Chaos Digest Lundi 5 Avril 1993 Volume 1 : Numero 17 Editeur: Jean-Bernard Condat (jbcondat@attmail.com) Archiviste: Yves-Marie Crabbe Co-Redacteurs: Arnaud Bigare, Stephane Briere TABLE DES MATIERES, #1.17 (5 Avril 1993) File 1--109 Entites reseaux de connectivite internationale File 2--17th Intl. Online Information Meeting (collaboration) File 3--Disponibilites des sources en C pour Macintosh de PGP v2.2 File 4--Clef publique PGP v2.1 File 5--Publication scolaire de e-journaux (these) File 6--Critique de "Rogue Programs", L. Hoffman, ed. Chaos Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost by sending a message to: linux-activists-request@niksula.hut.fi with a mail header or first line containing the following informations: X-Mn-Admin: join CHAOS_DIGEST The editors may be contacted by voice (+33 1 47874083), fax (+33 1 47877070) or S-mail at: Jean-Bernard Condat, Chaos Computer Club France [CCCF], B.P. 155, 93404 St-Ouen Cedex, France. Issues of ChaosD can also be found on some French BBS. Back issues of ChaosD can be found on the Internet as part of the Computer underground Digest archives. They're accessible using anonymous FTP from: * kragar.eff.org [192.88.144.4] in /pub/cud/chaos * uglymouse.css.itd.umich.edu [141.211.182.91] in /pub/CuD/chaos * halcyon.com [192.135.191.2] in /pub/mirror/cud/chaos * ftp.cic.net [192.131.22.2] in /e-serials/alphabetic/c/chaos-digest * ftp.ee.mu.oz.au [128.250.77.2] in /pub/text/CuD/chaos * nic.funet.fi [128.214.6.100] in /pub/doc/cud/chaos * orchid.csv.warwick.ac.uk [137.205.192.5] in /pub/cud/chaos CHAOS DIGEST is an open forum dedicated to sharing French information among computerists and to the presentation and debate of diverse views. ChaosD material may be reprinted for non-profit as long as the source is cited. Some authors do copyright their material, and they should be contacted for reprint permission. Readers are encouraged to submit reasoned articles in French, English or German languages relating to computer culture and telecommunications. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Chaos Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ---------------------------------------------------------------------- Date: Wed Dec 9 07:01:15 -0600 1992 From: lhl@cs.wisc.edu (L.H. Landweber ) Subject: File 1--109 Entites reseaux de connectivite internationale Copyright: Lawrence H. Landweber & the Internet Society, 1992 INTERNATIONAL CONNECTIVITY Version 6 - August 31, 1992 Please send corrections, information and/or comments to: Larry Landweber Computer Sciences Dept. University of Wisconsin - Madison 1210 W. Dayton St. Madison, WI 53706 lhl@cs.wisc.edu FAX 1-608-265-2635 Include details, e.g., on connections, sites, contacts, protocols, etc. Thanks to the many people from around the world who have provided information. In the following, "BITNET" is used generically to refer to BITNET plus similar networks around the world (e.g., EARN, NETNORTH, GULFNET, etc.). Copies of various International Connectivity tables are available by anonymous ftp from ftp.cs.wisc.edu in the connectivity_table directory. Contacts for various countries and postscript versions of world/regional maps showing network connections will also be available in this directory in the near future. SUMMARY NUMBER OF ENTITIES WITH INTERNATIONAL NETWORK CONNECTIVITY = 109 INTERNET Col. 3 (Entities with international IP links.) I: = operational, 46 entities BITNET Col. 2 (Entities with international BITNET links.) b: minimal, < 5 domestic sites, 20 entities B: widespread, >= 5 domestic sites, 29 entities UUCP Col. 4 (Entities with domestic UUCP sites which are connected to the Global Multiprotocol Open Internet.) u: minimal, < 5 domestic sites, 40 entities U: widespread, >= 5 domestic sites, 49 entities FIDONET Col. 5 (Entities with international FIDONET links.) f: minimal, < 5 domestic sites, 15 entities F: widespread, >= 5 domestic sites, 52 entities OSI Col. 6 (Entities with networks offering X.400 services and which are connected to the Global Multiprotocol Open Internet). o: minimal, < 5 domestic sites, 9 entities O: widespread, >= 5 domestic sites, 17 entities Possible email connections to Angola, Gambia, Ghana, Malawi, Mongolia Reunion, Tanzania have not been verified and hence are not included in the table or in the above totals. The Antartica Internet connection appears to be intermittently online. There are Internet hosts in Guam but they do not respond to "ping" and hence are not included. ----- AF Afghanistan (Democratic Republic of) ----- AL Albania (Republic of) ----- DZ Algeria (People's Democratic Republic of) ----- AS American Samoa ----- AD Andorra (Principality of) ----- AO Angola (People's Republic of) ----- AI Anguilla -I--- AQ Antarctica ----- AG Antigua and Barbuda BIUF- AR Argentina (Argentine Republic) --u-- AM Armenia ----- AW Aruba -IUF- AU Australia BIUFO AT Austria (Republic of) ----- AZ Azerbaijan ----- BS Bahamas (Commonwealth of the) b---- BH Bahrain (State of) ----- BD Bangladesh (People's Republic of) ----- BB Barbados --UF- BY Belarus BIUFO BE Belgium (Kingdom of) ----- BZ Belize ----- BJ Benin (People's Republic of) ----- BM Bermuda ----- BT Bhutan (Kingdom of) --u-- BO Bolivia (Republic of) ----- BA Bosnia-Hercegovina ---f- BW Botswana (Republic of) ----- BV Bouvet Island BIUFO BR Brazil (Federative Republic of) ----- IO British Indian Ocean Territory ----- BN Brunei Darussalam b-UF- BG Bulgaria (Republic of) --u-- BF Burkina Faso (formerly Upper Volta) ----- BI Burundi (Republic of) ----- KH Cambodia ----- CM Cameroon (Republic of) BIUFO CA Canada ----- CV Cape Verde (Republic of) ----- KY Cayman Islands ----- CF Central African Republic ----- TD Chad (Republic of) ----- IO British Indian Ocean Territory BIUF- CL Chile (Republic of) --ufO CN China (People's Republic of) ----- CX Christmas Island (Indian Ocean) ----- CC Cocos (Keeling) Islands b-u-- CO Colombia (Republic of) ----- KM Comoros (Islamic Federal Republic of the) ----- CG Congo (Republic of the) ----- CK Cook Islands b-u-- CR Costa Rica (Republic of) --u-- CI Cote d'Ivoire (Republic of) bI-f- HR Croatia --U-- CU Cuba (Republic of) b---- CY Cyprus (Republic of) BIUF- CS Czechoslovakia (Czech and Slovak Federal Republic) bIUFo DK Denmark (Kingdom of) ----- DJ Djibouti (Republic of) ----- DM Dominica (Commonwealth of) --u-- DO Dominican Republic ----- TP East Timor bIu-- EC Ecuador (Republic of) b-u-- EG Egypt (Arab Republic of) ----- SV El Salvador (Republic of) ----- GQ Equatorial Guinea (Republic of) -IUF- EE Estonia (Republic of) ---f- ET Ethiopia (People's Democratic Republic of) ----- FK Falkland Islands (Malvinas) ----- FO Faroe Islands --u-- FJ Fiji (Republic of) BIUFO FI Finland (Republic of) BIUFO FR France (French Republic) --u-- GF French Guiana --u-- PF French Polynesia ----- TF French Southern Territories ----- GA Gabon (Gabonese Republic) ----- GM Gambia (Republic of the) ---f- GE Georgia (Republic of) BIUFO DE Germany (Federal Republic of) ----- GH Ghana (Republic of ) ----- GI Gibraltar BIUFo GR Greece (Hellenic Republic) ---f- GL Greenland ----- GD Grenada --u-- GP Guadeloupe (French Department of) ----- GU Guam ----- GT Guatemala (Republic of) ----- GN Guinea (Republic of) ----- GW Guinea-Bissau (Republic of) ----- GY Guyana (Republic of) ----- HT Haiti (Republic of) ----- HM Heard and McDonald Islands ----- HN Honduras (Republic of) BI-F- HK Hong Kong (Hisiangkang, Xianggang) bIUF- HU Hungary (Republic of) -IUF- IS Iceland (Republic of) bIUfo IN India (Republic of) --uF- ID Indonesia (Republic of) ----- IR Iran (Islamic Republic of) ----- IQ Iraq (Republic of) BIUFo IE Ireland BIUF- IL Israel (State of) BIUFO IT Italy (Italian Republic) --u-- JM Jamaica BIUF- JP Japan ----- JO Jordan (Hashemite Kingdom of) --U-- KZ Kazakhstan ---f- KE Kenya (Republic of) ----- KI Kiribati (Republic of) ----- KP Korea (Democratic People's Republic of) BIUF- KR Korea (Republic of ) ----- KW Kuwait (State of) --U-- KG Kyrgyzstan ----- LA Lao People's Democratic Republic --UF- LV Latvia (Republic of) ----- LB Lebanon (Lebanese Republic) ----- LS Lesotho (Kingdom of) ----- LR Liberia (Republic of) ----- LY Libyan Arab Jamahiriya ----- LI Liechtenstein (Principality of) --UFo LT Lithuania bIuFo LU Luxembourg (Grand Duchy of) ---F- MO Macau (Ao-me'n) ----- MG Madagascar (Democratic Republic of) ----- MW Malawi (Republic of) b-UF- MY Malaysia ----- MV Maldives (Republic of) --u-- ML Mali (Republic of) ----- MT Malta (Republic of) ----- MH Marshall Islands (Republic of the) ----- MQ Martinique (French Department of) ----- MR Mauritania (Islamic Republic of) ---f- MU Mauritius BIuF- MX Mexico (United Mexican States) ----- FM Micronesia (Federated States of) ---F- MD Moldova (Republic of) ----- MC Monaco (Principality of) ----- MN Mongolia (Mongolian People's Republic) ----- MS Montserrat ----- MA Morocco (Kingdom of) --u-- MZ Mozambique (People's Republic of) ----- MM Myanmar (Union of) --u-- NA Namibia (Republic of) ----- NR Nauru (Republic of) ----- NP Nepal (Kingdom of) BIUFO NL Netherlands (Kingdom of the) ----- AN Netherlands Antilles ----- NT Neutral Zone (between Saudi Arabia and Iraq) --u-- NC New Caledonia -IuF- NZ New Zealand --u-- NI Nicaragua (Republic of) --u-- NE Niger (Republic of the) ----- NG Nigeria (Federal Republic of) ----- NU Niue ----- NF Norfolk Island ----- MP Northern Mariana Islands (Commonwealth of the) BIUFO NO Norway (Kingdom of) ----- OM Oman (Sultanate of) --U-- PK Pakistan (Islamic Republic of) ----- PW Palau (Republic of) ---F- PA Panama (Republic of) --u-- PG Papua New Guinea --u-- PY Paraguay (Republic of) --U-- PE Peru (Republic of) --uF- PH Philippines (Republic of the) ----- PN Pitcairn BIUF- PL Poland (Republic of) bIUFO PT Portugal (Portuguese Republic) BIUF- PR Puerto Rico ----- QA Qatar (State of) ----- RE Re'union (French Department of) ----- RO Romania b-UF- RU Russian Federation ----- RW Rwanda (Rwandese Republic) ----- SH Saint Helena ----- KN Saint Kitts and Nevis ----- LC Saint Lucia ----- PM Saint Pierre and Miquelon (French Department of) ----- VC Saint Vincent and the Grenadines ----- WS Samoa (Independent State of) ----- SM San Marino (Republic of) ----- ST Sao Tome and Principe (Democratic Republic of) B---- SA Saudi Arabia (Kingdom of) --uf- SN Senegal (Republic of) --u-- SC Seychelles (Republic of) ----- SL Sierra Leone (Republic of) bIuF- SG Singapore (Republic of) bI-FO SI Slovenia ----- SB Solomon Islands ----- SO Somalia (Somali Democratic Republic) -IUFo ZA South Africa (Republic of) BIUFO ES Spain (Kingdom of) --U-- LK Sri Lanka (Democratic Socialist Republic of) ----- SD Sudan (Democratic Republic of the) --u-- SR Suriname (Republic of) ----- SJ Svalbard and Jan Mayen Islands ----- SZ Swaziland (Kingdom of) BIUFo SE Sweden (Kingdom of) BIUFO CH Switzerland (Swiss Confederation) ----- SY Syria (Syrian Arab Republic) BIuF- TW Taiwan, Province of China --u-- TJ Tajikistan ----- TZ Tanzania (United Republic of) -IuF- TH Thailand (Kingdom of) --u-- TG Togo (Togolese Republic) ----- TK Tokelau ----- TO Tonga (Kingdom of) --u-- TT Trinidad and Tobago (Republic of) bIu-o TN Tunisia B--f- TR Turkey (Republic of) ----- TM Turkmenistan ----- TC Turks and Caicos Islands ----- TV Tuvalu ---f- UG Uganda (Republic of) --UF- UA Ukraine ----- AE United Arab Emirates bIUFO GB United Kingdom (United Kingdom of GB and Northern Ireland) BIUFO US United States (United States of America) ----- UM United States Minor Outlying Islands b-U-- UY Uruguay (Eastern Republic of) --U-- UZ Uzbekistan --u-- VU Vanuatu (Republic of, formerly New Hebrides) ----- VA Vatican City State (Holy See) -IU-- VE Venezuela (Republic of) ----- VN Vietnam (Socialist Republic of) ----- VG Virgin Islands (British) ---f- VI Virgin Islands (U.S.) ----- WF Wallis and Futuna Islands ----- EH Western Sahara ----- YE Yemen (Republic of) ----- YU Yugoslavia (Socialist Federal Republic of) ----- ZR Zaire (Republic of) ---f- ZM Zambia (Republic of) --uf- ZW Zimbabwe (Republic of) ------------------------------ Date: Thu Apr 15 16:39:04 -0500 1993 From: Online93@chaz.demon.co.uk ("Learned Information Ltd." ) Subject: File 2--17th Intl. Online Information Meeting (collaboration) ** ONLINE INFORMATION 93 ** ------------------------------- 7 - 9 December 1993 Olympia 2, London, UK CALL FOR PAPERS Suggested themes for the 17th International Online Information Meeting are set out below - a mixture of exciting up-and-coming developments, techniques and technologies in both established areas as well as newer ones. Of course, it goes without saying that papers on other topics related to the overall Online and CD-ROM conference and exhibition (eg database design and evaluation, search strategies, marketing of information products, CD-ROM utilization etc) will be equally acceptable. We are also seeking suitable demonstrative technologies e.g. - the Internet, creating your own CD-ROMs, et.all. Suggested Themes: - Online and Internet; - Multimedia solutions; - Image handling; - Virtual reality; - New methods of information delivery; - Full full-text (ie the inclusion of graphs, chemical structures, tables, diagrams and pictures as well as text); - Metadatabases (ie information systems which describe other information systems and resources); - Managing online and CD-ROM. This year we also anticipate having panels which will include a mix of users, suppliers and vendors discussing such current topics as: CD-ROM networking experience; Can we use all the databases and CD-ROMs we have already or do we need still more? Where do we go from here with online? Submit an abstract of 300 words to the address below for consideration. You will then be contacted about writing a full paper. All full papers have a deadline of 9 July 1993. For further information contact: The Conference Department Learned Information Woodside Hinksey Hill Oxford, OX1 5AU, UK. Tel: +44 (0)865 730275 Fax: +44 (0)865 736354 Internet: online93@chaz.demon.co.uk ------------------------------ Date: Thu, 15 Apr 1993 22:38:53 GMT From: grady@netcom.com (1016/2EF221 ) Subject: File 3--Disponibilites des sources en C pour Macintosh de PGP v2.2 Repost from: comp-society-privacy@uunet.uu.net *** SOURCE code to Macintosh PGP 2.2 now available via anonymous FTP *** FTP netcom.com CD pub/grady MGET MacPGP2.2src.sea.hqx MGET MacPGP2.2srcSIGNATURE Convert to a Compact Pro self-extracting archive with BinHex 4.0. If appropriate, check the digital signature of the .hqx file with your copy of PGP. (Non-Macintosh users wishing to check the digital signature please note that 'CR' denotes the end-of-line on a Macintosh, not 'LF' or 'CRLF'.) For the purposes of the ITAR act, this 'unclassified technical documenta- tion' is hereby released into the public domain. (However no representation is made as to copyright or other commercial rights that may exist in this package.) Full source code, Symantec THINK C 5.0.4 projects and full user documenta- tion is included for both 68020 and 68000 versions of Pretty Good Privacy, a strong public key encryption and digital signature application using the RSA algorithm patented in the United States and the IDEA cipher patented in Switzerland. No executables are included. Executables are available via anonymous FTP from: * leif.thep.lu.se (Sweden) * night.nig.ac.jp (Japan) * van-bc.wimsey.bc.ca (Canada) * soda.berkeley.edu (P.R. of Berkeley) * src.doc.ic.ac.uk (United Kingdom) * ghost.dsi.unimi.it (Italy) * plaza.aarnet.edu.au (Australia) * nic.funet.fi (Finland) Other's public keys are available from anonymous server sites: (Send message subject "help" for more information.) Internet sites: * pgp-public-keys@junkbox.cc.iastate.edu Michael Graff explorer@iastate.edu FTP: tbird.cc.iastate.edu:/usr/explorer/public-keys.pgp * pgp-public-keys@toxicwaste.mit.edu Derek Atkins warlord@MIT.EDU FTP: toxicwaste.mit.edu:/pub/keys/public-keys.pgp * pgp-public-keys@phil.utmb.edu John Perry perry@phil.utmb.edu FTP: phil.utmb.edu:/pub/pgp/public-keys.pgp * pgp-public-keys@demon.co.uk Mark Turner mark@demon.co.uk FTP: ftp.demon.co.uk:/pub/pgp/pubring.pgp UUCP site: * pgp-public-keys@jpunix.com John Perry perry@jpunix.com The executable application built from these sources has NOT been licensed by RSA Data Security, Inc. nor has the RSA public key algorithm or the IDEA block cipher algorithm been approved by the National Security Agency. This unclassified technical documentation is made available for EDUCATIONAL USE ONLY; possession, distribution, or use of an executable binary built from this source may be a civil or criminal offense. Suggested improvements, bugs, or comments should be directly posted to alt.security.pgp or to the principal developers listed among the source documents. General questions and comments about public key cryptography or the IDEA cipher may be posted to alt.security.pgp or to the sci.crypt Usenet groups. -- grady@netcom.com 2EF221 / 15 E2 AD D3 D1 C6 F3 FC 58 AC F7 3D 4F 01 1E 2F ------------------------------ Date: Wed Jan 20 15:49:42 EST 1993 From: mlf3@Lehigh.EDU (Matt Fante ) Subject: File 4--Clef publique PGP v2.1 -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.1 mQCNAirF5XUAAAEEANL9QBvVl05oXxd3HkWstTNKbuXYuXs3OcrkQ/a2Op3qpqaq m6XgZ7NQFsL4Ueulkuz8ftyvTbAcVKi6YYopt5b4eMDOx0L50jaiGX+YfMBZySCw N7JvYapcDGKU26AKnl+HUo1mF7g9k4qa842qD5TiHSk4/5qrtjUnTidWqgrVAAUR tBxNYXR0IEZhbnRlIDxtbGYzQExlaGlnaC5FRFU+iQBVAgUQKw1Febc87GxCPv3v AQHDwQH9HGxf60wrW/dhzDJQP0A+lgB5ScYW4uklBJ2Jw/RM1tr8QElDfI9NnUyI 3tmmQ9+5Dj2tVedN+ZE9gBxrxdMDgYkAlQIFECsNQILtNQfTXtAG0QEB70wD/jIc znbuzQKlkz5dqmWBKSUn5MxP1kk5Wqcy31YknmmGcvgM7RJpXn0SP97vI+NhpTwA DrYuVtxAWAPRaz6bWeA83DQQ4ZYbV3MacgI+peU6zilE1BDJZbhHKmgHIDf5vBYa 1C1bt3zMu4cQo1TKgGy7XVaOB0h8iWava5MqwHxDiQCVAgUQKwvaoFERd/IOpm4d AQHvhwP8CVc4desQrMN0uud1DyeXl/RgJKOobfo1tQrr2GpeYHakKWrkaDrFhcxK Gbkm2NDSUJZ66AREwHIVY1ob38gb2bGqPvboX//QbZiDFI7lRQQ7gclv0amaNtsJ Zq29uDnDS+9S8HCCBxIjlSWii4cA0545MUhOj64vCLJ5bSzXKB20KE1hdHQgRmFu dGUgPGdsb2NrbWFuQGJpZmYuY2MubGVoaWdoLmVkdT60HE1hdHQgRmFudGUgPG1s ZjNAbGVoaWdoLmVkdT6JAJUCBRArC/nnCaEfMUti9+0BAaeLA/0SFKRJmQZAg1Ub 2DWw6o+ECaKjNKaQUJ50PKOWMGeXcXsZSWbZPWSsE30rAcmsFWNswNbfFBDRNvJg bF5YiLlekOt1h08iM1OkQ5uPlZ+0swufO1Kdx8Z94wnoYjRj/RXaX4crl6LAJTBK 0qditCmP5+vFXrthOQk2E8IVAm+t7okAlQIFECsLzFsUosQWfdSqbwEBCzQD/RSl gaI6i23T4O9OEzowL0vhlRieAIGF/GURf9aL00r8mzlTnj+gcPF/dx42aDbRcr6y g+VynDRsmWUihIf0Um4NqmNpTQUquTUCZgKUa6qK8ZjP/25jTkqwv9zPvv77eDia 0r2tdHj4DrDRE6gQLHiLiVWp78Oj6izzuVTdU74piQCVAgUQKwEbiTUnTidWqgrV AQE/JAP/UMgXYJ2PHRctwW5s+/3qRvFJ+V8KNNAyMIekxzGEUAYTFjkkDhqoUMak /+JZwSJNGutGSM8VWw6yyr4TuuMt5f8VvdQ0pf2SBsFRfxzmBd+Oo0O+5SKjGohu 4hvcyjdynyYWEYuSRtSRbCS8sAk6P1wWuSXnokyBD2HGoIM/C2mJAJUCBRArAeqb 19O/P+E2aCkBAWA+A/4l9tHgYzvgngwJUxq5bFZoPGhMdzFDgzeVPHQEnuz0nJYt HLKWA+2KXae6u67fJK+oL7KLg30Q9ZwRZY6O5xImUZDMWq4Lccr3sUJMiV/Bedn9 8sn2ucmSvzOY4zl5wfLJQOfZfl/CDaFr30BwkXqlQ85rtWY1gynw64PrhWgnig== =C9EE -----END PGP PUBLIC KEY BLOCK----- PGP 2.1 and RIPEM Public Keys Available Upon Request ------------------------------ Date: Mon Apr 5 23:41:04 -0500 1993 From: LUX%DMRHRZ11.BITNET@VTVM1.CC.VT.EDU (Harald Lux ) Subject: File 6--Publication scolaire de e-journaux (these) The Role of Publishers in the Age of Electronically Published Scholarly Journals - Current Situation and Recommendation - Objective: ========== Analysing the publication process of electronic journals shows that the functions of the publisher are often taken over by other participants of the publication chain. Aim of this diploma thesis is to investigate which functions publishers can hold in the age of electronically published scholarly journals under economic aspects. The main focus lies on the distribution via networks. Other electronic forms are seen only as complementary. The general functions of publishers, as found in the literature, are the basis for the representation of the current situation of publishing scholarly journals. This is followed by a separate analysis of the publisher's functions which can be found by electronically published scholarly journals. Each function will be investigated with regard to its economic relevance. Results should be rated recommendations with consideration of possible problems. The thesis concludes with a consolidated analysis of the isolated recommendations. Structure: ========== 1 Foundation 1.1 Electronic Publishing 1.2 Publishers and their Functions 1.2.1 Primary Functions 1.2.1.1 Selection 1.2.1.2 Financing 1.2.1.3 Production 1.2.1.4 Distribution 1.2.2 Complementary Functions 2 Scholarly Journals Today 2.1 Traditional Publication 2.1.1 (Examples) 2.1.2 Functions of the Publisher 2.2 Electronic Publication 2.2.1 Reasons 2.2.2 (Examples) 2.2.3 Functions of the Publisher 3 Possibilities for Publishers in the Age of Electronically Published Scholarly Journals 3.1 Separated Analysis 3.1.1 Primary Functions 3.1.1.1 Selection 3.1.1.2 Financing 3.1.1.3 Production 3.1.1.4 Distribution 3.1.2 Complementary Functions 3.2 Consolidated Analysis -- Harald Lux lux@dmrhrz11.hrz.uni-marburg.de Moischter Str. 45 lux@dmrhrz11.bitnet W-3550 Marburg 7 CIS: 100024,3231 Germany Tel.: +49 228 461853 ------------------------------ Date: Sun Apr 11 14:08:00 -0600 1993 From: roberts@decus.arc.ab.ca ("Rob Slade, DECrypt Editor, VARUG ) Subject: File 6--Critique de "Rogue Programs", L. Hoffman, ed. Copyright: Robert M. Slade, 1993 _Rogue Programs: Viruses, Worms and Trojan Horses_ Ed. Lance J. Hoffman 1990, 0-442-00454-0 Van Nostrand Reinhold c/o Nelson Canada 1120 Birchmont Road Scarborough, Ontario M1K 5G4 Phone: 416-752-9100 Fax: 416-752-9646 Reading the list of contributors to this work was rather like "old home week" at VIRUS-L. The introduction states that the book arose from Hoffman's frustration over the lack of a suitable text for a virus seminar and that the seminar participants compiled the material from available sources. Even one of the seminar participants, Chris Feudo, has recently released a computer virus handbook. Hoffman's "big iron" bias shows through occasionally in his lack of distinction between "network" and "micro" viral programs (someone with a $1000 computer "within days can be writing viruses that attempt to break into world-wide networks") and insists upon destructive and "service denial" capabilities when defining a virus. Overall, however, he tries to present a balanced and realistic view of the virus situation. The essays contained in the book are grouped into five sections. The distinctives between the sections are somewhat clearer than with Denning's "Computers Under Attack". The overall design of the book makes a lot of sense as a textbook (its primary purpose, after all), but may be less lucid to the home or business user looking for specific direction on protection of their system. The first section contains papers that attempt to look at the broad overview of viral type programs. Although this book is primarily intended as a text in computer security courses (presumably at the university level), one still feels the lack of an initial concise and clear statement of what viral programs are today. This desire may be unrealistic: the majority of the works contained in the book were prepared, at least in initial form, prior to 1990. By the time the book was published, however, a larger view of the virus situation should have been possible. Still, as introduction and background material within the context of a virus related course, these papers are all of significant value. The second part relates to social and legal topics. The current state of (American) law figures heavily in this section. The discussion of ethics is quite limited. Karen Forcht's article on the subject is very terse, seemingly being only a report of various surveys. (The most interestingly point I found in it was the contention, by CEOs, that ethics should be taught in the classroom, rather than on the job, which displays either a surprising confidence in the school system, or a definite unwillingness to face the issue themselves.) Parts three and four separate the study of viral programs into the realms of personal (micro) computers and "network" situations. This distinction is important, and it is heartening to see it made here. The opening essay in the micro section, by Hoffman and Brad Stubbs, attempts to walk the line between giving information to the user who needs it without giving too much assistance to virus-writer-wannabes. In my own view it falls somewhat short in this, being perhaps more technical than an introductory article warrants. However, it is a good compilation of the technical background to viral programs in the MS-DOS environment. (The micro section closes on a slightly worse note, with the PC Magazine reviews that are starting to become somewhat infamous in the virus research community.) The network virus section contains the two major "dissections" of the Internet Worm. Surprisingly, however, none of the other major network incidents, such as the CHRISTMA EXEC and the "WANK" worm, are mentioned. Some of the other papers in this section might have more general application to the virus problem overall, such as studies into cryptographic authentication. Others, such as an exploration of viral programs in "electronic warfare" seem to be "blue sky" exscursions with very little relation to reality. The final section is entitled "Emerging Theory of Computer Viruses". It contains two articles by Fred Cohen, and one by Leonard Ableman reporting Fred's findings. With all due respect to Dr. Cohen, there might be room for works by other theoreticians here. As a textbook, this tome contains a diverse range of material well suited to a seminar on viral programs. While some of the material is becoming dated, and some of the points of view are oversimplified, I have not yet found another book as well surited for raising topics for discussion. The one major flaw is the lack of balance and opposition to some of the wilder flights of fancy. It would be well to have someone point out that the human immune system cannot fully be used as an analogy of computer virus defence, or to point out the difficulties involved in transmitting a virus from a radio to a fighter aircraft to a military command centre. In the classroom, of course, this job belongs to the instructor. Those looking for a reference for protection against viral programs may find this book to be unsuitable. It does, however, have a place as background material for those large firms in the process of planning overall corporate data security strategy. Again, it should be used to generate discussion on some issues which other "how to" books do not yet address. (Post scriptum: Lance Hoffman, in responding to the initial draft of this review, has been most gracious. He has also acknowledged the shortcomings of the current version of the book. There are plans for a new version, which may be released some time in 1994. Hopefully the few gaps in the current work will be covered in that.) ------------------------------ End of Chaos Digest #1.17 ************************************ Downloaded From P-80 International Information Systems 304-744-2253