Return-Path: Received: by massis.lcs.mit.edu (8.7.4/NSCS-1.0S) id LAA04146; Mon, 6 May 1996 11:07:29 -0400 (EDT) Date: Mon, 6 May 1996 11:07:29 -0400 (EDT) From: ptownson@massis.lcs.mit.edu (Patrick A. Townson) Message-Id: <199605061507.LAA04146@massis.lcs.mit.edu> To: ptownson@massis.lcs.mit.edu Subject: TELECOM Digest V16 #216 TELECOM Digest Mon, 6 May 96 11:07:00 EDT Volume 16 : Issue 216 Inside This Issue: Editor: Patrick A. Townson Growth of Cybercrime (Knight-Ridder via Tad Cook) Those Damned Magazine Subscriptions (Christopher Zguris) Smart Antennas Workshop at Stanford Univ, July 1996 (Sumeet Sandhu) ICA Announces 1996 Summer Program (Irina A. Strunina) Low Cost LAN/WAN Training at UC Boulder (Irinia A. Struina) TELECOM Digest is an electronic journal devoted mostly but not exclusively to telecommunications topics. It is circulated anywhere there is email, in addition to various telecom forums on a variety of public service systems and networks including Compuserve and America On Line. It is also gatewayed to Usenet where it appears as the moderated newsgroup 'comp.dcom.telecom'. Subscriptions are available to qualified organizations and individual readers. Write and tell us how you qualify: * ptownson@massis.lcs.mit.edu * The Digest is edited, published and compilation-copyrighted by Patrick Townson of Skokie, Illinois USA. You can reach us by postal mail, fax or phone at: Post Office Box 4621 Skokie, IL USA 60076 Phone: 500-677-1616 Fax: 847-329-0572 ** Article submission address: ptownson@massis.lcs.mit.edu Our archives are located at mirror.lcs.mit.edu and are available by using anonymous ftp. The archives can also be accessed using our email information service. For a copy of a helpful file explaining how to use the information service, just ask. ************************************************************************* * TELECOM Digest is partially funded by a grant from the * * International Telecommunication Union (ITU) in Geneva, Switzerland * * under the aegis of its Telecom Information Exchange Services (TIES) * * project. Views expressed herein should not be construed as represent-* * ing views of the ITU. * ************************************************************************* In addition, TELECOM Digest receives a grant from Microsoft to assist with publication expenses. Editorial content in the Digest is totally independent, and does not necessarily represent the views of Microsoft. ------------------------------------------------------------ Finally, the Digest is funded by gifts from generous readers such as yourself who provide funding in amounts deemed appropriate. Your help is important and appreciated. A suggested donation of twenty dollars per year per reader is considered appropriate. See our address above. All opinions expressed herein are deemed to be those of the author. Any organizations listed are for identification purposes only and messages should not be considered any official expression by the organization. ---------------------------------------------------------------------- From: Tad Cook Subject: Growth of Cybercrime Date: Sun, 5 May 1996 20:37:39 PDT FBI Survey Reveals Growth of Cybercrime By Rory J. O'Connor, San Jose Mercury News, Calif. Knight-Ridder/Tribune Business News May 6--Intruders are breaking into the nation's computer systems at an increasing rate and often with more nefarious motives than in the past, according to a survey co-sponsored by the FBI and a private group of computer security professionals. With more attacks made by people outside an organization, security experts and civil libertarians are renewing their call for fewer government restrictions on encryption technology that protects information. If computer crime keeps growing, security experts said, it could suffocate the burgeoning growth of commerce on the Internet. "What this shows is that the ante has been upped in cyberspace," said Richard Power, senior analyst of the Computer Security Institute in San Francisco, which conducted the survey. "As all manner of commerce moves into cyberspace, all manner of crime is moving there as well. It's no longer just vandalism." More than 40 percent of the 428 corporate, university and government sites that responded to the FBI survey reported at least one unauthorized use of their computers within the last 12 months, with some institutions reporting as many as 1,000 attacks in the period. The attacks range from "data diddling," where some information on the compromised computer is changed, to wholesale attempts to steal passwords or prevent legitimate users from gaining access to the systems. The increase in cybercrime doesn't pose much danger to individuals using computers at home. It is the corporate databases that attract cyber-thieves. While more than half the organizations surveyed reported that some attacks came from inside the organization itself, more than a third said they had been attacked via the Internet, a disconcerting statistic for businesses that want to conduct commerce in cyberspace. About 75 percent of the executives who responded to the survey said they feared attacks from independent hackers and "information brokers." Nearly 60 percent said they consider their domestic competitors just as likely to try to break into their computers. Organizations could protect themselves by using technology that encrypts the storage and transmission of computer data. The strongest such technology would make it nearly impossible for an unauthorized person to read or misuse data -- yet it is not widely deployed because the U.S. government won't allow its export. Companies, therefore, don't include it with many of their products. "The No. 1 reason why computer crime happens is because we have a totally backward encryption policy in this country," said Daniel Weitzner of the Center for Democracy and Technology in Washington. Computer security experts said that any significant growth in computer crime could make consumers and businesses doubt that an honest transaction would take place on the Internet, instead fearing they would be vulnerable to theft of information, services or money. "It's important not to sensationalize things, because if you do you trivialize them," said Power. "But there is definitely a trend across the board of increased unauthorized use of computers from both the inside as well as the outside." His organization conducted the survey at the request of the FBI, using questions based on information supplied by the agency. The FBI has stepped up its investigations of computer crime in the past year, assembling special groups in San Francisco, New York and Washington to combat it. And agency director Louis B. Freeh testified before Congress earlier this year about what he considers the growing danger to U.S. businesses from information spies, including some in the employ of foreign governments or competitors. The report doesn't mean, however, that computer users everywhere should panic. Computer security experts note that individual personal computers, especially at home, are far less likely to be attacked than larger systems used by corporations and government agencies. The information those computers contain isn't nearly as valuable as a corporate database -- and the computers themselves make less-tempting targets for hackers because they are much simpler than large systems, offering fewer technical security holes to exploit. They also say the likelihood that a given individual will suffer from a computer-related crime -- for example, having a credit card number purloined by a hacker during an on-line purchase -- is fairly small, and that existing laws cap an individual's responsibility to pay. "As an individual, your liability is low," said Steven M. Bellovin, a computer security expert with AT&T Bell Laboratories. Computer crime statistics have also been notoriously unreliable in the past few years. Predictions that the so-called Michelangelo virus would wreak wholesale destruction on the world's PCs turned out to be laughably hyperbolic; only a handful of machines were ever infected. And much of the nation's hysteria over computer crime revolves around media accounts of just a few well-known "hackers" -- such as Kevin Mitnick and Robert Tappan Morris Jr. -- whose exploits turned out to be far less damaging than the publicity surrounding them. "Mitnick is often portrayed as a technical wizard," said Bellovin of the hacker who was arrested last year after a decade-long chase and then became the subject of at least three books. "Well, he's OK, but he's really a good con artist." Bellovin said Morris, the son of a National Security Agency programming expert who created a "worm" program that shut down parts of the Internet in 1988, had just been trying to draw attention to its security flaws. "He had a horrible lapse in judgment," he said. Many hacker "crimes" have just been the equivalent of "juveniles cruising cyberspace with virtual spray paint marking things," Power said. The most malevolent incidents of computer crime in the past have been committed by disgruntled employees against their employers; those incidents have usually resulted in the greatest financial losses. Perhaps because of that, however, law enforcement officials are growing concerned about their ability to sniff out -- and snuff out -- computer crimes. What worries law enforcement officials is that institutional victims of computer break-ins or other cybercrimes rarely report the incidents to police. The study bears that out: the respondents said they reported just 16.9 percent of suspected computer crimes. The overwhelming reason: They don't want the negative publicity that can come from a press account that their computer system was vulnerable. Only 8 percent of the more than 4,000 institutions who were mailed the survey responded at all, according to the FBI. But that may be a moot issue: according to Bellovin, the very complex nature of software and the imprecision with which it is written means that "computer security is very hard to solve." He called the Internet notably vulnerable because it was never designed to be secure in the first place. The worst security risk on the Internet is also its most popular aspect: the World Wide Web, because its complexity makes it "easy to (program) it wrong," Bellovin said. Some of the most troubling results of the survey, according to Power: the most frequent kind of computer crime at medical and financial institutions involves data diddling, meaning that "someone is changing people's medical records and financial histories," he said. It also appears that there's more computer crime for hire occurring, Power said, exploiting mainly older hackers who have graduated to making money off the skill they once used simply to establish bragging rights with their peers. He suggested that some of the hiring is being done by intelligence services of various governments, although he offered no proof. "You can't document it," he said, "but it's a no-brainer, as far as I'm concerned." FOR ONLINE SERVICES: Visit Mercury Center on America Online (keyword: MERCURY) or Mercury Center Web, the World Wide Web site of the San Jose (Calif.) Mercury News. Point your browser to http://www.sjmercury.com [TELECOM Digest Editor's Note: Two I like watching a lot and getting a laugh out of are Kevin Lipsitz, female impersonator and magazine salesman to the net, and that other creep in New Mexico who calls himself Spam King. Yes, they are both still active, trying to rip off mailing list names. More about Kevin in the next message in this issue; he apparently struck again recently on other mailing lists. PAT] ------------------------------ Date: Sun, 5 May 1996 18:42:53 -0700 From: Christopher Zguris Subject: Those Damned Magazine Subscriptions Way back I contacted you about a home for a mailing list I run, Current-l. Well, I found a home at Netcom, then moved it to World.std.com. For some reason, Netcom never got around to removing the list (even though I asked them to and cancelled the shell account). Anyway ... I had three lists at Netcom (all basically dead, but Netcom forgot to remove them). Kevin -- the guy selling the magazine subscriptions -- found them, as well as every other Netcom list, and has been bombing them with his ads (we're talking five or six different spoofed AOL senders, in the course of a few days). He's also sent it to World, but that list is closed and it bounces. He's also hit a friends' motorcycle mailing list, it got through -- ironically -- while my friend was installing a new filter. Anyway, to make a long story short, I read your article through the web page for spammers, and had a telecom question. If Kevin is using a residential line for business purposes, isn't that a tariff violation? I was curious about who to contact, and who to direct my subscribers (of my mailing list) to contact. It would be great to get his lines disconnected or changed and billed at business rates. Christopher Zguris - czguris@ix.netcom.com - Uhhh, Ear? 1991 Honda VFR (Red, with red accessories) [TELECOM Digest Editor's Note: Well, you don't know that he is using residential service for business-related stuff, and even if he were that gets to be a stretch since it is quite acceptable to 'work at home' these days, and all the telcos seem to almost encourage it. I don't think that complaint would get you anywhere. Telco is not going to discuss his service arrangments with you, nor will the FCC. As for your sub scribers, unless they have specifically told him they do not wish any further email from him, there is probably not a lot they can do either since there is no such thing as 'unauthorized' email. Anyone is free to write to any email address and attempt to engage in correspondence with that person. The person has to request that it be stopped and then if it continues they can file complaints. The examples you give though are one good reason why I do not entrust the TELECOM Dgiest list to any third party for storage or its maintainence. It stays under my direct control in a directory accessible only to me, with several barricades standing in the way to retrieving it or using it. I made that decision after Spam King was rummaging around in it now almost a year ago. Having Lipsitz also trying to find it -- and he does attempt that -- also gives me the creeps. You need to create your own scripts and mail processing stuff and keep it all under your personal control. By now almost everyone is aware that in many mail software scripts, the name of the mailing list will be found in the header, or the stuff on the very top of the email. They know that two long-time commands in sendmail are VRFY and EXPD, to 'verify' an address and 'expand' on alias names. A vist to the /etc/aliases directory on many computers will produce the names of the mailing lists at that site and how to trigger the lists. It will also -- if you are not real careful -- provide the requestor with a complete printout of all the names on the email list. Not so in my case, and I can only do what I do because I have the list in my immediate possession, in my directory. If you go to /etc/aliases (usually by the verify and expand commands in sendmail if you approach the SMTP socket on another machine) or if you hack root and get on the machine and go directly to that directory you *will* see such things as the 'official' name of my mailing list where sendmail is concerned. But if you attempt to follow the 'alias path' thorugh a circuitous flow back to my directory, you are not going to find the names on the list under that alias. It helps if the postmaster at your site runs sendmail with user 'nobody' who has no privileges than running it under root. But to keep the list chmodded to user only, sendmail as 'nobody' has a hard time dealing with that and requires the list be left read/writeable to 'others'. So in my case, /etc/aliases points to a *script* in my directory which is readable by all, but it is a little one line thing that simply says to run another script. This first little one line script allows me to take control of the process. I feed the stream at that point to a script that *only I* can execute. I do not care if you are root or if you hack me personally. That script won't run unless you *are* me, because of criteria it expects which only I know about. Those miscreants write me every few days from various accounts asking to be added to the Digest mailing list, then a day or two later they ask to be removed. They get an issue or two of the Digest and go through the header carefully hoping to find some reference to the list name there. Of course since I am a trusted user, I use the sendmail flag to diddle up the header however I want ... and they never will find what they are looking for. I get one of Kevin's magazine advertisements at least three or four times per week. I hope it is driving him crazy wondering why he never can latch it and get his mail out to the list. PAT] ------------------------------ Subject: Smart Antennas Workshop at Stanford Univ, July 1996 Date: Sun, 05 May 1996 18:41:27 -0700 From: Sumeet Sandhu Third Annual Workshop on Smart Antennas in Wireless Mobile Communications Stanford University, July 25-26, 1996 The Smart Antennas Research Group at Stanford Univerity will hold the "Third Workshop on Smart Antennas in Wireless Mobile Communications" on July 25 and 26, 1996 at Stanford University. This workshop, the third in the series of successful workshops on the topic, will once again attract a large number of industry participants from all over the world. The workshop will provide a forum for exchanging perspectives on the fast emerging smart antennas technology. A number of technical presentations on the technology, economics and field trials are planned. The goals of the workshop are to assess the state-of-the-art in smart antennas technology, identify pragmatic technology goals for the near and the medium term, estimate the market need for this technology, understand its economics, and thus help the participants gain the best insights into the markets, technology and economics of smart antennas. In addition, the Smart Antennas Research Group at Stanford University will present a half day briefing on pragmatic approaches to embedding this technology in current and future wireless networks. We once again promise a very informative, insightful and exciting workshop! Dates: This one and a half day workshop is scheduled for Thursday and Friday, July 25-26, 1996. Venue: Terman Auditorium, Stanford University, Stanford, California, USA. Format: The workshop will consist of a number of invited technical presentations by industry experts on Thursday, July 25, followed by a half-day briefing by Stanford University staff on Friday, July 26. Who Should Attend: Technical and business management, senior research staff and consultants can benefit from the workshop. The presentations will be at an overview level and will span technology, markets and economics. Registration: In order to maintain a workshop format, only limited registration is planned. To register, complete the registration form and send it along with a check made out to Stanford University, to the address listed on the registration form. A postscript version of the registration form is available at http://www-ISL.Stanford.EDU/groups/SARG/wkshp3.html Fees: Technical sessions (Thursday only): $175 per person Tutorial (Friday only): $300 per person Technical sessions and Tutorial (both days): $400 per person Banquet (Thursday evening): $40 per person Fees will be waived for two individuals from each company sponsoring Smart Antennas research at Stanford. For further information: For registration information, please contact Ms. Kavitha Prabhu, tel: (415) 723-0711 fax: (415) 723-8473 e-mail: kkprabhu@rascals.stanford.edu. For information regarding the technical program, please contact Dr. Constantinos Papadias, e-mail: papadias@rascals.stanford.edu. You may also wish to check our web page, at http://www-ISL.Stanford.EDU/groups/SARG/wkshp3.html ------------------------------ Date: Fri, 03 May 1996 22:40:32 -0500 From: 109HPNSNM3AI@MAIL-CLUSTER.PCY.MCI.NET (Irina A. Strunina) Subject: ICA Announces 1996 Summer Program DATE: 05 May 1996 00:20:00 EDT FROM: strunina@mindspring.com ORGANIZATION: ICA Summer Program Registration The International Communications Association has announced the complete line-up for its annual ICA Summer Program, a week long academic program bringing together the top educators, consultants and industry professionals as instructors in a university setting. The mix of courses featured in the 1996 program is a reflection of where the telecommunications market is going and is a once a year opportunity for network managers, designers, sales support engineers, planners, users, consultants and executives to be briefed by the top educators and consultants in the industry at the University of Colorado at Boulder. This year's program, the 12th ICA Summer Program, features 28 different classes, 6 unique end of day interactive discussion groups and ten hands-on laboratory sessions combining to provide a rich and diverse learning environment. The classes are split into six logical divisions with approximately an equal number of classes in each: Internet Technologies, Fast Packet Technologies, Network Applications, Local Area Networks & Internetworking, Transport & Infrastructure and Management & Regulatory Issues. The cost for the full week of training has been kept to a minimum due to the generosity of many corporate sponsors and is $1,100 for the first ICA member student prior to May 1st / $1,300 after May 1st and $1,350 for the first non-ICA member student prior to May 1st / $1,550 after May 1st which includes all classes, lab fees, dormitory housing, meals and planned activities. There are special discounts for more than one attendee per company. For additional information contact ICA Summer Program Registration at 1-800-328-0840 / 1-770-955-7967 or by fax at 1-770-984-2299 or by email: strunina@mindspring.com. ------------------------------ Subject: Low Cost LAN/WAN Training at UC Boulder Date: 6 May 1996 00:00:00 GMT From: strunina@mindspring.com Organization: ICA Summer Program Registration International Communications Association Summer Program University of Colorado at Boulder Sunday June 2 through Friday June 7, 1996 A week long academic program of the non-profit International Communications Association bringing together the top educators, consultants and industry professionals as instructors in a university setting. This document contains a summary of courses and activities. For additional information, or to register, please Contact: Irina Strunina or Jim Cavanagh 800-328-0840 (US Toll-Free) 770-955-7967 (Direct) 770-984-2299 (FAX) General Information: The International Communications Association Summer Program is a week long academic educational program which has been held at the University of Colorado at Boulder for over a decade. The ICA Summer Program is an annual opportunity for telecommunications managers, directors, planners, consultants and other professionals in ICA member and non-member companies to be briefed on a broad spectrum of key emerging Local Area Network, Campus Area Network, Metropolitan Area Network and Wide Area Network technologies, standards and regulatory issues which will affect them in the year ahead. The ICA Summer Program format also allows opportunities for students to learn through hands-on laboratory exercises as well as from instructors and each other through interactive discussions in unique end-of-day "Patio Sessions". The ICA Summer Program is a complete learning experience and is planned and managed by a committee comprised of ICA member company representatives, vendors, educators, consultants and ICA staff. The Summer Program Committee represents a cross section of the telecommunications industry and is dedicated to providing a program which meets the training requirements of today's telecommunications professional. 1996 Summer Program Sessions At A Glance Internet Technologies Building a Successful Internet Corporate Web Site Internet 101 Incorporating Internet Technologies and Services Within Your Company Internet Access Provider Panel Fast Packet Technologies ATM: A Reality Check Fast Packet Technologies: ATM, Frame Relay and SMDS Frame Relay - How Good Is It ? Strategic and Tactical ATM The Future of Frame Relay Network Applications Coordinated Network/Application Tuning Computer-Telephony Integration (CTI) - Its Affect on Your Network Network Applications Network Centric Computing Local Area Networks and Internetworking Bridges, Routers and Hubs LAN Architecture Evolution LAN Switching vs Routing Network Operating Systems What's New with 802.x ? Transport & Infrastructure Structured Cable Systems The New American Public Network Operators - BOCs or NOT? Wireless Advances Management & Regulatory Issues Enterprise Management - A Practical Perspective on Managing Networks and Systems Global Network Interconnectivity Local Loop Competition Managing Applications on Your Network Networking Career Management Strategies Network Security US Public Policy Update Patio Discussion Sessions Cabling Standards Frame Relay Internet Services Networking Careers Innovative Uses of the Internet Wireless LANs Hands-On Lab Sessions A number of hands-on exercises will be available covering a wide variety of subject areas from Frame Relay to Network Management. More details on exact lab sessions will be available closer to the beginningof the ICA Summer Program. Frame Relay ATM Internet High Speed Wiring and Testing Network Management Computer Based Training Speakers & Panelists Dr. Charles Baker, Southern Methodist University Stan Bush, University of Colorado James P. Cavanagh, Consultant Marvin Chartoff, Ernst & Young, LLP Kent Cox, Optical Data Systems Phil Evans, Perot Systems Dr. John Fike, Texas A&M University Aaron Fosdick, CSD Roosevelt Giles, IMS Christine Heckart, Telechoice, Inc. Jeff Held, Ernst & Young, LLP Paul Heller, Heller Consulting Dr. Phil Hippensteel, Center for Communications Technology Excellence Craig Kanarick, Razorfish Gary Kessler, Hill Associates Laura Knapp, IBM Corporation Jim McCabe, Bay Networks & Full Spectrum Communications Dr. Robert Mercer, Dale Hartfield Associates, Inc. Dr. Thomas M. Oser, Ernst & Young, LLP David Passmore, Decisys, Inc. Carl Pitasi Fred Pratt, I-Net Frank Schoff, Management Recruiters John Smiley, Phoenix Data Net Rick Swirm, Enterprise Management Institute Alan Taffel, uunet Steve Taylor, Distributed Networking Associates Don Van Doren, Vanguard Communications Corporation Kenneth Van Wyk, SAIC Center for Information Protection Jack Ziros, Global One Sponsors The ICA Summer Program is a unique partnership of academia, users, vendors and consultants whose collaboration makes possible this state- of-the-art program. ICA wishes to thank the following companies and organizations for their generous participation and contributions to the Summer Program and overall support of the ICA. Advantis Apple Computer Ascom Timeplex Bay Networks British Telecom CACI Products Co. Center for Communications Technology Excellence Cisco Systems, Inc. CSD Dale Hatfield Associates, Inc. Decisys, Inc. Digital Equipment Corporation Distributed Networking Associates Enterprise Management Institute, Inc. Ernst & Young LLP, Fore Systems France Telecom (ICA Industry Partner) Fujitsu General DataComm, Inc. Global One Heller Consulting Hewlett-Packard Hill Associates IBM Corporation IBM Global Network IMS, Inc. I-Net Institute of Telecommunications Sciences Make Systems, Inc. Management Recruiters MCI Telecommunications Corportation Microsoft National Telecommunications & Information Administration NorTel NYNEX (ICA Industry Partner) Optical Data Systems Perot Systems Corp. Phoenix DataNet Razorfish, Inc. Southern Methodist University StrataCom, Inc. Telecommunications Engineering, Inc. TeleChoice, Inc. Texas A & M University Time Warner Inc. Travelers Insurance University of Colorado UUNET Wandel & Goltermann ------------------------------ End of TELECOM Digest V16 #216 ******************************