[risks] Risks Digest 22.73

From: RISKS List Owner (riskoat_private)
Date: Tue May 20 2003 - 16:41:38 PDT

  • Next message: RISKS List Owner: "[risks] Risks Digest 22.74"

    RISKS-LIST: Risks-Forum Digest  Tuesday 20 May 2003  Volume 22 : Issue 73
    
       FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
       ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
    
    ***** See last item for further information, disclaimers, caveats, etc. *****
    This issue is archived at
      http://catless.ncl.ac.uk/Risks/22.73.html
    and by anonymous ftp at ftp.sri.com, cd risks .
    
      Contents:
    Time synchronization error leads to mistaken arrests (Timothy J. Miller)
    U.S. cracks down on Internet fraud (NewsScan)
    Intel says Itanium 2 error can crash servers (Monty Solomon)
    MS Windows crash traps Thai politician in car (Robert J. Berger via 
      Dave Farber)
    Internet worm disguised as e-mail from Microsoft (Monty Solomon)
    Microsoft toilet project wasn't hoax (NewsScan)
    The Exterminator (Monty Solomon)
    Immature air-traffic controllers? (Carl Fink)
    The Great Capacitor Scare of 2003 (Jay R. Ashworth)
    Los Altos Vault & Safe Deposit Co. (Drew Dean)
    Risk of automatic type conversion (Dave Brunberg)
    Earthlink awarded $16M in spamages (NewsScan)
    Potential Chilling Effect: IEEE publications and DMCA (Sean Smith)
    Re: OpenBSD release protects against buffer-overflow attacks (Mike Albaugh)
    Re: more spelling-checker follies? (Bill Hopkins, Bill Stewart)
    REVIEW: "802.11 Security", Bruce Potter/Bob Fleck (Rob Slade)
    REVIEW: "Mobile VPN", Alex Shneyderman/Alessio Casati (Rob Slade)
    Abridged info on RISKS (comp.risks)
    
    ----------------------------------------------------------------------
    
    Date: Tue, 20 May 2003 11:11:31 -0500
    From: "Timothy J. Miller" <cerebusat_private>
    Subject: Time synchronization error leads to mistaken arrests 
    
    http://www.azstarnet.com/star/Tue/30520SIERRAVISTACHARGES.html
    
      A grainy picture from an ATM surveillance camera aired by TV's "America's
      Most Wanted" connected three Sierra Vista residents to a June 2002
      strangulation murder of a woman in Maryland.  The mom, daughter and
      friend, authorities had said, were believed to have been trying to use the
      murder victim's bank card.  The problem with that link, investigators now
      concede, is that the time recorded by the camera was three minutes off the
      time recorded by the ATM.
    
    The risks should be obvious; critical logs should be reliably synchronized
    either to each other or an independent source.
    
      [For non-ATM users, here ATM means Automated Teller Machine, although this
      bank transaction seems to have created a new form of Asynchronous Transfer
      Mode.  Perhaps another use of the acronym might be Awfully Terrible
      Monitoring.  PGN]
    
    ------------------------------
    
    Date: Fri, 16 May 2003 09:44:28 -0700
    From: "NewsScan" <newsscanat_private>
    Subject: U.S. cracks down on Internet fraud
    
    The Justice Department has charged more than 130 people with perpetrating a
    variety of Internet scams, as well as identity theft and failure to deliver
    goods purchased online. The crackdown, dubbed Operation E-Con, involved more
    than 90 investigations involving 89,000 victims whose losses totaled at
    least $176 million. In one case, the suspects used a Web site to sell more
    than $2 million worth of pharmaceutical drugs without any prescriptions or
    physician involvement with the purchasers. In another scam, about 400 men
    lost about $3,000 each when they sent money off in the hope of winning the
    hand a Russian bride. Other scams promoted fraudulent investment
    opportunities, Ponzi-type pyramid schemes and the illegal sale of
    copyright-protected software, games and movies. Officials say they've
    managed to recover about $17 million from alleged perpetrators.
      [AP/Siliconvalley.com, 16 May 2003; NewsScan Daily, 16 May 2003]
      http://www.siliconvalley.com/mld/siliconvalley/news/editorial/5876738.htm
    
    ------------------------------
    
    Date: Tue, 13 May 2003 00:48:12 -0400
    From: Monty Solomon <montyat_private>
    Subject: Intel says Itanium 2 error can crash servers
    
    Intel Corp. said that a flaw in some of its Itanium 2 microprocessors could
    cause systems running the high-end chip to shut down or crash under certain
    conditions.  [Source: Matthew Fordahl, AP, 12 May 2003]
      http://finance.lycos.com/home/news/story.asp?story=34164664
    
    ------------------------------
    
    Date: Tue, 13 May 2003 17:31:11 -0700
    From: "Robert J. Berger" <rbergerat_private>
    Subject: MS Windows crash traps Thai politician in car (From Dave Farber's IP)
    
    Crashed Computer Traps Thai Politician, 14 May 2003
     http://aardvark.co.nz/daily/2003/n051301.shtml
    
    Thailand's Finance Minister Suchart Jaovisidha had to be rescued today from
    inside his expensive BMW limousine after the onboard computer crashed,
    leaving the vehicle immobilized.
    
    Once the computer failed, neither the door locks, power windows nor air
    conditioning systems would function, leaving the Minister and his driver
    trapped inside the rapidly heating vehicle.
    
    Despite the pair's best efforts, it took a full ten minutes before they were
    able to summon the attention of a nearby guard who freed the two men by
    smashing one of the vehicle's windows with a sledgehammer.
    
    A report (http://www.bangkokpost.com/Business/13May2003_biz12.html)
    published in the *Bangkok Post* indicates that the vehicle was Mr
    Jaovisidha's own BMW 520 which was being used while his state-supplied
    Mercedes, was being repaired.
    
    BMW's more up-market 7-series range uses a computer system called i-drive
    which has Microsoft's WindowsCE at its core.
      http://www.microsoft.com/presspass/press/2002/Mar02/03-04BMWpr.asp
    
    Did Mr Jaovisidha narrowly miss being killed by the blue windscreen of
    death? 
    
    Robert J. Berger - Internet Bandwidth Development, LLC.
    Voice: 408-882-4755 eFax: +1-408-490-2868
    http://www.ibd.com
    
    IP Archives at: http://www.interesting-people.org/archives/interesting-people/
    
      [At least 33 readers have noted this one thus far.  TNX!  PGN]
    
    ------------------------------
    
    Date: Mon, 19 May 2003 23:07:00 -0400
    From: Monty Solomon <montyat_private>
    Subject: Internet worm disguised as e-mail from Microsoft
    
    A new computer worm that disguises itself as an e-mail from Microsoft
    Corp. is spreading, computer security firms warned on Monday.  The e-mail
    containing the worm, dubbed Palyh or Mankx, appears to come from
    supportat_private, but is not from the software company.  When the
    attachment is opened, the worm copies itself to the Windows folder, scoops
    up e-mail addresses from the hard disk and starts sending itself out, said
    U.K-based Sophos.  The malicious program can spread itself to other Windows
    machines on a local area network.  [Source: Reuters, 19 May 2003]
    http://finance.lycos.com/home/news/story.asp?story=34253416
    
    ------------------------------
    
    Date: Wed, 14 May 2003 09:53:32 -0700
    From: "NewsScan" <newsscanat_private>
    Subject: Microsoft toilet project wasn't hoax
    
    Microsoft and its public relations firm are now saying that what they
    themselves thought was a hoax (the development of the iLoo, a portable
    toilet complete with wireless keyboard and Internet access) actually was a
    real project of the company's MSN group in the UK. The original press
    release indicated that the iLoo would offer its users "a unique experience."
    An MSN product manager now says: " "We jumped the gun basically yesterday in
    confirming that it was a hoax and in fact it was not," said Lisa Gurry, MSN
    group product manager. "Definitely we're going to be taking a good look at
    our communication processes internally. It's definitely not how we like to
    do PR at Microsoft." In any event, whether really a hoax or really real, the
    project is now dead -- flushed, as it were.  [AP/*USA Today*, 14 May 2003;
    NewsScan Daily, 14 May 2003]
      http://www.usatoday.com/tech/news/2003-05-14-iloo-hoax-retract_x.htm
    
    ------------------------------
    
    Date: Thu, 15 May 2003 09:14:04 -0400
    From: Monty Solomon <montyat_private>
    Subject: The Exterminator
    
    Bug-ridden programs are savagely costly. Microsoft engineer Amitabh
    Srivastava may have just what we need--a software insecticide.
    
    A strange thing happened last spring to the Board of Directors Web page of
    furniture maker Herman Miller, Inc. Instead of seeing the company's
    quarterly numbers, staffers saw a Star of David and a sad face. The chief
    executive thought someone was mocking his Protestant faith. Computer
    security chief Dennis Peasley thought, "This has to be a hack." But it was
    no hack, just a software glitch in how Microsoft's PowerPoint program
    recognized Herman Miller's custom fonts.
    
    Amitabh Srivastava, a computer scientist deep inside Microsoft Research, is
    the guy Microsoft is counting on to automate and accelerate the process of
    purging mistakes. "The impression is that we don't write very good
    software," says Srivastava. "Every time my computer crashes, it is a
    reminder of my failure."
    
    Computer bugs have been around since malfunctions in a 1945 [Harvard] Mark
    II were blamed (facetiously) on a moth trapped in a relay. Nowadays the term
    refers to programming flaws--commands that don't accomplish the desired
    result because computers have a habit of following the letter rather than
    the spirit of the instructions handed to them. The cost to customers of
    these flaws is necessarily a nebulous figure, but for what it's worth a
    National Institute of Standards & Technology report puts it at $38 billion a
    year. Evaluating only the cost of intrusions by hackers, who exploit flaws
    in computer security, Gartner Group comes up with $5.4 billion a year.
    
    Srivastava's fix is an arsenal of tools that help code testers fumigate
    buggy code. He has a big fan in Microsoft Chairman Bill Gates. "Software
    quality is about removing or preventing defects. The sooner any defect is
    caught, the better--ideally, they are simply never coded," says Gates.
    
    Building clean code is getting more daunting, especially for Microsoft . The
    Windows operating system has 50 million lines of code (a line averages 60
    characters) and grows 20% with every release.  It's put together by 7,200
    people, comes in 34 languages and has to support 190,000 devices--different
    models of digital cameras, printers, handhelds and so on.  ...
      [Source: Lycos.com, 26 May 2003]
    http://finance.lycos.com/home/news/story.asp?story=34131541
    
    ------------------------------
    
    Date: Tue, 20 May 2003 13:36:05 -0400
    From: Carl Fink <carlat_private>
    Subject: Immature air-traffic controllers?
    
    Reuters reports that pilots approaching Luton airport were hearing a baby's
    cries instead of instructions from the controllers.
    
    It turned out that a baby monitor, in a house in the approach path, was
    being picked up by their radios.  Replacing the monitor fixed the problem,
    so seemingly it was transmitting on the wrong frequency.
    
    The article says that no one was endangered because the pilots could switch
    to another frequency.  My question: exactly how powerful a transmitter is in
    this baby monitor if a plane moving at hundreds of kilometers per hour would
    stay in its "radius of interference" long enough to have to switch
    frequencies?
    
    http://news.excite.com/odd/article/id/327280|oddlyenough|05-20-2003%3A%3A10%3A44|reuters.html 
    
    Carl Fink  http://www.jabootu.com  carlat_private
    
    ------------------------------
    
    Date: Tue, 20 May 2003 16:44:19 -0400
    From: "Jay R. Ashworth" <jraat_private>
    Subject: The Great Capacitor Scare of 2003
    
    In RISKS-19.13, Mich Kabay quoted the *EE Times* on "The Great Capacitor
    Scare Of 1997".  People were building motherboards without enough power
    supply filter caps, it seems, and machines were locking up.
    
    Oh, to have problems that minor again...
    
    The Great Capacitor Scare of 2003 is going to be *much* worse.
    
    It seems, according to several news stories (linked at the end) that a
    materials chemist who worked for a Japanese company, Rubycon Corporation --
    which manufactured electrolyte for electrolytic (! :-) capacitors -- left
    his employ, and ended up working for a Chinese capacitor maker, Luminous
    Town Electric.  (These names tend to sound quaintly amusing to USAdian ears,
    which might not be accidental...)
    
    Apparently, in a fairly clear case of corporate espionage, the fellow's
    cow-orkers then "defected with the formula" (PCN says, in a confusing bit;
    defected to where he was?), and began to sell the electrolyte to many
    Taiwanese capacitor makers.
    
    Alas, there was one small problem.
    
    The formula wasn't *complete*.  The capacitors, which ought to have been
    good (in some cases) for up to 4000 hours, were failing in half that -- or,
    if you believe Intel, in as little as 250 hours.
    
    The electrolyte apparently outgasses hydrogen, and pops the seals on the
    cap, leaking electrolyte onto the board.  The missing ingredient was the one
    which prevented this.  I'd speculate that this might not be a
    point-catastrophic failure... these caps might pop and leak out slowly,
    shorting out circuits.
    
    But it's even worse.
    
    The Inquirer may put it best:
    	
      It is not currently known how many market segments may have been affected
      by these poor parts, which can be found in motherboards, switchmode power
      supplies, modems and other PC boards.
    
      The failures of the aluminum capacitors might just be the 'tip of the
      iceberg,' says Zogbi. "Other component failures from low-cost Asian
      suppliers might be forthcoming," he warns.
    
      Around 30 per cent of the world's supply of aluminum capacitors is
      manufactured in Taiwan, according to the Paumanok Group.  Confusion over
      which manufacturers may have used the faulty electrolyte is sending buyers
      back to Japan to source their capacitors.
    
      The extent of the problem in product that has already shipped won't become
      clear until components start failing, which may not happen until halfway
      through the products' life expectancy.
    
    But even *that* may understate the problem...
    
    How many electronic products do *you* know of that use electrolytic
    capacitors?  The RISKS are so obvious that I don't even have to say "The
    RISKS are obvious".  [But you did anyway!  PGN]
    
    *The Inquirer* coverage is at http://www.theinquirer.net/?article=6085
    
    *Passive Component News* is at http://www.niccomp.com/taiwanlowesr.htm
    Check out the tenor of the editorial footnote; it's as classic as it is
    uncommon.
    
    TTI, who bill themselves as "The world's leading distributor of Passive,
    Interconnect, and Electromechanical components" have put up an entire page
    tracking press coverage of the issue:
      http://www.ttiinc.com/MarketEye/Aluminum_Cap_Issue.asp
    
    Jay R. Ashworth, The Suncoast Freenet, Tampa Bay, Florida 
    http://baylink.pitas.com  jraat_private  +1 727 647 1274
    
    ------------------------------
    
    Date: Sun, 18 May 2003 13:11:49 -0700 (PDT)
    From: Drew Dean <ddeanat_private>
    Subject: Los Altos Vault & Safe Deposit Co.
    
    The Los Altos Vault & Safe Deposit Company has been running an ad in local
    newspapers (here from the May 14, 2003, Los Altos Town Crier, p. 12) with
    the following:
    
    "It is impossible for hackers to penetrate our computer system.  Reason -
    We have no computers.  We do business the old fashioned way."
    
    Now that's a convincing assurance argument!  I find it quite interesting
    that this is being advertised to the general public, or at least that
    portion living in Silicon Valley.
    
    On the other hand, the old fashioned way has its own risks, but those
    aren't mentioned.  Again, interesting from a marketing viewpoint.
    
    Drew Dean, Computer Science Laboratory, SRI International
    
    ------------------------------
    
    Date: Fri, 16 May 2003 11:20:32 -0400
    From: Dave Brunberg <DBrunbergat_private>
    Subject: Risk of automatic type conversion
    
    I recently downloaded a copy of an MSDS document for a particular chemical
    used frequently in water treatment.  While scanning through the pages I
    noticed the following:
    
      "US Patent No. ................ 5E + 06"
    
    I can only assume (bad policy?) that this is related to the document being
    automatically generated from a database of chemical information.
    
    A quick look at the rest of the document showed no obvious errors, but in
    something as potentially important to health and safety as an MSDS, one
    would expect better proofreading by the distributor.  That's not to mention
    any legal problems they may run into regarding disclosure of product
    hazards.
    
    David W. Brunberg, Engineering Supervisor - Field Process
    The F.B. Leopold Company, Inc.
    
    ------------------------------
    
    Date: Thu, 08 May 2003 09:23:09 -0700
    From: "NewsScan" <newsscanat_private>
    Subject: Earthlink awarded $16M in spamages
    
    A federal judge awarded Earthlink $16.4 million in damages and instituted a
    permanent injunction against a Buffalo, NY, man identified as the ringleader
    of a group that used Earthlink's network to send 825 million spam messages
    over the past year. Earthlink said Howard Carmack and his cronies used
    Internet accounts opened with stolen identities and credit cards to send
    junk e-mail. The ruling is the latest in a series of legal actions taken by
    ISPs against bulk spammers. Last year Earthlink won $25 million in damages
    in a suit against another bulk e-mailer, Kahn C. Smith of Tennessee, but it
    hasn't collected the award. The company also has several other lawsuits
    pending. Meanwhile, last December, America Online won a $6.9 million
    judgment against a now-defunct Illinois company that specialized in
    p*rnographic spam. Over the last few years, AOL has won 25 spam-related
    lawsuits against more than 100 companies and individuals, says a company
    spokesman.  [AP 7 May 2003; NewsScan Daily, 8 May 2003]
      http://apnews.excite.com/article/20030507/D7QSJOQ80.html
    
    ------------------------------
    
    Date: Fri, 16 May 2003 12:48:18 -0400
    From: Sean Smith <swsat_private>
    Subject: Potential Chilling Effect: IEEE publications and DMCA
    
    This morning, I noticed that in the IEEE copyright form
    (which authors must sign when they publish papers with the IEEE),
    the signer must warrant that "publication or dissemination of the
    work" will not violate the DMCA.
    
    Sean W. Smith, Ph.D.  swsat_private  http://www.cs.dartmouth.edu/~sws/
    Department of Computer Science, Dartmouth College, Hanover NH USA
    
    ------------------------------
    
    Date: Mon, 12 May 2003 13:47:48 -0700 (PDT)
    From: Mike Albaugh <albaughat_private>
    Subject: Re: OpenBSD release protects against buffer-overflow attacks
    
    > [Ardley: over 30 years ago ... reinvented in software...]
    
    WELL OVER 30 years ago, considering that the machine described in the "First
    Draft" paper on EDVAC (leaked by John von Neumann) was "tagged", in a sense.
    Every word of memory was meant to be designated as "Instruction" or "Data"
    during the program-loading process.  It was not exactly the way we think of
    such things today.  An attempt to "execute data" produced not an exception
    but effectively a "load immediate", while an attempt to "store to an
    instruction" altered only the address-part of the word.  Yes, chilluns, this
    was before B-Boxes :-)
    
    > Memory that was tagged as data could not be executed. The result
    > was that no stack overflow attack was possible.
    
    This ignores the prevalence of interpreted "data", the basis of numerous
    email and web malware. There is still plenty of mischief that can be done
    without the ability to "execute the stack", and some utility in being able
    to convert from data to executable, vis. work by David Keppel, et al.
    (http://citeseer.nj.nec.com/78783.html)
    
    "They may make it illegal, but they'll never make it unpopular" (as noted in
    another context, in RISKS-10.27).
    
      [The Harvard Mark I went even further.  There were programs in program
      store and there were data words in data store.  And ne'er the twain could
      meet.  PGN]
    
    ------------------------------
    
    Date: Tue, 20 May 2003 17:09:42 -0400
    From: "Bill Hopkins" <whopkinsat_private>
    Subject: Re: more spelling-checker follies? (Smith, RISKS-22.72)
    
    For three minutes, an AP story posted on *The New York Times* Web site about
    Justice Clarence Thomas referred to his predecessor as "Turgid Marshall."
    After checking that MS Word indeed deemed "Thurgood" a misspelling and
    suggested "turgid" as a replacement, I discovered that the story had been
    updated to use the correct name of the distinguished jurist.
    
    ------------------------------
    
    Date: Sat, 10 May 2003 19:44:06 -0700
    From: Bill Stewart <bill.stewartat_private>
    Subject: Re: more spelling-checker follies? (Smith, RISKS-22.72)
    
    A long long time ago, on a Microsoft Mail version far far obsolete by now, I
    forwarded a copy of my department's org chart to somebody.  Unfortunately,
    MS.Mail decided to spell-check the message and change anything it didn't
    like without checking with me first.  So, it not only changed any of the
    names it didn't recognize to words it did, including my department head's
    name, it also changed her Org Chart to an Orgy Chart.
    
    Fortunately, either nobody read it carefully, or they ignored it, so there
    weren't embarrassing explanations to be made, but my attitude did change
    from "Lousy unreliable mail client" to "Bill Gates Must ... ." [Verb deleted
    by moderator for RISKS-obvious reasons.  PGN]  MS.Outlook is much better than
    its earlier versions, though it's still fundamentally flawed in a few areas.
    
    ------------------------------
    
    Date: Tue, 13 May 2003 08:03:48 -0800
    From: Rob Slade <rsladeat_private>
    Subject: REVIEW: "802.11 Security", Bruce Potter/Bob Fleck
    
    BK8021SC.RVW   20030404
    
    "802.11 Security", Bruce Potter/Bob Fleck, 2003, 0-596-00290-4,
    U$34.95/C$54.95
    %A   Bruce Potter
    %A   Bob Fleck
    %C   103 Morris Street, Suite A, Sebastopol, CA   95472
    %D   2003
    %G   0-596-00290-4
    %I   O'Reilly & Associates, Inc.
    %O   U$34.95/C$54.95 800-998-9938 fax: 707-829-0104 infoat_private
    %O  http://www.amazon.com/exec/obidos/ASIN/0596002904/robsladesinterne
      http://www.amazon.co.uk/exec/obidos/ASIN/0596002904/robsladesinte-21
    %O   http://www.amazon.ca/exec/obidos/ASIN/0596002904/robsladesin03-20
    %P   176 p.
    %T   "802.11 Security"
    
    The preface states that this book is aimed at the network engineer,
    and the security engineer, or the hobbyist, but it is not an
    introductory work.  The reader will need to know Linux to the kernel
    configuration level, and TCP/IP networking to the ARP (Address
    Resolution Protocol) level.
    
    Part one addresses the basics of 802.11 security.  Chapter one
    provides a background, and looks at issues, in wireless
    communications, although primarily from a communications, rather than
    security, perspective.  There is a review of attacks and risks, in
    chapter two, and for once there is a comparison of wired versus
    wireless hazards, ranging from the common (interference from portable
    phones) to the sophisticated (signal strength attacks related to
    diversity antennae).
    
    Part two deals with station, or remote device, security.  Chapter
    three examines attacks against machines and networks, and suggests the
    use of SSL (Secure Sockets Layer) and SSH (Secure SHell). 
    Configuration recommendations for the kernel, startup, firewall, and
    other aspects of FreeBSD are covered in chapter four.  Chapters five,
    six, and seven do the same for Linux, OpenBSD, and Mac OS X,
    respectively (with a concentration on the AirPort utilities for the
    Mac).  Windows, in chapter eight, reviews basic workstation items
    only, with limited advice and direction.
    
    Part three looks at access port security, and the setup of access
    points under Linux, FreeBSD, and OpenBSD are all contained in chapter
    nine.
    
    Gateway security is the topic of part four, with chapter ten looking
    at gateways and firewalls, while the use of the three UNIX variants as
    gateways is discussed in chapters eleven, twelve, and thirteen. 
    Authentication and encryption, mostly with IPSec, is reviewed in
    chapter fourteen.  A rather vague closing is given in fifteen.
    
    As noted, this is not a book for beginners.  Presumably readers should
    already know the most common dangers of wireless LANs, such as
    allowing default access passwords to remain active, and broadcasting
    the station set identifier.  WEP (Wired Equivalent Privacy) is
    dismissed as irrelevant: since it is deeply flawed, one can assume
    that the concentration on technologies such as IPSec and station
    security is of greater use than suggesting minor improvements in the
    use of WEP keys and initialization vectors.  However, it is a bit of a
    pity that the authors took this route.  With the addition of possibly
    an extra fifty pages this could have been an excellent reference for
    all wireless LAN administrators.
    
    copyright Robert M. Slade, 2003   BK8021SC.RVW   20030404
    rsladeat_private  rsladeat_private  sladeat_private p1at_private
    
    ------------------------------
    
    Date: Thu, 15 May 2003 07:59:40 -0800
    From: Rob Slade <rsladeat_private>
    Subject: REVIEW: "Mobile VPN", Alex Shneyderman/Alessio Casati
    
    BKMBLVPN.RVW   20030401
    
    "Mobile VPN", Alex Shneyderman/Alessio Casati, 2003, 0-471-21901-0,
    U$45.00/C$69.95/UK#33.50
    %A   Alex Shneyderman
    %A   Alessio Casati
    %C   5353 Dundas Street West, 4th Floor, Etobicoke, ON   M9B 6H8
    %D   2003
    %G   0-471-21901-0
    %I   John Wiley & Sons, Inc.
    %O   U$45.00/C$69.95/UK#33.50 416-236-4433 fax: 416-236-4448
    %O  http://www.amazon.com/exec/obidos/ASIN/0471219010/robsladesinterne
      http://www.amazon.co.uk/exec/obidos/ASIN/0471219010/robsladesinte-21
    %O   http://www.amazon.ca/exec/obidos/ASIN/0471219010/robsladesin03-20
    %P   330 p.
    %T   "Mobile VPN"
    
    Part one presents wireless data fundamentals.  Chapter one gives an
    introduction to mobile virtual private networks (MVPN), and the emphasis on
    cellular technology points out that the authors are familiar with the
    telecommunications, rather than security, field of work.  The material
    contains a weak suggestion that MVPNs may be useful, lots of alphabet soup,
    and very little in the way of conceptual background.  The data networking
    technologies in chapter two are not explained very clearly: basic ideas get
    bogged down with details.  Cellular radio interfaces are listed in chapter
    three, with data services that can be provided over cellular networks in
    chapter four.
    
    Part two looks at MVPN and advanced wireless data services.  MVPN
    fundamentals, in chapter five, basically reiterates the text from chapter
    two, with a little extra emphasis on virtual private networks.  Chapter six
    describes various GSM (Global System for Mobile communications)/GPRS
    (General Packet Radio Service) and UMTS (Universal Mobile Telecommunication
    System) offerings.  Options for CDMA2000 (Code Division Multiple Access) are
    listed in chapter seven.  Chapter eight explains MVPN equipment components
    and requirements.  Possible developments in mobile VPN are advanced in
    chapter nine.
    
    This book once again emphasizes the divide not only between the cellular and
    wireless LAN camps, but also between communications and security.  It fails
    to bring all the related technologies together between two covers.  At the
    same time, for those in the LAN or security fields who need to know about
    cellular service offerings, this work does not provide a consistent level of
    explanation and depth of background for those issues.  Possible utilities
    are tabulated, but these could be obtained from almost any cell company
    sales office.
    
    copyright Robert M. Slade, 2003   BKMBLVPN.RVW   20030401
    rsladeat_private  rsladeat_private  sladeat_private p1at_private
    
    ------------------------------
    
    Date: 29 Mar 2002 (LAST-MODIFIED)
    From: RISKS-requestat_private
    Subject: Abridged info on RISKS (comp.risks)
    
     The RISKS Forum is a MODERATED digest.  Its Usenet equivalent is comp.risks.
    => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
     if possible and convenient for you.  Alternatively, via majordomo,
     send e-mail requests to <risks-requestat_private> with one-line body
       subscribe [OR unsubscribe]
     which requires your ANSWERing confirmation to majordomoat_private .
     If Majordomo balks when you send your accept, please forward to risks.
     [If E-mail address differs from FROM:  subscribe "other-address <x@y>" ;
     this requires PGN's intervention -- but hinders spamming subscriptions, etc.]
     Lower-case only in address may get around a confirmation match glitch.
       INFO     [for unabridged version of RISKS information]
     There seems to be an occasional glitch in the confirmation process, in which
     case send mail to RISKS with a suitable SUBJECT and we'll do it manually.
       .UK users should contact <Lindsay.Marshallat_private>.
    => The INFO file (submissions, default disclaimers, archive sites,
     copyright policy, PRIVACY digests, etc.) is also obtainable from
     http://www.CSL.sri.com/risksinfo.html  ftp://www.CSL.sri.com/pub/risks.info
     The full info file will appear now and then in future issues.  *** All
     contributors are assumed to have read the full info file for guidelines. ***
    => SUBMISSIONS: to risksat_private with meaningful SUBJECT: line.
    => ARCHIVES are available: ftp://ftp.sri.com/risks or
     ftp ftp.sri.com<CR>login anonymous<CR>[YourNetAddress]<CR>cd risks
       [volume-summary issues are in risks-*.00]
       [back volumes have their own subdirectories, e.g., "cd 21" for volume 21]
     http://catless.ncl.ac.uk/Risks/VL.IS.html      [i.e., VoLume, ISsue].
       Lindsay Marshall has also added to the Newcastle catless site a
       palmtop version of the most recent RISKS issue and a WAP version that
       works for many but not all telephones: http://catless.ncl.ac.uk/w/r
     http://the.wiretapped.net/security/info/textfiles/risks-digest/ .
     http://www.planetmirror.com/pub/risks/ ftp://ftp.planetmirror.com/pub/risks/
    ==> PGN's comprehensive historical Illustrative Risks summary of one liners:
        http://www.csl.sri.com/illustrative.html for browsing,
        http://www.csl.sri.com/illustrative.pdf or .ps for printing
    
    ------------------------------
    
    End of RISKS-FORUM Digest 22.73
    ************************
    



    This archive was generated by hypermail 2b30 : Tue May 20 2003 - 17:21:53 PDT