Computer underground Digest Wed Oct 14, 1998 Volume 10 : Issue 51 ISSN 1004-042X Editor: Jim Thomas (cudigest@sun.soci.niu.edu) News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu) Archivist: Brendan Kehoe Shadow Master: Stanton McCandlish Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Field Agent Extraordinaire: David Smith Cu Digest Homepage: http://www.soci.niu.edu/~cudigest CONTENTS, #10.51 (Wed, Oct 14, 1998) File 1--REVIEW: "Web Security Sourcebook", Aviel D. Rubin/Daniel Geer/Ma File 2--REVIEW: "Bank of Fear", David Ignatius File 3--REVIEW: "Management of Library and Archive Security", Robert K. File 4--REVIEW: "Computer Crisis 2000", W. Michael Fletcher File 5--REVIEW: "Decrypted Secrets", F. L. Bauer File 6--REVIEW: "MCSE: The Core Exams in a Nutshell", Michael Moncur File 7--REVIEW: "Introduction to Security Technologies", Michael P. Ress File 8--REVIEW: "Blueprint to the Digital Economy", Don Tapscott/Alex Lo File 9--Cu Digest Header Info (unchanged since 25 Apr, 1998) CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION ApPEARS IN THE CONCLUDING FILE AT THE END OF EACH ISSUE. --------------------------------------------------------------------- Date: Fri, 18 Sep 1998 10:18:53 -0800 From: "Rob Slade, doting grandpa of Ryan and Trevor" Subject: File 1--REVIEW: "Web Security Sourcebook", Aviel D. Rubin/Daniel Geer/Ma BKWBSCSB.RVW 980711 "Web Security Sourcebook", Aviel D. Rubin/Daniel Geer/Marcus J. Ranum, 1997, 0-471-18148-X, U$29.99/C$42.50 %A Aviel D. Rubin rubin@bellcore.com %A Daniel Geer %A Marcus J. Ranum %C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8 %D 1997 %G 0-471-18148-X %I John Wiley & Sons, Inc. %O U$29.99/C$42.50 416-236-4433 fax: 416-236-4448 %P 350 p. %T "Web Security Sourcebook" As Steve Bellovin notes in the foreword, complexity and security are antithetical. To have a complete picture of the security of a single transaction in World Wide Web activity one must consider the hardware of the user, the operating system of the user, the client software of the user, the hardware of the host, the operating system of the host, the server software of the host, the base transport protocol, the higher level (generally HTTP: the HyperText Transport Protocol) protocol, the general structure of the network itself, and the various forms of content. To expect a short book to cover all of this material is unrealistic. The current work, however, is of inconsistent quality and falls short even of a much reduced target. Chapter one looks at basic Web history and technology plus a few illustrative security loopholes. While basic browser security information is presented in chapter two, the presentation is disorganized and seems to stress some relatively improbable risks. On the other hand, it does point out some important and little known problems with Internet Explorer. Advanced browser security lists a good deal of misinformation about cookies (along with some real dope) and discusses anonymous remailers in chapter three. The discussion of scripting, in chapter four, is simplistic in the extreme. While I would personally agree with the assessment that JavaScript and ActiveX are not worth the security hazards they represent, these technologies deserve more than the terse dismissal they receive in the text. Java gets somewhat more detailed discussion but the authors do not appear to distinguish between design factors and specific implementation bugs limited to a given platform. Server security is limited to UNIX permissions in chapter five. Chapter six looks primarily at commercial cryptographic products, but without having built a solid foundation for their effective use. Scripting is again reviewed in chapter seven, this time concentrating on (again) UNIX CGI (Common Gateway Interface) programming for sanitizing input from users. The overview of firewall technologies in chapter eight is reasonable and balanced, citing the different types of firewalls, their strengths and weaknesses, and the fact that firewalls can only be one tool in a larger security strategy, never a complete answer. Chapter nine presents the different protocols in transaction security quite well, but fails to give an analysis of the social and market forces that are equally important to the overall picture. Some systems for electronic payment are compared in chapter ten. Predicting the future is, of course, problematic, but chapter eleven seems to contains more faults than can legitimately be said to be inherent to the process. As only one example, the authors look forward with trepidation to "network aware" viruses. I'm sorry to tell you this, guys, but the proof of that concept happened in the wild more than a decade before you wrote the book, and has transpired depressingly often since. The presentation of this text as a sourcebook is probably valid on the one hand: the primary value of the tome lies in the mention of various commercial systems related to Web security. It cannot, however, be recommended as a sole source. Both a conceptual background and an overall review of the totality of Web security factors are missing. There are interesting points in the book, and even useful tips, but while it may belong on the bookshelf of the dedicated Web administrator it is not necessarily a must read for those with limited resources. copyright Robert M. Slade, 1998 BKWBSCSB.RVW 980711 ------------------------------ Date: Thu, 1 Oct 1998 10:12:24 -0800 From: "Rob Slade, doting grandpa of Ryan and Trevor" Subject: File 2--REVIEW: "Bank of Fear", David Ignatius BKBNKFER.RVW 980804 "Bank of Fear", David Ignatius, 1994, 0-380-72280-1 %A David Ignatius %C 1350 Avenue of the Americas, New York, NY 10019 %D 1994 %G 0-380-72280-1 %I Avon Books/The Hearst Corporation %O +1-800-238-0658 %P 388 p. %T "Bank of Fear" While an exciting enough thriller, and one giving an unusually sympathetic and insightful view of the Arab communities, this book is rather disappointing both in the raggedness of its ending and in the unlikeliness of its conclusions. One must allow fiction writers some leeway to explain certain items, and this is usually done through dialogue. One character will expound to another on a given topic. it gets a bit annoying, not to mention straining the willing suspension of disbelief, when a banker has to be lectured on the precepts of banking, and a systems manager has to have a tutorial on the standard backup command. In general, however, the technology part of the book is pretty good. An important part of the plot involves finding confidential files on a known system to which access has been withdrawn. The solution is elegant, functional, and involves that reliable of all data penetration tools, ignorance on the part of management. Actually, the method doesn't even rely all the heavily on ignorance: most computer professionals would see backups as a security tool rather than a vulnerability. The use of UNIX as a platform is more of a literary convenience than anything else, since any common business system has the equivalent of an administrative user who can gain access to anything. The one weak point in this scenario is the quick realization of the importance of the backup tape on the part of people who were previously so lax that they didn't even use encryption for vital files. Other technical plot devices are used as effectively. There is a lovely piece of social engineering, again relying on management folly and a demand for convenience. Call back verification is used as well, and a neat conceptual way of using it to for system breaking is presented. And everything a desktop machine can do, a laptop can emulate. Communications technology does not get quite the same care. The universal nature of modem standards is mentioned, but not the functional difference (and audible similarity) between modems used on computers and those included in fax machines. No allowance is made for possible differences in systems and the need for different terminal types. The call back spoofing trick is cute, but relies on the ability of forcing a line to stay open after the remote end has dropped both the connection and the switch hook, and also on a remote user leaving a home computer on, with a communications program running, and an automated login script set up and ready to go. The worst error, however, is the one on which the final activity of the plot relies. Although there are gateways that can send electronic mail to Telex systems, Telex is a separate system and cannot be reached by the public dial phone system. Although you can get Telex devices that can be operated by computers, Telex does not use modems; at least not the same kind that are normally used for computer work. Telex lines, in fact, have different operating characteristics from phone lines, and even different voltages. Plugging a modem into a Telex line would fry the modem as surely as plugging an ISDN modem into an analogue line would fry the ISDN device. copyright Robert M. Slade, 1998 BKBNKFER.RVW 980804 ------------------------------ Date: Wed, 30 Sep 1998 11:13:56 -0800 From: "Rob Slade, doting grandpa of Ryan and Trevor" Subject: File 3--REVIEW: "Management of Library and Archive Security", Robert K. BKMNLASC.RVW 980804 "Management of Library and Archive Security", Robert K. O'Neill, 1998, 0-7890-0519-0, U$29.95 %E Robert K. O'Neill %C 10 Alice Street, Binghampton, NY 13904-1580 %D 1998 %G 0-7890-0519-0 %I The Haworth Press Inc. %O U$29.95 800-429-6784 fax: 800-895-0582 getinfo@haworth.com %P 120 p. %T "Management of Library and Archive Security" This appears to be a hardcover "co-print" of Volume 25, Number 1, of the Journal of Library Administration. It talks about a wide range of security related issues, but also has significant weak points and holes in the coverage. Organization is random, with poor division according to the titular subject of the different papers. The organization also appears to be exactly backwards, with the first essay looking at what to do *after* you've been robbed, and the last discussing policy. Both quality and style vary from paper to paper. Those sections that do deal with law enforcement and reporting relate strictly to the United States, with one token mention of a British reporting group. While a number of important areas are touched on, and a good deal of useful information is given, it may be hard to find, or find again. The article on security, for example, does not provide practical details of patron access to highly secured special collections, although both the articles on audit and policies do address specific features and points. On the other hand, the piece that does address the need to provide lockers for patrons forced to leave coats and bags outside the reading room is not followed up with the greater necessity for similar provisions for staff facing the same restrictions. The article on the aftermath of a theft will probably be useful to those who are panicked by the first such occurrence. The material provides good, practical advice for those in the emotional throws of the event, although most of it is simple common sense. The paper on audit, on the other hand, says very little about auditing, and the content is does contain is theoretical and abstruse. Law enforcement gets a folksy treatment, and, in similar fashion to the first essay, seems to concentrate on calming nerves. Some advice on the issue of records and evidence useful in court might have been helpful. A recounting of a case recovering illegally transported artifacts is interesting, but serves primarily to remind managers of the importance of communication with colleagues and the range of law enforcement agencies. The single paper on security itself emphasizes preservation from the elements and makes only a token mention of active security against theft and none against fraud. The final article on security policies gives much practical advice on a variety of matters, but doesn't really address policy. Given the current importance of both library management systems and electronic access to collections and other information resources I find it significant that none of the essays discuss data security. As a short introduction to a specialty topic this has its place, but those seeking a complete resource will be disappointed. copyright Robert M. Slade, 1998 BKMNLASC.RVW 980804 ------------------------------ Date: Wed, 23 Sep 1998 10:04:53 -0800 From: "Rob Slade, doting grandpa of Ryan and Trevor" Subject: File 4--REVIEW: "Computer Crisis 2000", W. Michael Fletcher BKCMCR2K.RVW 980619 "Computer Crisis 2000", W. Michael Fletcher, 1998, 1-55180-138-8, U$12.95/C$15.95 %A W. Michael Fletcher feedback@highspin.com %C 1481 Charlotte Road, North Vancouver, BC V7J 1H1 %D 1998 %G 1-55180-138-8 %I Self-Counsel Press %O U$12.95/C$15.95 604-986-3366 fax: 604-986-3947 selfcoun@pinc.com %P 232 p. %T "Computer Crisis 2000" The book jacket states that the author has thirty years of experience in advising businesspeople how to deal with technology. If so, then he is, of course, part of the problem, since this problem is not one that wasn't foreseen. Indeed, in the preface he admits he came late to the problem, and certainly a warning book now is just a tad behind the times. However, the book is aimed at small and medium sized businesses. This market has been neglected in other works on the topic, and may still have room to fix the situation as far as it can be dealt with internally, since their computing needs are presumably less monolithic than those of the corporate giants. Part one is a definition of the problem and how it may affect people and businesses. The explanation is split into the first two chapters (the book chapters are very short). Generally the exegesis is reasonable, although not altogether convincing of the seriousness of the situation, but it also contains some sections detailing accounting functions that have only a minimal bearing on the issue. A third chapter lists some excuses for avoiding the work involved, but adds nothing to the book. Possible impacts get sidetracked into the beginnings of an action plan, the action plan is disorganized, and the section ends with a look at legalities that ends, for some reason, with some thoughts on tax law. Part two looks at large institutions. The review of government says what the author thinks they should be doing, but gives limited (and likely incorrect) analysis of what the situation and prognosis actually is. Much the same applies to the chapter on infrastructure and utilities. (The optimistic view of the Internet in the event of a communications failure is particularly naive.) The overview of finances simply looks at a bleak set of possible problems, most without solution. Planning and implementation is addressed in part three. The initial outline is quite good, stressing that the time for delay and cheap solutions is past, but it may not be entirely convincing to managers and business owners due to the weak opening in part one. Personnel and inventory get some detail, but the implementation itself is strung over four chapters with questionable organization. The final two parts contain two chapters looking at the possible ancillary benefits of going through the year 2000 process, and a very terse look at the international scene. An appendix lists both print and online resources. As Fletcher notes in the preface, he could not put absolutely everything into the book, and polishing and the inclusion of more material would have delayed a project that is late enough as it is. The concentration on personal computers and shrink wrapped software is valid given the target audience. However, more detail on certain implementation areas would have greatly improved the book. As only one example, getting commitments from suppliers is lacking in breadth and range, and there should be contingency plans for the inevitable failures in some part of the infrastructure. This book is not alarmist: if anything it does not paint the scene widely enough. copyright Robert M. Slade, 1998 BKCMCR2K.RVW 980619 ------------------------------ Date: Tue, 29 Sep 1998 10:32:31 -0800 From: "Rob Slade, doting grandpa of Ryan and Trevor" Subject: File 5--REVIEW: "Decrypted Secrets", F. L. Bauer BKDECSEC.RVW 980804 "Decrypted Secrets", F. L. Bauer, 1997, 3-540-60418-9, U$39.95 %A F. L. Bauer %C 175 Fifth Ave., New York, NY 10010 %D 1997 %G 3-540-60418-9 %I Springer-Verlag %O U$39.95 212-460-1500 800-777-4643 %P 447 p. %T "Decrypted Secrets: Methods and Maxims of Cryptology" Cryptology is the study of the technologies of taking plain, readable text, turning it into an incomprehensible mishmash, and then recovering the initial information. There are two sides to this study. Cryptography is the part that lets you garble something, and then recover it if you have the key. Cryptanalysis is usually seen as the "dark side" of the operation, because it is the attempt to get at the original meaning when you *don't* have the key. Most current and popular works on cryptology actually only speak about cryptography. For one thing, nobody wants to get into trouble by telling people how to break encryption. However, it is also much easier to blithely talk about key lengths and algorithms and pretend to know what you are doing if you don't have to understand enough math to try to figure out how to go about cracking a particular cipher. Bauer examines both sides, which is an important plus. If you need to decide how strong an encryption algorithm or system is, it is important to know how difficult it might be to break it. Chapter one looks at Steganography, the science of hiding in plain sight, or concealing the fact that a message exists at all. In this he first demonstrates a wide ranging historical background which is quite fascinating in its own right. Basic encryption concepts are introduced by the same historical background, but move on to a very dense mathematical discussion of cryptographic characteristics in chapter two. Encryption functions are started in chapter three, and it is delightful to have examples other than Julius Caesar's substitution code. Polygraphic substitutions are in chapter four and the math for advanced substitutions is in chapter five. Chapter six introduces transpositions. Families of alphabets, and rotor encryptors such as ENIGMA, are reviewed in chapter seven. Keys are discussed in chapter eight, ending with a brief look at key management. Chapter nine covers the combination of methods resulting in systems such as DES (Data Encryption Standard). The basics of public key encryption is introduced in chapter ten. The relative security of encryption is introduced in chapter eleven, leading to part two. However, it also ends with a discussion of cryptology and human rights, concentrating mainly, although not exclusively, on the US public policy debates. Part two examines the limits of functions used in cryptography, and thus the points of attack on encryption systems. Chapter twelve calculates complexity, and thus the size of brute force attacks. Known plaintext attacks are the basis of chapters thirteen to fifteen, looking first at general patterns, then at probable words, and finally at frequencies. Frequency leads to a discussion of invariance in chapter sixteen. Chapter seventeen follows with a look at key periodicity. Alignment of alphabets is covered in chapter eighteen. Of course, cryptographic users sometimes make mistakes, and chapter nineteen reviews the different errors and various ways to take advantage of them. Chapter twenty one looks at anagrams as an effective attack on transposition ciphers. The concluding chapter muses on the relative effectiveness of attacks and of cryptanalysis overall. Those seriously interested in cryptology will really need to be serious: brush up on your number theory if you want to use this book for anything. On the other hand, Bauer's history and vignettes from the story of codes and the codebreakers are interesting, amusing, and accessible to anyone. copyright Robert M. Slade, 1998 BKDECSEC.RVW 980804 ------------------------------ Date: Tue, 22 Sep 1998 13:34:40 -0800 From: "Rob Slade, doting grandpa of Ryan and Trevor" Subject: File 6--REVIEW: "MCSE: The Core Exams in a Nutshell", Michael Moncur BKMCSENS.RVW 980806 "MCSE: The Core Exams in a Nutshell", Michael Moncur, 1998, 1-56592-376-6, U$19.95/C$28.95 %A Michael Moncur mcsenut@oreilly.com %C 103 Morris Street, Suite A, Sebastopol, CA 95472 %D 1998 %G 1-56592-376-6 %I O'Reilly & Associates, Inc. %O U$19.95/C$28.95 800-998-9938 fax: 707-829-0104 nuts@ora.com %P 401 p. %T "MCSE: The Core Exams in a Nutshell" The MCSE core exams in a nutshell. Where they most definitely belong. This book covers the Networking Essentials (70-058), NT Workstation 4.0 (70-073), NT Server 4.0 (70-067), NT Server in the Enterprise (70-068), and Windows 95 (70-064) exams. Each chapter gives a brief introduction to the exam, explaining the type of material that it covers. A page or two of objectives lists the content that the reader will need to know, and apply, and provides a reference within the chapter for that objective. The text itself is very clear. Limiting itself to the basics of what you will be asked, the wording is lucid and, paradoxically, far more understandable than other volumes that try to try to teach you everything they know about (say) network essentials. "On the Exam" boxes point out how Microsoft sees the world, and the occasional "In the Real World" points out where knowing too much can get you into trouble. There are suggested practical exercises that will help make some of the theoretical material real and a practice test with explanations of all answers. Also included is a "Highlighter's Index" that repeats the most important items in point form. Not only does this save you shelf space, but it is, in all likelihood, the most effective study guide as well. Simulated test programs would be an additional asset, but other than that, this has the basics, and no clutter. copyright Robert M. Slade, 1998 BKMCSENS.RVW 980806 ------------------------------ ---------- Forwarded message ---------- Date: Mon, 5 Oct 1998 11:17:59 -0800 To: p1@cmpnetmail.com Subject: File 7--REVIEW: "Introduction to Security Technologies", Michael P. Ress VDINSCTC.RVW 980808 "Introduction to Security Technologies", Michael P. Ressler/Charles Blauner, 1995, 1-57305-067-9, U$1295.00 %A Michael P. Ressler %A Charles Blauner %C Room 3A184, 8 Corporate Place, Piscataway, NJ 08854 %D 1995 %G 1-57305-067-9 %I Bellcore %O U$1295.00 800-521-CORE fax: 908-336-2559 %P 224 min., 5 tapes, 260 p. %T "Introduction to Security Technologies" This five tape series is saved from being the proverbial "talking head" only because the video feed of the "head" in question is frequently interrupted by shots of lecture foils. The presentation uses text slides in almost every case. As the presenter states, at the end of pretty much every tape, the material is very brief and conceptual, giving very few details. In fact, the contents of each tape would be most suitable as the introductory chapter to a book on the relevant topic, since little more is done than to give a definition of the subject and some related issues. The use of video seems to be completely unnecessary, since the material could be presented just as well with an audio tape and copies of the foils (which are, in fact, provided). The first tape, only twenty minutes long, talks about issues in distributed systems security. The fundamentals are not well addressed, and the presentation is somewhat confused. In fact, the totality of distributed systems security is not addressed, and the main concerns are on single sign-on, encrypted or tunneling channels, and ticket access management for authentication. The UNIX security basics tape is very basic, including some history, file naming, and operations of some of the elementary security utilities such as chmod (used for changing file permissions). There is discussion of some slightly higher level concepts, such as the fact that the password file is world readable by default. There is also some mention of the fact that "trusted" hosts can be a vulnerability. However, about half of this tape is given over to a promotional demonstration of an AT&T UNIX security analysis tool. The third tape seems slightly out of place, since its discussion of Internet firewalls comes prior to the material to be later provided introducing the Internet. Oddly, the presentation of packet filtering is poorly explained and quite limited, whereas the explanation of the proxy server is pretty clear. This is the reverse of the usual case. As with tape two, some of the space is given over to a demonstration of the AT&T PINGWARE product. Tape four introduces TCP/IP and Internet security. Most of the material actually concentrates on a description of the Internet, packet encapsulation of Internet data, and a brief overview of basic Internet applications. In terms of security, Sun Microsystems gets hit on for its invention of remote procedure calls and the Portmapper program. The remaining material seems to boil down to "it's scary out there: you'd better learn something." The final item looks at DCE (Distributed Computing Environment) security. This is a slightly more detailed, and specific, version of tape one. (With the change of presenter we see a subtle change in "presentation" values. For whatever reason, the video taping was allowed to include a good deal of Blauner facing away from the audience. The impression left is that he is much more comfortable with his presentation software than he is with the audience.) It is difficult to think of anyone to recommend this product to. On the one hand, it could be calculated that for the price of one registration to a three or four day security course, you could give your whole department (and all future incoming staff) a morning of training. On the other hand, this is not the first morning of such a course, but rather the first half hour of each morning of a five day course. The actual content has been written in a number of places well enough to be read and understood in ten to fifteen minutes per topic. The presentation is not thrilling enough to catch the attention of those who could not be bothered to read it. Not even if you served popcorn. copyright Robert M. Slade, 1998 VDINSCTC.RVW 980808 ------------------------------ Date: Wed, 14 Oct 1998 09:47:26 -0800 From: "Rob Slade, doting grandpa of Ryan and Trevor" Subject: File 8--REVIEW: "Blueprint to the Digital Economy", Don Tapscott/Alex Lo BKBLDIEC.RVW 980801 "Blueprint to the Digital Economy", Don Tapscott/Alex Lowy/David Ticoll, 1998, 0-07-063349-5, U$24.95/C$35.95 %A Don Tapscott %A Alex Lowy %A David Ticoll %C 300 Water Street, Whitby, Ontario L1N 9B6 %D 1998 %G 0-07-063349-5 %I McGraw-Hill Ryerson/Osborne %O U$24.95/C$35.95 800-565-5758 fax: 905-430-5020 %P 410 p. %T "Blueprint to the Digital Economy: Creating Wealth in the Era of E-Business" The first paragraph of the preface tries to explain the purpose of the book, as is usual. Stripped of its new age jargon, the section appears to say that a lot of people talked about how business might use new communications. This work is mostly a collection of essays from extremely important, and therefore very busy, industry leaders. In other words, most of the papers have been written by PR departments. Remaining articles have been contributed by "independent consultants" looking for business or speaking engagements. The results are predictable. Part one is entitled "The New Rules of Competition" but doesn't say much about it, beyond generally opining that we are moving to a more cooperative age. (The Age of Aquarius, presumably.) The first and last essays in the section demonstrate that the rapidly changing times provide limitless opportunities for meaning-challenged buzzphrases and content-free diagrams. The bracketed papers hope that General Motors, IBM, Intel, and Sun Microsystems will be ready for whatever comes along. Part two informs us of the startling fact that the times they are a changing. (Surprise!) Businesses are seeing change in the fields of banking, newspapers, family snaps, education, telecommunications, and courier services. I must make note of Carol Twigg's excellent contribution, which presents not only hard "customer" data, but real technology as well. It is one of the few interesting bits in this aggregation of promotional puff pieces. Part three is supposed to tell us how the new technologies will help businesses to cope. Instead, Oracle is still flogging network computers. We are informed that the Internet is a good thing. Nortel tells us that the Internet is a good thing but needs to be made as reliable as the phone. Sprint tell us that the Internet is a good thing but needs to be made as reliable as the phone. Xerox tells us that we need a new browser. (Actually, Weiser and Brown's paper is much more interesting than that sounds, but isn't really a lot more useful in business terms.) Part four supposedly looks at governance in a networked age. One of the essays is an apologia for the Clinton administration policies, another is a vague, hand-waving explanation of "cyberspace." However, Stephen Kobrin's incisive examination of the futility of the concept of territoriality when applied to the net, and Vinton Cerf's unsurprising but well-grounded look at criminal misbehaviour online elevate the quality of the section significantly. Last night I reviewed a book that warned about the dangers of potentially ignorant, unfiltered, biased, and opinionated information being disseminated on the Internet, mixed in with and disguising the few real gems of information. This current work proves that the same point can be made about published, and highly publicized, books. copyright Robert M. Slade, 1998 BKBLDIEC.RVW 980801 ------------------------------ Date: Thu, 25 Apr 1998 22:51:01 CST From: CuD Moderators Subject: File 9--Cu Digest Header Info (unchanged since 25 Apr, 1998) Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically. CuD is available as a Usenet newsgroup: comp.society.cu-digest Or, to subscribe, send post with this in the "Subject:: line: SUBSCRIBE CU-DIGEST Send the message to: cu-digest-request@weber.ucsd.edu DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS. The editors may be contacted by voice (815-753-6436), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115, USA. To UNSUB, send a one-line message: UNSUB CU-DIGEST Send it to CU-DIGEST-REQUEST@WEBER.UCSD.EDU (NOTE: The address you unsub must correspond to your From: line) CuD is readily accessible from the Net: UNITED STATES: ftp.etext.org (206.252.8.100) in /pub/CuD/CuD Web-accessible from: http://www.etext.org/CuD/CuD/ ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/ aql.gatech.edu (128.61.10.53) in /pub/eff/cud/ world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/ wuarchive.wustl.edu in /doc/EFF/Publications/CuD/ EUROPE: nic.funet.fi in pub/doc/CuD/CuD/ (Finland) ftp.warwick.ac.uk in pub/cud/ (United Kingdom) The most recent issues of CuD can be obtained from the Cu Digest WWW site at: URL: http://www.soci.niu.edu/~cudigest/ COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ------------------------------ End of Computer Underground Digest #10.51 ************************************