TBTF for 11/24/97: Netscape need not apply

Keith Dawson (dawson@world.std.com)
Mon, 24 Nov 1997 07:02:06 -0600


TBTF for 11/24/97: Netscape need not apply

T a s t y B i t s f r o m t h e T e c h n o l o g y F r o n t

Timely news of the bellwethers in computer and communications
technology that will affect electronic commerce -- since 1994

Your Host: Keith Dawson

This issue: < http://www.tbtf.com/archive/11-24-97.html >

C o n t e n t s

The Spam King is back
Spam judgement
LAND attack crashes TCP stacks
Another Microsoft IE bug fixed
The state of Internet security now
Pentium II pollution
Are cookie files public records?
Digital rumors
Followup on railbed fiber
Zero-point energy
Netscape need not apply

..The Spam King is back

Spineless spammer bids to acquire some backbone

In September TBTF reported [1] that AGIS, the last network refuge of
spammers, had jettisoned the scoundrels from its backbone network.
Spam-meister Sanford Wallace vowed to return -- though how he could
do so was not clear. Now Wallace has announced the formation of
Global Technology Marketing Inc. [2], a backbone Internet service
provider specifically for himself and his junk-emailing colleagues.
(So hated is Wallace on the Net that his announcement triggered
massive "collateral damage" [3] -- in the Pentagon-speak of one
anti-spam activist -- as Netizens made life difficult for a number
of innocent companies and people with names similar to those men-
tioned in the Spam King's press conference.)

Wallace has teamed with fellow spammer Walt Rines and with an un-
disclosed third party, reported to be a regional ISP in Nevada.

My guess is that Spamford's new network will be invisible to most
Netizens, because reputable networks will not "peer" with him
(i.e., agree to exchange traffic). Network administrators around
the world are certain to block email from Wallace's domain, if not
in fact to shut off all IP connectivity to it.

At the press conference announcing his new initiative, Wallace said,
"If this doesn't work, nothing will. If it doesn't go, then that's
it for me -- I'm done."

Make it so.

[1] http://www.tbtf.com/archive/09-22-97.html#s02
[2] http://www.news.com/News/Item/0%2C4%2C16682%2C00.html
[3] http://www.news.com/News/Item/0,4,16730,00.html

..Spam judgement

A spammer is fined and enjoined from theft of service

A district court judge issued a ruling [4] that spam-haters every-
where will relish, fining a spammer $18,910 and permanently en-
joining him from ever again using the domain name of the plaintiff,
or (more importantly), ever again misappropriating ANY domain name
not owned by him for the purpose of spam.

[4] http://commons.utopia.usweb.com/mailings/rre/spam.judgement.html

..LAND attack crashes TCP stacks

Another TCP hole, and an exploit program in circulation

A newly surfaced DoS attack [5], dubbed LAND after the exploit pro-
gram now circulating on the Net, takes advantage of a hole in the
earliest implementations of networking code in the BSD branch of
Unix. Many modern TCP stacks are derived from this code and are thus
vulnerable to the attack. In a LAND attack a spoofed packet, with
the SYN flag asserted, is sent to any listening port on a target
machine; the packet is crafted to have the same source and destin-
ation IP address. The target machine will either crash immediately,
or, in some cases, slow down and gradually drift to a halt. Here is
a list of affected architectures as posted to the bugtraq mailing
list on the afternoon of 11/21.

TCP/IP stack Vulnerable?
----------------------------------- ----------
AIX 3 yes
BSDI 2.1 (vanilla) yes
BSDI 2.1 (K210-021, -022, -024) no
BSDI 3.0 no
Digital UNIX 4.0 no
FreeBSD 2.2.2-RELEASE maybe
FreeBSD 2.2.5-RELEASE maybe
FreeBSD 2.2.5-STABLE maybe
HP JetDirect Print Server yes
HP-UX 10.20 yes
IRIX 6.2 no
IRIX 6.3 no
IRIX 6.4 no
Linux 2.0.30 no
Linux 2.0.32 no
MacOS 7.5.1 no
MacOS 8.0 yes
NetApp NFS server 4.3 yes
NetBSD 1.2 yes
NetBSD 1.2a yes
NeXTSTEP 3.0 yes
NeXTSTEp 3.1 yes
Novell 4.11 no
OpenBSD 2.1 maybe
QNX 4.24 yes
OpenBSD 2.2 (Oct31) no
SCO OpenServer 5.0.4 no
Salaris 2.4 no
Solaris 2.5.1 no
Solaris 2.6 no
SunOS 4.1.4 yes
Windows 95 (vanilla) yes
Windows 95 + Winsock 2 + VIPUPD.EXE yes
Windows NT (vanilla) yes
Windows NT + SP3 yes
Windows NT + SP3 + simptcp-fix yes

Ascend Pipeline 50 rev 5.0Ap13 no
Cisco IOS 10.3(7) yes
Cisco 2511 IOS ??? yes
Cisco 753 IOS ??? yes
LaserJet Printer no
Livingston Office Router (ISDN) yes
Livingston PM* ComOS 3.5b17 + 3.7.2 no
NCD X Terminals, NCDWare v3.2.1 yes

What makes this exploit especially dangerous is that it can take out
Cisco routers, the devices that join together the majority of the
networks comprising the Internet. The bug has simple fixes or work-
arounds in most architectures. Some affected companies have been
posting solutions on bugtraq, such as these recent notes from Cisco
[6] and FreeBSD [7]. The bug will continue to be disruptive for some
time, until most of the Internet has put into place the platform-
specific fixes. We can expect routers to be bullet-proofed first, as
network administrators concentrate on the parts of the Net where
such a bug could do the most damage.

[5] http://www.wired.com/news/news/technology/story/8707.html
[6] http://www.geek-girl.com/bugtraq/1997_4/0360.html
[7] http://www.geek-girl.com/bugtraq/1997_4/0361.html

..Another Microsoft IE bug fixed

The company patches a problem before news of it spreads on the Net

Microsoft has announced a fix for a new security / privacy hole in
Internet Explorer, dubbed "Page Redirect" [8], before its existence
was widely known. I for one hadn't seen any mention of it. Perhaps
Microsoft uncovered the bug in their own testing. For this reason
I'm not adding Page Redirect to the TBTF list of 1997 MSIE security
exploits [9]. The bug affects MSIE 3.02 and 4.0 on Win95 and NT
only; it allows a malicious Web site, in certain circumstances, to
capture a user's login information. The fix is available from Mi-
crosoft's security site [10]. Incidentally, at the top level of
that site [11] the visitor is presented with this rather alarming
list of links to recent IE security problems:

Get the fix for the Page Redirect issue
Fix now available for Buffer Overrun issue
New VM fixes Java redirect security problem
Fix available for "Freiburg" text-viewing issue
DirectX beta file corruption: Get the final code
"Bell Labs" JavaScript privacy problem fix available
Get the Authenticode update
Digital IDs need to be renewed
Security update for PowerPoint users
Windows 95 patch addresses password security issue
Security issues fixed in Internet Explorer 3.02

[8] http://www.news.com/News/Item/Textonly/0,25,16720,00.html?pfv
[9] http://www.tbtf.com/resource/ms-sec-exploits.html
[10] http://www.microsoft.com/security/redirect.htm
[11] http://www.microsoft.com/security/

..The state of Internet security now

Real data on the prevalance and frequency of Net probes and

Two Texas security companies have released a report on Internet
security incidents that is, for the first time, based on analysis
of the actual datastream instead of on interviews with humans.
NetSolve (Austin, TX) operates a monitoring service called ProWatch
Secure based on the NetRanger intrusion-detection software developed
by Wheelgroup (San Antonio). The report [12] summarizes 556,464
"alarms" (Net attacks or probes) recorded over 5 months, from May
to September 1997, in the customer base of NetSolve. The report
does not say how many sites were monitored. Among the conclusions:

- For monitored customers, attempts to gain unauthorized access
to corporate networks ranged from 0.5 to 5 instances per month.

- Corporations with e-commerce applications, such as permitting
customers to order products via the Internet, fell on the high
end of the range.

- Every monitored site experienced either an attack or a heavy
probe an average of once per month over the course of the

The report clearly shows the effects of the distribution of exploit
kits such as LAND (see above) and smurf: this software puts the
ability to disable or attack corporate networks into the hands of
a vast army of unsophisticated wannabe crackers the report dubs
"script kiddies."

Because this survey is the first of its kind, the authors aren't
able to discuss trends in the number and kind of Net attacks; such
analysis is promised for follow-on reports.

[12] http://www.wheelgroup.com/netrangr/PWS_survey.html

..Pentium II pollution

The US govenment, by its own rules, should not be buying any
computer systems built around the Pentium II

A 1993 Executive Order bans the federal government from purchasing
computer systems that don't meet the EPA's Energy Star guidelines.
As it turns out, the Pentium II chip consumes so much power that
an Energy Star compliant system cannot be designed around it. The
government continues to buy Pentiom II systems, of course. These
assertions were carried on the Apple evangelist mailing list [13],
where posters have a direct interest in encouraging the spread
of an alternative technology whose underlying chip is not only
Energy Star friendly, but is also more powerful than the Pentium
II. The original poster, Kurt Dikkers <dikkersk@i1.net>, points
to a source in the magazine Federal Computer Week [14], but only
some of its articles are available online and I couldn't locate
this one among them. Thanks for the tip on this story to Fred K
Barrett <fbarrett@world.std.com>.

[13] http://public.lists.apple.com/lists/evangelist/msg00602.html
[14] http://www.fcw.com/pubs/fcw/fcwhome.htm

..Are cookie files public records?

Then how about browser history, cache files, server logs?

A small independent newspaper has sued [15] the Tenessee city of
Cookeville for refusing a request to examine the cookie files from
city employees' computers [16]. The Putnam Pit, a self-described
"fun little watchdog paper that is very irreverent and acidic,
and its publisher Geoff Davidian, argue that the cookie files
should be public records under the laws of Tennesee. Davidian
wants to examine the cookie files to determine

...whether taxpayers are footing the bill for city employee
access to Internet sites focusing on such issues as white
supremacy, pornography, white slavery, homosexual lifestyle,
communism, satanism, sodomy, bestiality, incest, pedophilia,
how to misuse local government authority, adultery, desecra-
tion of the United States flag, the anti-christ, and heroin.

(That list was offered tongue-in-cheek, I think.) Davidian
recently amended the civil lawsuit to add a request for city
employees' browser history files and cache files. I wrote to
Davidian suggesting that what he really wants are the proxy
server logs -- they would more directly demonstrate what sites
public servants were surfing.

There is no legal precedent on the question of the privacy pro-
tections, if any, accorded to these kinds of files from public
employees' computers. Davidian compares cookie files to the phone
records of civil servants, which are routinely made available for
public examination. Lawyers for the city of Cookeville say that
cookie files are more like working notes scrqwled on paper scraps,
exempt from public scrutiny. TBTF will be watching this case for
you. Thanks to Gregory Alan Bolcer <gbolcer@gambetta.ics.uci.edu>
for the pointer.

[15] http://mediainfo.elpress.com/ephome/news/newshtm/stories/110797n4.htm
[16] http://www.putnampit.com/hoards.html

..Digital rumors

By the time DEC gets down to its core competencies there may be
no-one left but Dilbert

Last January I reported what was already a year-old rumor: that
Compaq might be looking to acquire Digital Equipment Corp. [17].
Soon thereafter Compaq picked up Tandem and I assumed the rumor
was at an end. It's back, though, resurrected last Friday bt a
Wall Street newsletter [18], with little apparent effect on the
stock of either company. Another persistent Digital rumor, this
one with more substance behind it, is that the company is about
to sell its network business to Cabletron [19]. (A mutated version
says the suitor is AT&T.) Finally, here is a phony press release
[20] reporting on the ultimate attempt to reduce the company to
its "core competencies."

[17] http://www.tbtf.com/archive/01-11-97.html#s06
[18] http://www5.zdnet.com/zdnn/content/zdnn/1121/244639.html
[19] http://www.zdnet.com/zdnn/content/reut/1120/243880.html
[20] http://www.tbtf.com/resource/dgtl.html

..Followup on railbed fiber

Building the Information Age on the bones of the Industrial

TBTF for 10/31/96 [21] sketched the information revolution follow-
ing in the footsteps -- and the trackbeds -- of earlier technologi-
cal upheavals. Reinforcing this trend is the news [22] that Qwest
is well along towards building a nationwide, all-fiber backbone in
the rights-of-way provided by railroads trackbeds.

[21] http://www.tbtf.com/archive/10-31-96.html#s09
[22] http://www.internetnews.com/Reuters/qwest.html

..Zero-point energy

Empty space churns with unseen activity, but can we tap its
energy? Probably not

The current Scientific American features an article [23] on attempts
to exploit so-called zero-point energy, or vacuum energy: a phe-
nomenon in which pairs of "virtual" particles are continually being
created and destroyed below the cloak of Heisenberg uncertainty. The
effect was predicted by students of quantum theory earlier in the
century. Einstein expressed a profound distaste for such mysteries
of the quantum world in his oft-quoted bon mot "God does not play
dice." Decades later Stephen Hawking, studying pair production in
the vicinity of black holes, rejoined "Not only does God play dice,
but He throws them where we cannot see them."

How much zero-point energy exists is a matter of debate. The main-
stream view -- that such energy is real but minuscule -- was rein-
forced recently by measurements of the Casimir effect, an obscure
consequence of the vacuum predicted by a Dutch scientist in 1948.
Investigators were able to measure the mutual attraction felt by
two plates brought extremely close together. The measured force
was a nanonewton, equivalent to the weight of a blood cell in the
earth's gravitational field.

The subject is a natural attractor for the pseudo-science fringe
intrigued by the Dean Drive [24], holding out the promise of unlim-
ited energy from nothing at all. An outfit in Austin, TX called
the Institute for Advanced Study has spent the last 10 years in-
vestigating devices that claimed to be able to tap the energy of
the vacuum; none has stood up under scrutiny.

[23] http://www.sciam.com/1297issue/1297yam.html
[24] http://home.att.net/~spacedrives/wwdeannl.htm

..Netscape need not apply

An entertainment site rolls out the welcome mat -- but only for
those using Internet Explorer on Windows

We knew it had to happen. This official Star Trek site [25] is the
first I've seen that is simply inaccessible to any other platform
than Internet Explorer running on Microsoft. I deduce that the site
uses ActiveX controls because it checks for the presence of Authen-
ticode, MSIE, and Windows. Those failing any of these tests are
treated so contemptiously as to be sent to the limbo of an illegal
URL, there to contemplate their miserable lot out of the Microsoft
mainstream. (The URL contains a space character.) Running Navigator
under an MS OS will get you chided for an "Incompatible Browser"
[26], while those running MSIE on a Macintosh get told "Macintosh
Browser" [27]. In neither case can they partake of the joys of the
main site. As CobraBoy! <tbyars@earthlink.net> put it, the result is
"clearly what results when the two greatest forces of evil on the
planet, Viacom and Microsoft, work together." Thanks to John Robert
LoVerso <john@loverso.southborough.ma.us> for the first note about
the site.

[25] http://startrek.msn.com/
[26] http://startrek.msn.com/gatekeeper.asp?reason=Incompatible Browser
[27] http://startrek.msn.com/gatekeeper.asp?reason=Macintosh Browser

S o u r c e s

> For a complete list of TBTF's (mostly email) sources, see
< http://www.tbtf.com/sources.html >.

TBTF home and archive at < http://www.tbtf.com/ >. To subscribe
send the message "subscribe" to tbtf-request@world.std.com. TBTF
is Copyright 1994-1997 by Keith Dawson, < dawson@world.std.com >.
Commercial use prohibited. For non-commercial purposes please
forward, post, and link as you see fit.
Keith Dawson dawson@world.std.com
Layer of ash separates morning and evening milk.

Version: 2.6.2