(A Javascript-enabled browser is required to email me.)
TBTF logo

TBTF for 1997-06-16: Joshua fit the battle of Jericho

Keith Dawson (dawson dot tbtf at gmail dot com)
Sun, 15 Jun 1997 23:07:11 -0500


Contents

  • The Internet weather report -- Everybody talks about the bit-storms, but ClearInk has done something about them

  • Cinnamon, repent -- The latest installment of Religion on the Net scrutinizes a singular bun in Tennesee

And the walls come a-tumblin' down

A recent accelerating cascade of events in the battle for encryption export all point toward defeat for the Clinton Administration's policies. What began as straws in the wind have given way, to extend the metaphor, to trashcan lids, automobiles, and house trailers.

For past coverage of the debate over cryptography export policy, see TBTF Threads [8].

[1] <http://www.techweb.com/se/directlink.cgi?CWK19970519S0002>
[2] <http://www.sybase.com/inc/corpinfo/press/23f6.htm>
[3] <http://www.verifone.com/corporate_info/html/us_export.html>
[4] <http://www.pgp.com/newsroom/prel34.cgi>
[5] <http://www.pgp.com/newsroom/complist.cgi>
[6] <http://www.zdnet.com/intweek/daily/970602d.html>
[7] <http://www.sjmercury.com/opinion/docs/066550.htm>
[8] <http://www.tbtf.com/threads.html#Tcep>


______

A Dane finds a nasty Netscape bug but gets no bounty

By now you've probably heard the one about the Danish bounty hunter and the Netscape bug. You haven't? Well, then. Christian Orellana <bug at cabocomm dot dk> is one of two people in CaboComm, a Danish Internet solutions provider in Aarhus, west of Copenhagen. He discovered a way for a Web-site administrator to copy files from the disk of any user of any version of Netscape Navigator or Netscape Communicator, on any platform. Firewalls offer no protection. The user apparently needs to access a password-protected page on the bad guy's site (this is my inference from the various press reports), and the miscreant needs to know or guess a file's exact path and name in order to steal it.

Orellana contacted Netscape on 6/9 but claims he was unsatisfied at the level of seriousness accorded his report. Netscape claims that Orellana refused to share technical details of the bug unless he was paid "a large unspecified amount" of money [9]. (CaboComm remembers it differently [10], [11] -- Orellana says he did not consider Netscape's offer of a $1,000 "bug bounty" an appropriate way to deal with a serious product issue.) Netscape refused to pay up, and later compared Orellana's demands to those of a terrorist. Orellana contacted the press, CNNfn and PC Magazine, and proved to their satisfaction that the bug exists as claimed. CNNfn reported [12] the bug on 6/12, on the final day of Netscape's developers' conference, and Netscape stock dropped about 5 percent. (It has since recovered.)

By 6/13 Netscape had located and fixed the bug with no help from CaboComm; no bounty will be paid. The company will deliver fixes first for Communicator, then for Navigator, beginning this week.

Here is a thoughtful piece [13] on the drawbacks and risks of Netscape's bug bounty program.

[9] <http://www.news.com/News/Item/0,4,11487,00.html>
[10] <http://www.cabocomm.dk>
[11] <http://www.news.com/News/Item/0,4,11502,00.html>
[12] <http://cnnfn.com/digitaljam/9706/12/netscape_pkg/>
[13] <http://www.news.com/News/Item/0,4,11494,00.html>


______

Anti-spam news

The Federal Trade Commission held hearings last week on consumer privacy. Keith Lynch <kfl at clark dot net> attended the session on email spam on the morning of 6/12 and posted an account [14] to several Net-abuse newsgroups. Lynch concludes that the FTC is in no mood to regulate spam at this time. Congress, on the other hand, is pondering three separate anti-spam measures.

(You can get the latest status on any of these bills from the Thomas site [18]; search by "Bill/Amendment No." I don't provide URLs here because the search results are cached only temporarily.)

The Murkowski bill as filed has been widely critizized because it puts the burden of filtering spam onto ISPs; one observer called it an "unfunded mandate." Worse, it makes a content-based distinction on the commercial nature of spam. First Amendment advocates consider this a no-no. The Smith bill takes the tack of extending the junk-fax ban to cover advertisements delivered by email.

Torricelli's bill is the most Net-friendly of the three: it aims directly at the worst practices of the spammers. S.875 restricts the harvesting of email addresses, and it requires senders of unsolicited email (including noncommercial messages) to use valid reply addresses, to honor "remove" requests, and to comply with Nettiquete regarding spam. Torricelli's bill also opens up spammers to class-action lawsuits. Sad but true: in the US the quick route to social change often involves appealing to lawyers' remunerative interests.

Six states also have anti-spam legislation pending. Here is a valuable site [19] for tracking both state and federal legislation. Finally, for those who can't wait for legislative relief, peruse this collection of anti-spam sites and resources:

[14] <http://www.clark.net/pub/kfl/ftc.html>
[15] <http://www.senate.gov/~murkowski/commercialemail/EmailBillText.html>
[16] <http://www.jmls.edu/cyber/statutes/email/npa1.html>
[17] <http://www.senate.gov/~torricelli/junkmail.html>
[18] <http://thomas.loc.gov/bss/d105query.html>
[19] <http://www.jmls.edu/cyber/statutes/email/>
[20] <http://www.public.asu.edu/~dtopping/ojen.html>
[21] <http://www.ripco.com:8080/~glr/nojunk.html>
[22] <http://www.cco.caltech.edu/~cbrown/BL/>
[23] <http://www.mcs.com/~jcr/junkmail.html>
[24] <http://www.ctct.com/>


______

The Internet weather report

No, we're not talking climate-type weather here on earth as reported via the Internet. We're talking bitwise weather. Storms in the aether. The ebb and flow, the squalls and bottlenecks on the largest Net backbone carriers. The folks at ClearInk [25], a California "E-vertising" agency, offer the indispensible Internet Weather Report [26]: a quick-loading tabular summary, updated every 15 minutes, of packet loss and "ping" round-trip times from their location to 15 nationwide carriers. At this moment AGIS is losing 8% of the packets ClearInk sends them. Why? Perhaps it's due to the hackings, flames, and vandalism [27] directed against this ISP, the only remaining safe haven for "spam king" Sanford Wallace's Cyber Promotions. (For more on CyberPromo, visit TBTF Threads [28] and follow one of the two spam topics.)

[25] <http://www.clearink.com/>
[26] <http://www.internetweather.com/>
[27] <http://www.news.com/Rumors/0%2C29%2C00.html>
[28] <http://www.tbtf.com/threads.html>


______

Cinnamon, repent

The latest addition to Religion on the Net [29] relates only obliquely to religion: it's a page celebrating the NunBun, a cinnamon bun that emerged from the ovens of the Bongo Java coffee shop, in Nashville, Tennesee, molded into an unmistakable likeness of the good woman of Calcutta [30] -- one of only five people ever voted by Congress to the distinction of honorary citizen of the United States of America, in the company of William Penn and Raoul Wallenberg. Christopher Hitchens reflects pithily on the story in The Nation [31]; his article is entitled "Mother Theresa on a Roll."

[29] <http://www.tbtf.com/religion.html>
[30] <http://www.qecmedia.com/nunbun/>
[31] <http://www.thenation.com/issue/970317/0317hitc.htm>


Notes

bul Joshua fit the battle of Jericho (sometimes spelled "fought" and occasionally "fit de") is a spiritual of American origin. You can get a sense, if only a dim one, of the tune from this soulless rendition [32]. The song tells the Biblical story of Joshua reducing to rubble the walls of a contemporaneous city (from Joshua 4.1 [33]).

[32] <http://www.wizard.net/~dsr/dt106/joshua.mid>
[33] <http://tn.areaguide.com/sr/kjv/josh/4.html>

bul Those of you who have visited TBTF on the Web in the last few days have noticed that I've begun producing this newsletter in daily installments. The Tasty Bit of the Day will be posted on each day by 9:00 am in my time zone (GMT -0400 / -0500). The retro-push (email) edition should be in your mailboxes each Monday morning. This new regime will allow me to begin producing TBTF on a predictable schedule despite my own somewhat unpredictable one.

bul My consulting business now has a name -- The Technology Front -- and a home page -- <http://www.technologyfront.com/>. Do visit if you're curious about what I do for a living or if you think you might be able to use my services.

bul Please welcome The Technology Front's first partner company, Ingenius Technologies, Inc. [34], and check out their javElink [35] service. javElink was reviewed in TBTF for 1997-03-21 [36].

[34] <http://www.ingetech.com/>
[35] <http://www.javelink.com/>
[36] <http://www.tbtf.com/archive/1997-03-21.html>


Sources

bul For a complete list of TBTF's (mostly email) sources, see http://www.tbtf.com/sources.html>.

bul E.Commerce Today -- this commercial publication provided background information for some of the pieces in this issue of TBTF. For complete subscription details see <http://www.tbtf.com/resource/E.CT.txt>.

bul Cryptography -- mail majordomo@c2.net without subject and with message: subscribe cryptography [ your@email.address ] .


TBTF home and archive at <http://www.tbtf.com/>. To subscribe
send the message "subscribe" to tbtf-request@world.std.com. TBTF is
Copyright 1994-1997 by Keith Dawson, <dawson dot tbtf at gmail dot com>. Com-
mercial use prohibited. For non-commercial purposes please forward,
post, and link as you see fit.
_______________________________________________
Keith Dawson               dawson dot tbtf at gmail dot com
Layer of ash separates morning and evening milk.

______