TBTF for 9/22/97: Allez Java

Keith Dawson (dawson@world.std.com)
Tue, 23 Sep 1997 22:24:19 -0500


TBTF for 9/22/97: Allez Java

T a s t y B i t s f r o m t h e T e c h n o l o g y F r o n t

Timely news of the bellwethers in computer and communications
technology that will affect electronic commerce -- since 1994

Your Host: Keith Dawson

This issue: < http://www.tbtf.com/archive/09-22-97.html >

C o n t e n t s

Fallout from the House crypto debacle
AGIS Internet jettisons the spammers
Northern Light
The ascent of XML
Utility reveals Win 95 passwords
Profiting from typos
Email envy
Voting with their feet

..Fallout from the House crypto debacle

Indications [1] are that the Commerce Committee of the US House of
Representatives is likely to vote in favor of unprecedented restric-
tions on Americans' right to be left alone. The so-called Oxley
amendment [2] to the SAFE bill, which started out attempting to
ease encryption export rules, would require Internet technology to
enable immediate access to plaintext for any Net message, without
notification to the sender.

This ZDNet coverage [3] gives an introduction of some of the tech-
nical objections raised last week to the Oxley amendment. Here are
some more recent ones.

- Voices from England [4],[5] and Europe [6] refuted this ap-
proach to encryption. An article in Communications Week Inter-
national [6] claims that the European Commission will refuse
to endorse key recovery in a report to be issued on 10/1/97.

- 28 law professors detailed [7] why the proposed law would be

- 65 companies and organizations signed a letter [8] to the House
Commerce Committee opposing Oxley or any similar legislation.

The Congressional Budget Office issued an analysis [9] of the
costs of a key-recovery infrastructure; the top estimate was $2
billion per year. CBO requested expert input into its estimates
(thanks to Rodney Thayer <rodney@sabletech.com> for the first
word on this). Here is some of what the CBO got.

- Donale Eastlake and others estimated upwards of several hun-
dred billion dollars [10].

- William Allen Simpson estimated that Oxley would slow all data
transmission on the Internet by 3 to 8 times, and in addition
would require the construction of a secure infrastructure as
large again as today's Internet for the transmission and stor-
age of users' keys.

- Perry Metzger noted: "The cost to industry of implementing
[Oxley] and... to the government of running it is only the tip
of the iceberg. The cost to the economy [of] criminal activity
that cryptography would normally stop cannot possibly be esti-

- The last word goes to cryptographer Bruce Schneier: "Law en-
forcement needs to deal with technology. So, no more wiretaps.
Big deal. [FBI Director] Freeh needs to deal with that fact."

[1] http://www.news.com/News/Item/0%2C4%2C14422%2C00.html
[2] http://www.cdt.org/crypto/legis_105/SAFE/Oxley_Manton.html
[3] http://www.zdnet.com/zdnn/content/zdnn/0922/zdnn0013.html
[4] http://www.techweb.com/wire/news/1997/09/0917crylaws.html
[5] http://www5.zdnet.com/zdnn/content/zduk/0918/zduk0001.html
[6] http://www.jya.com/euro-resist.htm
[7] http://www.law.miami.edu/~froomkin/lawprof-letter.htm
[8] http://www.jya.com/safe-oxley-no.htm
[9] http://www.jya.com/gak-costs.htm
[10] http://www.jya.com/gak-costs2.htm

..AGIS Internet jettisons the spammers

Apex Global Internet Services Inc. had tried unilaterally to work
a truce in the spam wars -- it hosted spammers, including the most
notorious of them all, Sanford Wallace's Cyber Promotions, while
sponsoring a trade association of "responsible" spammers: the In-
ternet E-Mail Marketing Council. Last Wednewday the ISP kicked
them all out [11], [12]. It shut down the accounts of three spam
companies and ejected the IEMMC representstive from his office on
the AGISsite. The reasons for the ouster are not clear but may
involve protacted ping-flood attacks directed against CyberPromo.
(Wallace claims that AGIS stopped blocking ping floods a week be-
fore.) This handy page [13] from Randy Benn keeps up-to-date with
news accounts from the spam wars.

[11] http://www.news.com/News/Item/0,4,14429,00.html
[12] http://www.zdnet.com/intweek/daily/970922e.html
[13] http://www.clark.net/pub/rbenn/spam.html

..Northern Light

For the first time since the launch of HotBot, a new player in the
search-engine game bids to index the entire Web. Northern Light [14],
a startup in Cambridge, MA, introduces a new technique -- folders
generated on the fly -- to organize and present search results. The
company offers searches of off-Web content such as journals, maga-
zines, how-to guides, and reference works. Searching the "Special
Collections" is free for now but the company soon start charging;
Web searches will remain free. Wired gives a good summary [15] of
Northern Light's story.

[14] http://www.northernlight.com/
[15] http://www.wired.com/news/news/culture/story/6992.html

..The ascent of XML

The Autumn 1997 number of the World Wide Web Journal [16] will be
a special issue on XML. One of its articles is available on the Web
in pre-copyright form [17]. If you don't know about XML, an evolu-
tionary development from the tradition of SGML and HTML, you prob-
ably should. You'll find a graceful introduction in "The Evolution
of Web Documents: The Ascent of XML," by Dan Connolly, Rohit Khare,
and Adam Rifkin [17].

[16] http://www.w3j.com/
[17] http://www.cs.caltech.edu/~adam/papers/xml/ascent-of-xml.html

..Utility reveals Win 95 passwords

PC Week notes [18] the appearance of a new utility that can reveal
passwords stored in the Windows 95 password list on a local machine.
The tool is called Revelation [19], and it's a free 15K download from
SnadBoy Software. The utility does not rely on decryption; it simply
grabs and displays data from a Windows 95 software buffer. SnadBoy
positions Revelation as a convenience tool for those who have for-
gotten a password that they asked Windows 95 to remember for them.
Its potential for abuse is scary, but fortuately Revelation can't be
used over a network; it must be run from the keyboard attached to a
local machine.

[18] http://www8.zdnet.com/pcweek/news/0908/11mrev.html
[19] http://www.snadboy.com/revelation.shtml

..Profiting from typos

Data Art Corp. [20], a New York Internet consulting company, has hit
on the idea of registering domain names that are slight misspellings
of well-known company or site names. Examples are:

abcnws.com cdnaw.com
atavista.com cityseach.com
barnesandnobels.com compuserver.com
bigfot.com dinsey.com
careermasaic.com dojones.com
careermozaic.com ...

Data Art registered at least 256 such names in the first week in
August. Perhaps they intend to sell the names to people who want to
benefit from "accidental" advertising; meanwhile Data Art is using
the names themselves to this end. Visit a plausible URL constructed
from any of the names and you get an advertisement and an invitation
to contact the company. (The HTML title of each such page is "typo.")

This inventive domain-name wangle was uncovered by Noah Friedman
<friedman@splode.com> and forwarded by glen mccready <glen@qnx.com>.

[20] http://www.dataart.net/about.htm

..Email envy

Daniel Bernstein, the professor who recently won a narrow ruling
[21] in his challenge [22] to US cryptography export restrictions,
acquired a new email address courtesy of the Tonga registry [23].
Robert Harley <Robert.Harley@inria.fr> received a message from
Bernstein at his new address and gave public voice to the severe
case of email envy inspired by


[21] http://www.tbtf.com/archive/12-24-96.html#s01
[22] http://www.eff.org/pub/EFF/Policy/Crypto/ITAR_export/Bernstein_case/
[23] http://www.tbtf.com/archive/0110.html#s04

..Voting with their feet

At a recent Microsoft developers' conference in Paris the topic
turned to Java. Microsoft spokesmen began disparaging the Sun-
developed cross-platform language and talking up the Microsoft
alternatives. To the presenters' astonishment, the audience of 1200
developers disrupted the presentation with boos and calls of "Go
Java!" They began walking out of the room -- first in a trickle and
then in a flood. At the end only 50 remained in the audience. This
account [24] of the debacle, penned by an unnamed attendee (believed
to be a Sun employee) was forwarded by Keith Bostic <nev@bostic.com>.

[24] http://www.tbtf.com/resource/gojava.html

S o u r c e s

> For a complete list of TBTF's (mostly email) sources, see
< http://www.tbtf.com/sources.html >.

TBTF home and archive at < http://www.tbtf.com/ >. To subscribe
send the message "subscribe" to tbtf-request@world.std.com. TBTF
is Copyright 1994-1997 by Keith Dawson, < dawson@world.std.com >.
Commercial use prohibited. For non-commercial purposes please
forward, post, and link as you see fit.
Keith Dawson dawson@world.std.com
Layer of ash separates morning and evening milk.

Version: 2.6.2, by FileCrypt 1.0