[risks] Risks Digest 22.02

From: RISKS List Owner (riskoat_private)
Date: Thu Apr 04 2002 - 16:55:01 PST

  • Next message: RISKS List Owner: "[risks] Risks Digest 22.03"

    RISKS-LIST: Risks-Forum Digest  Thursday 4 April 2002  Volume 22 : Issue 02
    
       FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
       ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
    
    ***** See last item for further information, disclaimers, caveats, etc. *****
    This issue is archived at <URL:http://catless.ncl.ac.uk/Risks/22.02.html>
    and by anonymous ftp at ftp.sri.com, cd risks .
    
      Contents:
    Announcing Immunix SnackGuard (Crispin Cowan)
    Just because it's funny doesn't mean it isn't real (Donald A. Norman)
    Re: Computers to Cars (David Harmon)
    April Foolishness (PGN)
    Real News on April 1st/KaZaA "leech" network (Nicholas C. Weaver)
    IRS Form W-9095" -- that is NOT ISSUED by the Gov't (Jean Dugger)
    When is fail-safe not fail-safe? (Phil Rose)
    Barclays BACS payment system failure (Lindsay Marshall)
    Gillette's Mach3 creates sales bonanza for thieves (Monty Solomon)
    Yahoo Groups spam alert (John David Galt)
    Yahoo users fume over "spam" switch (Monty Solomon)
    Re: UK ATC failure (Martyn Thomas)
    Re: Software "glitch" changes the colour of the universe (Douglas Siebert)
    Re: Loosing It's Grammer Skill's (Bruce Wampler)
    Re: The RISK of ignoring permission letters (Edward Reid)
    REVIEW: "Computer Forensics", Warren G. Kruse II/Jay G. Heiser (Rob Slade)
    Black Hat CFP (Jack Holleran)
    Abridged info on RISKS (comp.risks)
    
    ----------------------------------------------------------------------
    
    Date: Mon, 01 Apr 2002 08:54:41 -0800
    From: Crispin Cowan <crispinat_private>
    Subject: Announcing Immunix SnackGuard
    
    New Product Release: SnackGuard
    WireX Communications, Inc., 1 Apr 2002
    
      [This arrived too late for the April Fool's Issue, but
      better late than never?  (Or better never than later?)  PGN]
    
    WireX is pleased to announce the latest addition to the Immunix family of
    security tools: SnackGuard. SnackGuard effectively guards your favorite
    snacks in the break room from "snack smashing" attacks: the predations of
    other hungry engineers. This protection is especially vital in these trying
    times of unemployment, when nomadic tribes of hunter/gatherer geeks roam the
    halls of once mighty dot.com's in search of food and caffeine.
    
    Following on StackGuard's "canary" defense, SnackGuard employs WireX's
    patent-pending "turkey" defense: when SnackGuard detects the "gobbling"
    noise of some turkey scarfing down your favorite pop tarts and heavily
    caffeinated beverages, it issues a pink slip, halting the gobbler.
    
    While SnackGuard is effective in defending your snacks, it is not without
    costs. SnackGuard increases run time when you are running to catch the bus
    or the elevator, in that successful defense of your snacks tends to increase
    "programmer's butt". Excessive consumption of caffeinated beverages without
    intervening bathroom breaks may also induce personal "buffer overflows".
    
    While SnackGuard is "free speech", it is not "free beer": you may modify and
    distribute this gag as you wish, but go buy your own brewskis.
    
    Crispin Cowan, Ph.D., Chief Scientist, WireX Communications, 
    Inc. http://wirex.com  Security Hardened Linux Distribution http://immunix.org
    
    ------------------------------
    
    Date: Tue, 2 Apr 2002 18:13:06 -0600
    From: "Donald A. Norman" <donat_private>
    Subject: Just because it's funny doesn't mean it isn't real
    
    In this year's April Fool edition, RISKS-22.01, our fearless moderator
    reprinted that old item that purports to be from the auto industry: if we
    made cars like computers, we'd always be crashing, rebooting, upgrading, ...
    
    In particular, item 10 stated:
    
    10. You'd have to press the "Start" button to turn the engine off.
    
    Just because it's funny doesn't mean it's not real.  The automobile industry
    is copying all the worst features of the computer industry, ignoring all the
    advances in user-interface design, and all the lessons about safety. I fear
    that someone in the industry a few years ago missed the significance of the
    date "April 1" in the United states. They took it seriously.
    
    I point your attention to the new BMW Series 7 automobile. The key is simply
    a personal identifier that instructs the car to adjust the seat, mirrors,
    steering column, etc. to the key owner's preferences. To start the engine,
    push the "Start" button. To turn the engine off? Push the same "Start"
    button. That takes care of Pont number 10 in the "joke."  (To be fair, the
    button is actually labeled START STOP, but then again, so too should the MS
    Windows button.)
    
    But it gets worse. The New 7 series BMW no longer has all those knobs and
    buttons that clutter up the dashboard - you know, where each knob does one
    thing that you can count on. Instead, it has a single controller located on
    the center console that "functions similarly to a computer mouse." It drives
    a display in the center of the dashboard. It is called the iDrive: i for
    "intuitive") (Don't get me started on intuitive. You know what's intuitive?
    Fear of heights. Everything else we call intuitive, such as walking or using
    a pencil took years of practice. Is that what we want? A control that takes
    years of practice?)
    
    The iDrive plus display, says the sales brochure, is a "user-friendly
    interface (that) offers quick access to over 700 settings, plus navigations
    system maps, phone book listings, and more" One control, one display -- 700
    settings? What were they thinking?
    
    As USA Today put it: "it manages to complicate simple functions beyond
    belief."  Auto review said "iDrive is not simple, no matter how clean it
    looks to the naked eye. ... Our advice ... Is to ... retain basic manual
    controls for functions that are used every day.")
    
    I work in the field of usability and safely. I am appalled. I do, however,
    have to keep an open mind. After all, I have not tested it. I did sit in the
    front seat in a showroom, but with everything turned off.  I should drive it
    down the highway -- or better, a crowded city street - and test the
    iDrive. Set a new radio station, check the directions to my destination, see
    how much fuel I have left, adjust the temperature of the interior -- things
    I might actually do while driving.  Only then can I pass judgment.  Until
    then, I'm simply delighted that I am not planning to buy one. Alas, BMW
    promises that the features will migrate downward to all their autos.
    
    Beware of April Fool jokes: they may come back to haunt you.
    
    Don Norman, Computer Science,  Northwestern University
    Nielsen Norman Group normanat_private   http://www.jnd.org
    
    ------------------------------
    
    Date: Thu, 04 Apr 2002 14:09:10 -0800
    From: David Harmon <sourceat_private>
    Subject: Re: Computers to Cars
    
    >6. The oil, water temperature, and alternator warning lights would all be
    >replaced by a single "General Protection Fault" warning light.
    
    It's labeled "Check Engine".  But opening the engine compartment and
    checking ("Yup, still there.") accomplishes little; instead you need to
    read some diagnostic code by plugging in a debugger that was not furnished
    when you bought the car.
    
    ------------------------------
    
    Date: Thu, 4 Apr 2002 12:21:17 PST
    From: "Peter G. Neumann" <neumannat_private>
    Subject: April Foolishness
    
    Quite a few people have apparently gone to Amazon.com to order "Hacking For
    Dummies" -- a bogus (i.e., nonexistent) book reviewed by Rob Slade in
    RISKS-22.01.  Perhaps, not surprisingly, the ISBN bears a strange
    resemblance to the ISBN for "S*x for Dummies".  We have to call a Slade a
    Slade.  Perhaps his review was too subtle?  Perhaps your fearless moderator
    needs to be more obvious in highlighting April Fools' items, besides putting
    it up front in the issue rather than buried in its usual end-of-the-issue
    position?  Aw, come on!  April Fool's Day is seemingly a worldwide
    tradition, and that's part of the fun.
    
    ------------------------------
    
    Date: Wed, 3 Apr 2002 14:00:47 -0800 (PST)
    From: "Nicholas C. Weaver" <nweaverat_private>
    Subject: Real News on April Fool's Day: KaZaA "leech" network
    
    As reported on 1 Apr 2002,
      http://news.com.com/2100-1023-873181.html
    Brilliant Digital has been distributing 2 programs with KaZaA [1], one of
    which allows 3D, animated banner adds (ala Flash for 3D), and the second
    being the framework for what can only be described as a "leech" peer to peer
    network: using unused bandwidth, storage, and processor cycles on client
    machines to do tasks like banner advertisement serving, distributed
    computation, and distributed storage.
    
    The second program is not complete, but is basically a Trojan which can be
    woken up to create this network.  Being on April 1st, it smelled like an
    April Fool's prank, just far enough out to be believable, but not quite
    right.
    
    Unfortunately, this isn't a hoax, but is 100% true.  Firstly, an e-mail with
    the reporter confirms that this was based on an interview with the CEO
    (possibly a point of fraud) and the SEC filings (annual report, form 10KSB).
    One could believe that the reporter was hoaxed by the CEO, but the SEC
    filings are presumed to be accurate in such matters.
    
    Reading the SEC filings
      http://biz.yahoo.com/e/020401/bde.html 
    confirms that this is what they are doing and HAVE been doing: the Trojan
    has been and continues to be distributed as part of KaZaA "third party"
    software, and they plan on creating a distributed, secure, network for
    distributed storage, bandwidth, and computation using this Trojan.  And by
    installing the 3rd party software, KaZaA users have already agreed to these
    terms and conditions.
    
    What are the RISKS, let me count the ways:
    
    1) Serious news being released on 1 Apr.  This is actually a pretty BIG
    deal: this story should have real legs, the implications are pretty
    astounding.  But apart from being posted on slashdot (and being largely
    dismissed as April 1st), and being mirrored on MSN, it doesn't seem to have
    spread beyond that.
    
    2) Trojans being "legitimately" installed as part of various applications.
    And if this forms a distributed network upon activation, this is another
    huge security risk.  [2]
    
    3) That some company thinks it can do "secure" content delivery using
    untrusted clients (not just untrusted, but rater hostilly acquired).  Secure
    storage is reasonable (encrypt everything, distributed copies) but still
    hard.  Secure distributed computation is very hard (an open research area,
    outside some very select problems), and secure distribution of bandwidth
    (say, for add serving) is a total crack-pipe dream.
    
    4) The unwavering acceptance of license agreements on the part of users (who
    are so conditioned to click "OK").
    
    [1] KaZaA's business model is "we give the program free, but charge
    people to bundle mandatory/voluntary programs with our download".
    
    [2] Peer To Peer networks are hideously vulnerable to both active
    worms (which can spread quickly using the inherent topology) and
    contagion worms (which masquerade as "normal" traffic).  Be Afraid.
    Be Very Afraid.
    
    Nicholas C. Weaver <nweaverat_private>
    
    ------------------------------
    
    Date: Fri, 29 Mar 2002 00:29 -0000
    From: Adam Shand (via Lindsay Marshall)
    To: WordUp List
    Subject: IRS Form W-9095" -- that is NOT ISSUED by the Gov't
    
    Given the source of who sent this to me this is almost certainly legit.
    Just be aware.
    
    Adam.
    
     - --------- Forwarded message ----------
    Date: Thu, 28 Mar 2002 17:52:30 -0500
    Subject: "IRS Form W-9095" - that is NOT ISSUED by the Gov't
    
    FYI....
    
    I personally know the person who posted this information and she does work
    for the USSS.  I have not seen the document yet so if you have any questions
    direct them to Jean Dugger directly.
    
    -----Original Message-----
    Sent: Thursday, March 28, 2002 3:57 PM
    To: METROTECH-Lat_private
    Subject: "IRS Form W-9095" - that is NOT ISSUED by the Gov't
    
    To - ALL METRO TECH MEMBERS (PARTICULAR INTEREST - BANK SECURITY)
    Fm - Jean Dugger, U S Secret Service
    SUBJ - IRS Form - not from the Government....
    
    Just when you think you've heard it all....you find out you haven't!!
    
    Today, we were notified by a bank security good friend of the USSS that
    a form "W-9095" is circulating - which was accompanied by a letter,
    looking much like an official letterhead of the bank, requesting their
    customer to complete the form and fax it back to phone #914-470-9245.
    
    I'm sure you'll be surprised to learn that the form requested all kinds
    of personal identifier information - ie, name, DOB, SSN, address, phone,
    parents' names and mother's maiden name - just about everything you
    would need to set up shop doing identity fraud!!
    
    Luckily, a customer of the bank brought the form into a branch, to turn
    it in, and bank security was alerted.
    
    The form, called an "Application Form For Certificate Status/Ownership
    For Withholding Tax", is quite a work of art - and I feel sure that it
    has been widely distributed - my concern is that it could be VERY
    widespread - perhaps by some former employee(s) who could gain access to
    bank customer records base - and send out such a thing!
    
    The form, official looking as it is, claims to be a "Department of the
    Treasury Internal Revenue Service" form - which it is NOT.  I have
    forwarded this info to IRS Internal investigations to see if they would
    take a look at it.
    
    I will bring copies to share at MetroPol Fraud next week!  My thought is
    that someone worked way too hard on this form to limit it's distribution
    to even one bank's customers!  BE AWARE!
    
    The bank letter is signed "Monique Meeuws" - and smells a lot like a
    "419" letter scam!!
    
    Please notify the U S Secret Service - me or Chad Laub, 404-331-6111, if
    you identify these forms circulating to your customers!!
    
    For the info of credit union organizations - please feel free to post
    this message on your systems as well.
    
    We are looking into this and trying to develop more information.  Please
    call me if you have info.  More details to follow!
    
    Jean, USSS
    
    ------------------------------
    
    Date: Thu, 4 Apr 2002 11:40:16 +0100
    From: "Phil Rose" <pvroseat_private>
    Subject: When is fail-safe not fail-safe?
    
    Authorities are trying to restore order at a maximum security jail after an
    electrical storm led to the failure of cell locks.
    <http://news.bbc.co.uk/go/em/-/hi/english/uk/scotland/newsid_1910000/1910131.stm>
    
    A lightning strike destroyed an electricity sub-station supplying power to
    Shotts prison in Central Scotland, and the cell locks defaulted to what
    should be the fail-safe for electronic door locks - open. However should
    that be the case in a prison? Luckily for us who live close by the main
    prison security is still mechanical.
    
    The risks - fail-safe modes must be carefully designed for the system
    application: don't rely on the component default fail-safe mode.
    
    ------------------------------
    
    Date: Sun, 31 Mar 2002 21:31:27 +0100
    From: "Lindsay Marshall" <Lindsay.Marshallat_private>
    Subject: Barclays BACS payment system failure
    
    Barclays BACS payment system failed last week, and a large number of people
    did not get their pay check in their bank account. Normally this would not
    be a huge problem, but because it is Easter and so has two bank holidays
    leading up to the last day of the month it is a huge disaster. I don't know
    the details of the software problem at all, but arrangements were made with
    banks to extend credit and Barclay's said they would pay any bank charges
    that anyone incurred because of not being paid. I am astonished that Pete
    Mellor hasn't sent you details. If you have a look on any of the UK
    newspapre sites for last week you will find something about it.
    
    ------------------------------
    
    Date: Sun, 31 Mar 2002 14:38:09 -0500
    From: Monty Solomon <montyat_private>
    Subject: Gillette's Mach3 creates sales bonanza for thieves
    
    Razor burn: 
    Runaway popularity of Gillette's Mach3 creates a sales bonanza for thieves
    
    Gillette is taking steps to stem the flow of stolen Mach3 products.  Perhaps
    the most important, Szynal said, is a pioneering antitheft technology
    consortium at the Massachusetts Institute of Technology sponsored by
    Gillette, Procter and Gamble, and other large consumer-products companies.
    The MIT scientists are developing a microchip that, once embedded in the
    packaging of the Mach3 and other products, would allow the product to be
    tracked from factory to warehouse to retailer and everywhere in between. The
    chip, which began a one-year field test in Oklahoma in October, will allow
    Gillette security officials to scan products for sale at a flea market and
    determine where they came from.  [Excerpt]
      http://www.boston.com/dailyglobe2/089/business/Razor_burn+.shtml
    
    ------------------------------
    
    Date: Sun, 31 Mar 2002 15:27:51 -0800
    From: John David Galt <jdgat_private>
    Subject: Yahoo Groups spam alert
    
    Yahoo has apparently made a sneaky change to the "Marketing Preferences" of
    all subscribers to mailing lists on yahoogroups.com, changing all their
    "No's" to "Yes".  The result will be not only a load of spam, but also junk
    mail and even junk phone calls if your address or phone number are on file
    with Yahoo.
    
    To change them back: Go to Yahoo Groups (http://groups.yahoo.com) and sign
    in.  Go to My Groups and click on Account Info, verify your password if it
    asks you to, and your Yahoo ID card comes up.  Click on 'Edit your Marketing
    Preferences' and change all those Yes's back to No's.  Click Save Changes.
    
    ------------------------------
    
    Date: Sat, 30 Mar 2002 00:44:39 -0500
    From: Monty Solomon <montyat_private>
    Subject: Yahoo users fume over "spam" switch
    
    Yahoo users fume over "spam" switch, By Jim Hu, CNET News.com, 29 Mar 2002
    
    Some Yahoo members on Friday reacted angrily to changes in the Web portal's
    e-mail marketing practices, comparing the company's revised policy to an
    open invitation to spam.
    
    "I never received any notification about this from Yahoo," one annoyed
    reader wrote in an e-mail to CNET News.com. "I was merely lucky enough to
    have a friend warn me about it."
    
    The ire stems from changes in Yahoo's "marketing preferences" page, which
    the company uses to secure permission to send service promotions. Along with
    other changes to the page, Yahoo said it had reset the default preferences
    for all members in a way that would require them to manually request that
    the company block the messages in the future--even if they had declined to
    accept such e-mail in the past.  ...
    
    http://news.com.com/2100-1023-871730.html
    
    ------------------------------
    
    Date: Fri, 29 Mar 2002 20:59:10 -0000
    From: "Martyn Thomas" <martyn@thomas-associates.co.uk>
    Subject: Re: UK ATC failure
    
    > ... this computer was not connected with the computers at... Swanwick ATC
    >  ["connected with" is of course ambiguous in this context.  PGN-ed]
    
    The failing system was the National Airspace System, NAS, according to press
    reports. This provides Flight Data Processing for Swanwick. "Connected to",
    rather than "connected with"?
    
    Martyn Thomas, Holly Lawn, Prospect Place, Bath BA2 4QP  01225 335649
    
    ------------------------------
    
    Date: Sat, 30 Mar 2002 20:19:21 +0000 (UTC)
    From: dsiebertat_private (Douglas Siebert)
    Subject: Re: Software "glitch" changes the colour of the universe 
      (Mellor, RISKS-21.98)
    
    And since then they have announced that they weren't calculating it
    correctly (an algorithm error, as opposed to a software glitch) and that it
    is in fact salmon.  I think its safe to say that these guys really have no
    idea what color the universe is.  Looks mostly black to me, maybe I'm
    looking in the wrong direction :)
    
    Douglas Siebert                          dsiebertat_private
    
    ------------------------------
    
    Date: Fri, 29 Mar 2002 14:06:13 -0700
    From: Bruce Wampler <bruceat_private>
    Subject: Re: Loosing It's Grammer Skill's (RISKS-21.94-96)
    
    The current discussion on Spelling/Grammar prompts me to add some comments
    from my personal, first-hand perspective on the issue. I was the original
    developer of one of the first successful commercial grammar checkers -
    Grammatik.  The major development of grammar checkers was at its peak in the
    late 1980's and early 1990's.
    
    One of the most distressing things to me is the fact that the quality of
    both spelling and grammar checking software available today is no better
    than it was almost 10 years ago. How did this happen?
    
    It may be hard to remember, but as recently as 1993 or 1994, you still had a
    real choice of what word processor you used. Today, Microsoft has a virtual
    monopoly with Word.  In 1992, Microsoft decided that the state of grammar
    checking had gotten both good and essential enough that one should be
    integrated with Word. This decision has had many effects on the state of
    grammar checking.
    
    In 1992, there were at least four grammar checkers available that could be
    considered state of the art, or nearly so. Microsoft chose one, and
    WordPerfect followed their lead by acquiring my company. The other companies
    faded into oblivion, with the ultimate result that, after a couple of years,
    there was no major new R&D going on with English grammar checking (to the
    best of my knowledge).
    
    Because of this chain of events, the grammar checker you get today in Word
    is not significantly better than the grammar checker you might have used
    almost 10 years ago. This is really sad because we were making great
    improvements in the quality and accuracy of the software, and had the
    development continued, there is little doubt that many of deficiencies of
    grammar checking would have been overcome.
    
    Unfortunately, as long as Microsoft considers the current grammar checking
    good enough, and as long as Word remains the dominant word processor, there
    will be little or no incentive for anyone to independently develop better
    grammar checkers. The RISK in this? Monopoly and complacency.
    
    (This note has been spell checked, but not grammar checked. No grammar
    checking available for my e-mail software...)
    
    Bruce E. Wampler, Ph.D., Author of the V C++ GUI Framework
    bruceat_private  http://www.objectcentral.com
    
    ------------------------------
    
    Date: Sun, 31 Mar 2002 10:06:44 -0500
    From: Edward Reid <edwardat_private>
    Subject: Re: The RISK of ignoring permission letters (Blaak, RISKS-21.98)
    
    > Does this not have direct precedence with snail mail? I am imagining CD
    > clubs here. You can't be legally obligated by anything that you receive in
    > the mail and just throw away.
    
    However, at least in the US it took legislation to establish the 
    principle that receipt of unsolicited merchandise incurs no obligation 
    on the recipient. I think this occurred roughly 40 years ago, but I 
    don't have a reference and a quick search on "unsolicited merchandise" 
    makes it apparent that there are now many relevant laws.
    
    Before such legislation was enacted, some merchants sent merchandise 
    unsolicited and then dunned the unwilling recipients for payment unless 
    they paid for return shipping. I don't know whether such merchants 
    could actually collect in the face of determined opposition, but in 
    most cases the individual recipient simply didn't have the resources to 
    contest the bill.
    
    If there's a lesson to be learned from the parallel between snail mail 
    and e-mail, it's that individuals often need to be empowered by 
    legislation to effectively resist commercial abuse.
    
    ------------------------------
    
    Date: Tue, 26 Mar 2002 07:45:49 -0800
    From: Rob Slade <rsladeat_private>
    Subject: REVIEW: "Computer Forensics", Warren G. Kruse II/Jay G. Heiser
    
    BKCMPFRN.RVW   20020221
    
    "Computer Forensics", Warren G. Kruse II/Jay G. Heiser, 2001,
    0-201-70719-5, U$39.99/C$59.95
    %A   Warren G. Kruse II wkruseat_private
    %A   Jay G. Heiser
    %C   P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario M3C 2T8
    %D   2002
    %G   0-201-70719-5
    %I   Addison-Wesley Publishing Co.
    %O   U$39.99/C$59.95 416-447-5101 fax: 416-443-0948 bkexpressat_private
    %P   392 p.
    %T   "Computer Forensics: Incident Response Essentials"
    
    I'm still disappointed that authors seem to think computer forensics is
    limited to data recovery, but this work at least has utility value going for
    it.
    
    Chapter one is a rough outline of data recovery, with an emphasis on
    documentation and the chain of evidence.  Basic information about IP
    addressing, for the purpose of tracing intruders, is given in chapter two:
    it is useful and does not drown the reader in inconsequential details.
    (There is an oddly vitriolic dismissal of the story of the origin of the
    term for Packet INternet Groper.)  A valuable discussion of e-mail headers,
    and a very terse outline of intrusion detection systems (IDS) are also
    included.  Hard drive basics and concepts are given in chapter three.  The
    material is generally good, but some points on imaging and connecting are
    passed over rather quickly.  Chapter four has a reasonable high-level
    overview of encryption abstractions, but it is difficult to see the
    immediate relevance of the material to forensics.  "Data Hiding," chapter
    five, contains some meandering topics that range from password cracking to
    NTFS (NT File System) streams to steganography.  A few tools for dealing
    with these problems are listed.  The description of hostile code, in chapter
    six, matches that of weeds in gardening: anything you don't want.  It is,
    therefore, unsurprising to find that the content, while basically sound, is
    not particularly structured or helpful.
    
    A list of software (and some hardware) tools are described in chapter seven.
    Chapter eight explains a number of points about the Windows operating system
    that might affect data recovery and forensics.  (The material discussed is
    not, unfortunately, exhaustive, although it is very useful as far as it
    goes.)  The introduction to UNIX, in chapter nine, is more structured and
    detailed, although it examines fewer specific tools.  Chapter ten's general
    overview of an attack on a UNIX system is fairly standard, although there is
    a useful table of commonly compromised system utilities.  A wide variety of
    tools and commands for collecting information from and about UNIX systems is
    given briefly in chapter eleven.
    
    Chapter twelve is a short introduction to general concepts in the (US) law
    enforcement system.  The last chapter is a rather abrupt finish to the book.
    There are seven appendices, the most useful of which is a handy point form
    overview of incident response activities.
    
    Computer forensics books are starting to come out of the woodwork, and most
    offer such sage advice as "gather evidence" and "don't mess up the chain of
    custody."  This book does tend to follow the same style and tone, but also
    has very valuable tips for practical work.  It won't help you much in
    analysis, but it will help you become better at collecting data that will
    stand up in court.
    
    copyright Robert M. Slade, 2002   BKCMPFRN.RVW   20020221
    rsladeat_private  rsladeat_private  sladeat_private p1at_private
    http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade
    
    ------------------------------
    
    Date: Wed, 3 Apr 2002 13:17:21 -0500
    From: Jack Holleran <Holleranat_private>
    Subject: Black Hat CFP
    
    Papers and presentations are now being accepted for the Black Hat Briefings 
    2002 conference. The conference is held from July 31-August 1, 2002 at the 
    Caesars Palace Hotel and Resort in Las Vegas, NV, USA. Papers and requests 
    to speak will be received and reviewed until May 1, 2002.
    
    Please read the full announcement at:
    http://www.blackhat.com/html/bh-usa-02/bh-usa-02-cfp.html
    
    ------------------------------
    
    Date: 29 Mar 2002 (LAST-MODIFIED)
    From: RISKS-requestat_private
    Subject: Abridged info on RISKS (comp.risks)
    
     The RISKS Forum is a MODERATED digest.  Its Usenet equivalent is comp.risks.
    => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
     if possible and convenient for you.  Alternatively, via majordomo,
     send e-mail requests to <risks-requestat_private> with one-line body
       subscribe [OR unsubscribe]
     which requires your ANSWERing confirmation to majordomoat_private .
     [If E-mail address differs from FROM:  subscribe "other-address <x@y>" ;
     this requires PGN's intervention -- but hinders spamming subscriptions, etc.]
     Lower-case only in address may get around a confirmation match glitch.
       INFO     [for unabridged version of RISKS information]
     There seems to be an occasional glitch in the confirmation process, in which
     case send mail to RISKS with a suitable SUBJECT and we'll do it manually.
       .MIL users should contact <risks-requestat_private> (Dennis Rears).
       .UK users should contact <Lindsay.Marshallat_private>.
    => The INFO file (submissions, default disclaimers, archive sites,
     copyright policy, PRIVACY digests, etc.) is also obtainable from
     http://www.CSL.sri.com/risksinfo.html  ftp://www.CSL.sri.com/pub/risks.info
     The full info file will appear now and then in future issues.  *** All
     contributors are assumed to have read the full info file for guidelines. ***
    => SUBMISSIONS: to risksat_private with meaningful SUBJECT: line.
    => ARCHIVES are available: ftp://ftp.sri.com/risks or
     ftp ftp.sri.com<CR>login anonymous<CR>[YourNetAddress]<CR>cd risks
       [volume-summary issues are in risks-*.00]
       [back volumes have their own subdirectories, e.g., "cd 21" for volume 21]
     http://catless.ncl.ac.uk/Risks/VL.IS.html      [i.e., VoLume, ISsue].
       Lindsay Marshall has also added to the Newcastle catless site a
       palmtop version of the most recent RISKS issue and a WAP version that
       works for many but not all telephones: http://catless.ncl.ac.uk/w/r
     http://the.wiretapped.net/security/info/textfiles/risks-digest/ .
     http://www.planetmirror.com/pub/risks/ ftp://ftp.planetmirror.com/pub/risks/
    ==> PGN's comprehensive historical Illustrative Risks summary of one liners:
        http://www.csl.sri.com/illustrative.html for browsing,
        http://www.csl.sri.com/illustrative.pdf or .ps for printing
    
    ------------------------------
    
    End of RISKS-FORUM Digest 22.02
    ************************
    



    This archive was generated by hypermail 2b30 : Thu Apr 04 2002 - 18:21:33 PST