornography through CompuServe’s network. Many worry that this ruling will signal increased liability for ISPs and that this will force them to police everything going through their computers or be in danger of prosecution by the most conservative nation in the international community; indeed, this nation would be in a position to effectively impose its values on the world.

Judge Wilhelm Hubbert ruled that ISPs are effectively accomplices to crimes carried out over their networks. “Even on the Internet, there can be no law-free zones,” the court said. “The accused is not a victim. He abused the medium.” (This, even when Germany has passed a law saying ISPs are not accountable unless they know about improper content and have the technical capability of blocking it–that law passing a month or so after the verdict.)

Watch this one closely. It’s only a short step from this to extradition requests for a wide variety of things that might be legal in one country but not in another.

International Libel. [This newsletter is created throughout the month. A short while after writing the above, the following appears in the NY Times…”English Court May Test U.S. Ideals on Online Speech”]

Dr. Laurence Godfrey, a British lecturer, has sued Cornell University and a former graduate student in the London High Court of Justice. Dr. Godfrey contends defamatory messages were posted to a newsgroup three years ago. When asked to remove the messages Cornell supposedly refused, citing the First Amendment and free speech.

Apparently Cornell, which has limited resources in England, has consented to the jurisdiction of English courts while the graduate student did not properly file a response and has had a default judgment issued against him (although any action will wait until the full case is heard).

English libel law is much more strict than U.S. libel law. In English law any party that participates in the chain of publication of a defamatory statement can be targeted by a lawsuit. Participation generally requires knowledge of the statement. The extent to which “innocent dissemination” applies to ISPs has not been tested in English court.

Godfrey seems to be a leader in this matter. He is also apparently suing the University of Minnesota in London and also a London-based ISP; both for being involved in publishing defamatory statements about him on Usenet newsgroups. He has also settled or won other libel cases in both England and Australia.

It should be interesting to watch this one play out as well.