3.1241 e-mail forwarding blues; review (139)

Willard McCarty (MCCARTY@vm.epas.utoronto.ca)
Fri, 30 Mar 90 23:24:53 EST

Humanist Discussion Group, Vol. 3, No. 1241. Friday, 30 Mar 1990.


(1) Date: Fri, 30 Mar 90 08:14:46 CDT (16 lines)
From: Steve Dill <UGA108@SDNET>
Subject: Network Secretaries

(2) Date: Thu, 29 Mar 90 09:52:01 -0500 (103 lines)
From: "Daniel Updegrove" <updegrove%a1.relay@upenn.edu>
Subject: Book Review

(1) --------------------------------------------------------------------
Date: Fri, 30 Mar 90 08:14:46 CDT (1 lines)
From: Steve Dill <UGA108@SDNET>
Subject: Network Secretaries

It seems that more and more of the e-mail I receive is transmitted
by someone for someone ELSE who can't, won't, or just doesn't
use the computer. I am frequently asked to relay messages to
my discussion groups and I do it willingly, but I also have to
find a way to relay the answer and take care of any questions or
other features of the exchange.
Therefore, I recommend a push to introduce users to networks and
to encourage others to use them. To quote Laubach "each one
teach one." Membership in discussion groups would grow and we
would all have time to do our own work.
Cheers,
Steve Dill (UGA|08 @ SDNET.BITNET)
(2) --------------------------------------------------------------129---
Date: Thu, 29 Mar 90 09:52:01 -0500(4) (1 lines)
From: "Daniel Updegrove" <updegrove%a1.relay@upenn.edu>
Subject: Book Review


The "Other" Network Break-in: A Review of The Cuckoo's Egg
by Clifford Stoll: Doubleday 1989

Reviewed by:

Frank Topper
Information Analyst
Data Administration and Information Resource Planning
University of Pennsylvania
(215) 898-2171
Internet: Topper@a1.relay.upenn.edu <or> Topper%a1.relay@upenn.edu

Penn Printout, Volume 6:6, March 1990, p. 7

The November 1988 Internet worm incident was widely publicized and prompted
both widespread discussion of ethical use of computer networks and some
long overdue closing of security loopholes on computers connected to the
Internet. Less publicized, but equally provocative, was the year-long
series of unauthorized penetrations of research and military computers --
via the same Internet -- documented by Clifford Stoll in the unexpected
bestseller, The Cuckoo's Egg -- Tracking a Spy Through the Maze of Computer
Espionage.

Who's Clifford Stoll?

An out-of-grant-money astronomer temporarily assigned to the computer room
at Lawrence Berkeley Laboratory in California. Despite having limited
programming experience he was given, on his second day of work, the task of
determining what had caused a 75-cent accounting error -- "Figure it out,
Cliff, and you'll amaze everyone," his boss said. Stoll dug into the
accounting software programs, found them accurate, and slowly became hook
how this error had occurred. Utilizing good scientific techniques he
questioned seemingly insignificant events, continuously asked 'why', and
eventually realized that his computers had been invaded by an unauthorized
user with significant expertise and that the invader had almost been
successful in erasing his tracks.

Is there a likeable hero?

"At least nobody could complain about my appearance. I wore the standard
Berkeley corporate uniform: grubby shirt, faded jeans, long hair, and cheap
sneakers. Managers occasionally wore ties, but productivity went down on
the days they did."

Is there suspense?

"Every ten minutes, the hacker issued the command "who", to list everyone
logged onto the computer. Apparently, he worried that someone might see
him connected, or might be watching. Later, he searched for any changes in
the operating system - had I modified the daemons (special software
programs) to record his session, as I'd first planned to do, he would
surely have discovered it. I felt like a kid playing hide-and-seek, when
the seeker passes within inches of his hiding place."

Is it filled with technical jargon?

"The cuckoo lays her eggs in other birds' nests. She is a nesting
parasite: some other bird will raise her young cuckoos. The survival of the
cuckoo chicks depends on the ignorance of other species. Our mysterious
visitor laid an egg-program into our computer, letting the system hatch it
and feed it privileges."

What are networks all about?

"The real work isn't laying wires, it's agreeing to link isolated
communities together. It's figuring out who's going to pay for the
maintenance and improvements. It's forging alliances between groups that
don't trust each other.

The agreements are informal and the networks are overloaded. Our software
is fragile as well -- if people built houses the way we build programs, the
first woodpecker would wipe out civilization."

"And I didn't just blunder about in a blind rage, trying to nab the guy
because he was there. I learned what networks are. I had thought of them
as a complicated technical device, a tangle of wires and circuits. But
they're much more than that - a fragile community of people, bonded
together by trust and cooperation. If that trust is broken, the community
will vanish forever."

This book made me think about:

* How ethical is it to monitor suspected hackers?

* What is the balance between securing the University's information
assets and allowing ease of use?

* Is my password "guessable?"

* Am I responsible if I 'loan' my password to another, and sensitive
files are damaged or revealed?

* What are the tradeoffs between university-wide computing standards
and the protection afforded by "genetic diversity"?

The Cuckoo's Egg is a great spy story and a terrific introduction to
computer networks and information security. I couldn't put it down.