Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
My tech report on the Internet Worm is finally finished! You can get a
compressed PostScript version of the formatted report via FTP as follows:
1) ftp to arthur.cs.purdue.edu (128.10.2.1)
2) login for anonymous ftp
3) set binary mode on
4) cd pub/reports
5) get TR823.PS.Z
6) quit
Then uncompress the file and print it.
[If you cannot uncompress it, you may access the UNCOMPRESSED PostScript
file directly (280,827 bytes, by the way!):
OMIT 3) above; it should also work in binary mode, but more slowly;
REPLACE 5) above with "get TR823.PS", using the name of the
uncompressed PS file. Also, use a
copying machine if someone you know has
already FTPed it. Spare the Internet. PGN]
If you have already ordered a paper copy of the report and you can FTP a copy
to print it yourself, please send me mail and cancel your request for a paper
copy.
If you cannot FTP a copy and you have already ordered a paper copy, have
patience. As soon as they get printed they will be mailed — before the end of
this week, I am told.
If you cannot FTP a copy and would like to order a paper copy, send me your
surface mail address and I will add your name to the list.
Cheers,
--spaf
Spaf's ``The Internet Worm Program: An Analysis'' is an extremely thoughtful and comprehensive report. It will be standard reading for years. It is offered by Spaf ``solely for the purposes of instruction and research'' (as he states in his title-page copyright notice), and is cited in RISKS for precisely those purposes. There are many lessons to be learned — including needs for better operating systems and network protocols, better quality programmers with greater social awareness, better ethical teaching, better laws, and generally better understanding of THE RISKS. Our thanks to Spaf for his considerable contribution. PGN
The House Science, Space and Technology Committee and the House Judiciary Committee are planning hearings on the Internet virus for the upcoming 101st Congress. Also, the author of the federal computer crime law says that he believes the virus programmer could be prosecuted under that law. Here is the source, from a story that appeared in THE SEATTLE TIMES, Sunday Nov 27 1988, p. B2: CONGRESSMEN PLAN HEARINGS ON VIRUS - Newhouse news service WASHINGTON - The computer virus that raced through a Pentagon data network earlier this month is drawing the scrutiny of two congressional committee chairmen who say they plan hearings on the issue during the 101st Congress. Democratic Reps. Robert Roe, chairman of the House Science Space and Technology Committee, and William Hughes, chairman of the crime subcommittee of the House Judiciary Committee, say they want to know more about the self-replicating program that invaded thousands of computer systems. The two chairmen, both from New Jersey, say the are concerned about how existing federal law applies to the Nov. 2 incident in which a 23-year-old computer prodigy created a program that jammed thousands of computers at universities, research centers, and the Pentagon. Roe said his committee also will be looking at ways to protect vital federal computers from similar viruses. `As we move forward and more and more of our national security is dependent on computer systems, we have to think more about the security and safety of those systems,' Roe said. Hughes, author of the nation's most far-reaching computer crime law, said his 1986 measure is applicable in the latest case. He said the law, which carries criminal penalties for illegally accessing and damaging `federal interest' computers, includes language that would cover computer viruses. `There is no question but that the legislation we passed in 1986 covers the computer virus episodes,' Hughes said. Hughes noted that the law also includes a section creating a misdemeanor offense for illegally entering a government-interest computer. The network invaded by the virus, which included Pentagon research computers, would certainly meet the definition of a government-interest computer, he said. `The 1986 bill attempted to anticipate a whole range of criminal activity that could involve computers,' he said.
Expenditures of time and money on computer-literacy education represent
important tradeoffs for schools. If you think that computer literacy should
be taught in school, how do you think schools should pay for it (hardware,
software, training, maintenance)? How should computer-literacy courses be fit
into the school day?
Since school budgets and days are finite, these questions raise the issue of
priorities. Should computer-literacy education be a high priority for our
education system? Why or why not? How do you compare computer literacy with
current education priorities?
[Respond to Ronni, please. PGN]
A flurry of risks relating to antisocial computer uses has been rapidly
developing into a blizzard:
* Hatred-promoting materials. Jeff Stout (jstout@boeing.com) alerted me to
an article in the Seattle Times/Post-Intelligencer, 11/20/88, excerpted
as follows:
The rapid spread in recent months of illegally produced floppy disks
with anti-Semitic and racist content, promoted by the increased use of
home computers, has alarmed West German teachers and those concerned
with protecting young people from exposure to military, racist and
pornographic violence.
The neo-Nazi underground has changed tactics", says Gerhard Adams,
deputy chairman of the government office responsible for monitoring
"youth-endangering" materials. "Instead of distributing leaflets,
they now circulate in schools computer programs which are anti-Semitic
and racist." [...]
While the majority of games glorifying war and Rambo-style episodes of
self-enforced law are produced in the United States and Great Britain,
games inciting racial hatred and propagating Nazi ideology are
believed to have their origin in Germany.
* A flurry of PC porno programs (including some highly interactive versions).
For example, a porno program is apparently sweeping through the banking
community (Lounge-suit Larry ...), some versions of which are Trojan
horsed and rather destructive. Many others have also been reported,
and with pirating and direct propagation seem to be spreading rampantly.
* Electronic chain letters such as that noted in the following message.
So, what is new? The subject matter is certainly not new. But the medium
offers new opportunities — proliferability, programmability, and privacy.
(Next we will be having subliminal messages on the screen, or even buried
inside the programs?)
Just received this. Figured best way to a) satisfy RISKS readers and b) "prevent breaking the chain" :-} was to submit this rather than victimize 20 more people. If this sort of thing is turned loose in email, the resulting exponential explosion could be as bad as the recent net worm (with willing vectors, anyhow). Unwilling vectors will just damp them out... but with 3 million PCs out there, how many do we need to keep it alive? [RISKS has no difficulty whatever in breaking this chain. Chain letters are bad enough via SnailMail, but electronically they open up horrible possibilities. PGN]
While visiting the University of Oregon last summer, I found a parking space with no meter, but a sign directing me around the corner. There was a small terminal with a map of the adjacent parking area, about 14 spaces along the side of the street. The instructions indicated that the money was to be deposited and the code number for my parking space keyed in. Out popped a little printed ticket with my parking space number and the time, date, etc when I arrived and how long before my parking expired. It's the only time I've seen such a system (instead of the normal mechanical parking meters). I assume the benefits of the system are that there is a centralized station for checking what cars are legally parked (the meter maid doesn't have to check each spot, but one central location), central collection of money, and if one car pays for an hour but leaves after 10 minutes, there is no visible record allowing the next car to just use the remaining 50 minutes without paying for it.
At Boston College, most faculty members are expected to advise between ten and twenty students. For various reasons (students requesting new advisors, faculty members on leave, students changing majors), the students I advise one semester often are not my responsibility by the time the next semester rolls around. So I wasn't too surprised when I received a call from a student I had advised in September asking for an appointment to see me; I told her that she was no longer one of my advisees, and suggested that she call the dean to find out who her advisor was. She called back an hour later and told me that she had been entered into the computer as class of 1993, and the computer had duly scheduled her to register in November of 1989. And my computer science students worry about why I stress data verification! Rob Gross
Please report problems with the web pages to the maintainer