Spineless spammer bids to acquire some backbone

In September TBTF reported [1] that AGIS, the last network refuge of spammers, had jettisoned the scoundrels from its backbone network. Spam-meister Sanford Wallace vowed to return -- though how he could do so was not clear. Now Wallace has announced the formation of Global Technology Marketing Inc. [2], a backbone Internet service provider specifically for himself and his junk-emailing colleagues. (So hated is Wallace on the Net that his announcement triggered massive "collateral damage" [3] -- in the Pentagon-speak of one anti-spam activist -- as Netizens made life difficult for a number of innocent companies and people with names similar to those mentioned in the Spam King's press conference.)

Wallace has teamed with fellow spammer Walt Rines and with an undisclosed third party, reported to be a regional ISP in Nevada.

My guess is that Spamford's new network will be invisible to most Netizens, because reputable networks will not "peer" with him (i.e., agree to exchange traffic). Network administrators around the world are certain to block email from Wallace's domain, if not in fact to shut off all IP connectivity to it.

At the press conference announcing his new initiative, Wallace said, "If this doesn't work, nothing will. If it doesn't go, then that's it for me -- I'm done."

Make it so.

[1] http://www.tbtf.com/archive/1997-09-22.html#s02
[2] http://www.news.com/News/Item/0%2C4%2C16682%2C00.html
[3] http://www.news.com/News/Item/0%2C4%2C16730%2C00.html

A spammer is fined and enjoined from theft of service

A district court judge issued a ruling [4] that spam-haters everywhere will relish, fining a spammer $18,910 and permanently enjoining him from ever again using the domain name of the plaintiff, or (more importantly), ever again misappropriating ANY domain name not owned by him for the purpose of spam.

[4] http://commons.utopia.usweb.com/mailings/rre/spam.judgement.html

Another TCP hole, and an exploit program in circulation

A newly surfaced DoS attack [5], dubbed LAND after the exploit program now circulating on the Net, takes advantage of a hole in the earliest implementations of networking code in the BSD branch of Unix. Many modern TCP stacks are derived from this code and are thus vulnerable to the attack. In a LAND attack a spoofed packet, with the SYN flag asserted, is sent to any listening port on a target machine; the packet is crafted to have the same source and destination IP address. The target machine will either crash immediately, or, in some cases, slow down and gradually drift to a halt. Here is a list of affected architectures as posted to the bugtraq mailing list on the afternoon of 11/21.

  TCP/IP stack                         Vulnerable?
  -----------------------------------  ----------
  AIX 3                                yes
  BSDI 2.1 (vanilla)                   yes
  BSDI 2.1 (K210-021, -022, -024)      no
  BSDI 3.0                             no
  Digital UNIX 4.0                     no
  FreeBSD 2.2.2-RELEASE                maybe
  FreeBSD 2.2.5-RELEASE                maybe
  FreeBSD 2.2.5-STABLE                 maybe
  HP JetDirect Print Server            yes
  HP-UX 10.20                          yes
  IRIX 6.2                             no
  IRIX 6.3                             no
  IRIX 6.4                             no
  Linux 2.0.30                         no
  Linux 2.0.32                         no
  MacOS 7.5.1                          no
  MacOS 8.0                            yes
  NetApp NFS server 4.3                yes
  NetBSD 1.2                           yes
  NetBSD 1.2a                          yes
  NeXTSTEP 3.0                         yes
  NeXTSTEp 3.1                         yes
  Novell 4.11                          no
  OpenBSD 2.1                          maybe
  QNX 4.24                             yes
  OpenBSD 2.2 (Oct31)                  no
  SCO OpenServer 5.0.4                 no
  Salaris 2.4                          no
  Solaris 2.5.1                        no
  Solaris 2.6                          no
  SunOS 4.1.4                          yes
  Windows 95 (vanilla)                 yes
  Windows 95 + Winsock 2 + VIPUPD.EXE  yes
  Windows NT (vanilla)                 yes
  Windows NT + SP3                     yes
  Windows NT + SP3 + simptcp-fix       yes

  Ascend Pipeline 50 rev 5.0Ap13       no
  Cisco IOS 10.3(7)                    yes
  Cisco 2511 IOS ???                   yes
  Cisco 753 IOS ???                    yes
  LaserJet Printer                     no
  Livingston Office Router (ISDN)      yes
  Livingston PM* ComOS 3.5b17 + 3.7.2  no
  NCD X Terminals, NCDWare v3.2.1      yes

What makes this exploit especially dangerous is that it can take out Cisco routers, the devices that join together the majority of the networks comprising the Internet. The bug has simple fixes or workarounds in most architectures. Some affected companies have been posting solutions on bugtraq, such as these recent notes from Cisco [6] and FreeBSD [7]. The bug will continue to be disruptive for some time, until most of the Internet has put into place the platform-specific fixes. We can expect routers to be bullet-proofed first, as network administrators concentrate on the parts of the Net where such a bug could do the most damage.

[5] http://www.wired.com/news/news/technology/story/8707.html
[6] http://www.geek-girl.com/bugtraq/1997_4/0360.html
[7] http://www.geek-girl.com/bugtraq/1997_4/0361.html

The company patches a problem before news of it spreads on the Net

Microsoft has announced a fix for a new security / privacy hole in Internet Explorer, dubbed "Page Redirect" [8], before its existence was widely known. I for one hadn't seen any mention of it. Perhaps Microsoft uncovered the bug in their own testing. For this reason I'm not adding Page Redirect to the TBTF list of 1997 MSIE security exploits [9]. The bug affects MSIE 3.02 and 4.0 on Win95 and NT only; it allows a malicious Web site, in certain circumstances, to capture a user's login information. The fix is available from Microsoft's security site [10]. Incidentally, at the top level of that site [11] the visitor is presented with this rather alarming list of links to recent IE security problems:

[8] http://www.news.com/News/Item/Textonly/0%2C25%2C16720%2C00.html?pfv
[9] http://www.tbtf.com/resource/ms-sec-exploits.html
[10] http://www.microsoft.com/security/redirect.htm
[11] http://www.microsoft.com/security/

Real data on the prevalance and frequency of Net probes and attacks

Two Texas security companies have released a report on Internet security incidents that is, for the first time, based on analysis of the actual datastream instead of on interviews with humans. NetSolve (Austin, TX) operates a monitoring service called ProWatch Secure based on the NetRanger intrusion-detection software developed by Wheelgroup (San Antonio). The report [12] summarizes 556,464 "alarms" (Net attacks or probes) recorded over 5 months, from May to September 1997, in the customer base of NetSolve. The report does not say how many sites were monitored. Among the conclusions:

• For monitored customers, attempts to gain unauthorized access to corporate networks ranged from 0.5 to 5 instances per month.

• Corporations with e-commerce applications, such as permitting customers to order products via the Internet, fell on the high end of the range.

• Every monitored site experienced either an attack or a heavy probe an average of once per month over the course of the survey.

The report clearly shows the effects of the distribution of exploit kits such as LAND (see above) and smurf: this software puts the ability to disable or attack corporate networks into the hands of a vast army of unsophisticated wannabe crackers the report dubs "script kiddies."

Because this survey is the first of its kind, the authors aren't able to discuss trends in the number and kind of Net attacks; such analysis is promised for follow-on reports.

[12] http://www.wheelgroup.com/netrangr/PWS_survey.html

The US govenment, by its own rules, should not be buying any computer systems built around the Pentium II

A 1993 Executive Order bans the federal government from purchasing computer systems that don't meet the EPA's Energy Star guidelines. As it turns out, the Pentium II chip consumes so much power that an Energy Star compliant system cannot be designed around it. The government continues to buy Pentiom II systems, of course. These assertions were carried on the Apple evangelist mailing list [13], where posters have a direct interest in encouraging the spread of an alternative technology whose underlying chip is not only Energy Star friendly, but is also more powerful than the Pentium II. The original poster, Kurt Dikkers <dikkersk at i1 dot net>, points to a source in the magazine Federal Computer Week [14], but only some of its articles are available online and I couldn't locate this one among them. Thanks for the tip on this story to Fred K Barrett <fbarrett at world dot std dot com>.

[13] http://public.lists.apple.com/lists/evangelist/msg00602.html
[14] http://www.fcw.com/pubs/fcw/fcwhome.htm

Then how about browser history, cache files, server logs?

A small independent newspaper has sued [15] the Tenessee city of Cookeville for refusing a request to examine the cookie files from city employees' computers [16]. The Putnam Pit, a self-described "fun little watchdog paper that is very irreverent and acidic," and its publisher Geoff Davidian, argue that the cookie files should be public records under the laws of Tennesee. Davidian wants to examine the cookie files to determine

There is no legal precedent on the question of the privacy protections, if any, accorded to these kinds of files from public employees' computers. Davidian compares cookie files to the phone records of civil servants, which are routinely made available for public examination. Lawyers for the city of Cookeville say that cookie files are more like working notes scrawled on paper scraps, exempt from public scrutiny. TBTF will be watching this case for you. Thanks to Gregory Alan Bolcer <gbolcer at gambetta dot ics dot uci dot edu> for the pointer.

[15] http://mediainfo.elpress.com/ephome/news/newshtm/stories/110797n4.htm
[16] http://www.putnampit.com/hoards.html

By the time DEC gets down to its core competencies there may be no-one left but Dilbert

Last January I reported what was already a year-old rumor: that Compaq might be looking to acquire Digital Equipment Corp. [17]. Soon thereafter Compaq picked up Tandem and I assumed the rumor was at an end. It's back, though, resurrected last Friday by a Wall Street newsletter [18], with little apparent effect on the stock of either company. Another persistent Digital rumor, this one with more substance behind it, is that the company is about to sell its network business to Cabletron [19]. (A mutated version says the suitor is AT&T.) Finally, here is a phony press release [20] reporting on the ultimate attempt to reduce the company to its "core competencies."

[17] http://www.tbtf.com/archive/1997-01-11.html#s06
[18] http://www5.zdnet.com/zdnn/content/zdnn/1121/244639.html
[19] http://www.zdnet.com/zdnn/content/reut/1120/243880.html
[20] http://www.tbtf.com/resource/dgtl.html
[20a] http://www.news.com/News/Item/0%2C4%2C16787%2C00.html

Building the Information Age on the bones of the Industrial Revolution

TBTF for 1996-10-31 [21] sketched the information revolution following in the footsteps -- and the trackbeds -- of earlier technological upheavals. Reinforcing this trend is the news [22] that Qwest is well along towards building a nationwide, all-fiber backbone in the rights-of-way provided by railroads trackbeds.

[21] http://www.tbtf.com/archive/1996-10-31.html#s09
[22] http://www.internetnews.com/Reuters/qwest.html

Empty space churns with unseen activity, but can we tap its energy? Probably not

The current Scientific American features an article [23] on attempts to exploit so-called zero-point energy, or vacuum energy: a phenomenon in which pairs of "virtual" particles are continually being created and destroyed below the cloak of Heisenberg uncertainty. The effect was predicted by students of quantum theory earlier in the century. Einstein expressed a profound distaste for such mysteries of the quantum world in his oft-quoted bon mot "God does not play dice." Decades later Stephen Hawking, studying pair production in the vicinity of black holes, rejoined "Not only does God play dice, but He throws them where we cannot see them."

How much zero-point energy exists is a matter of debate. The mainstream view -- that such energy is real but minuscule -- was reinforced recently by measurements of the Casimir effect, an obscure consequence of the vacuum predicted by a Dutch scientist in 1948. Investigators were able to measure the mutual attraction felt by two plates brought extremely close together. The measured force was a nanonewton, equivalent to the weight of a blood cell in the earth's gravitational field.

The subject is a natural attractor for the pseudo-science fringe intrigued by the Dean Drive [24], holding out the promise of unlimited energy from nothing at all. An outfit in Austin, TX called the Institute for Advanced Study has spent the last 10 years investigating devices that claimed to be able to tap the energy of the vacuum; none has stood up under scrutiny.

[23] http://www.sciam.com/1297issue/1297yam.html
[24] http://www.spacedrives.org/wwdeannl.htm

An entertainment site rolls out the welcome mat -- but only for those using Internet Explorer on Windows

We knew it had to happen. This official Star Trek site [25] is the first I've seen that is simply inaccessible to any other platform than Internet Explorer running on Microsoft. I deduce that the site uses ActiveX controls because it checks for the presence of Authenticode, MSIE, and Windows. Those failing any of these tests are treated so contemptiously as to be sent to the limbo of an illegal URL, there to contemplate their miserable lot out of the Microsoft mainstream. (The URL contains a space character.) Running Navigator under an MS OS will get you chided for an "Incompatible Browser" [26], while those running MSIE on a Macintosh get told "Macintosh Browser" [27]. In neither case can they partake of the joys of the main site. As CobraBoy! <tbyars at earthlink dot net> put it, the result is "clearly what results when the two greatest forces of evil on the planet, Viacom and Microsoft, work together." Thanks to John Robert LoVerso <john at loverso dot southborough dot ma dot us> for the first note about the site.

[25] http://startrek.msn.com/
[26] http://startrek.msn.com/gatekeeper.asp?reason=Incompatible Browser
[27] http://startrek.msn.com/gatekeeper.asp?reason=Macintosh Browser

TBTF home and archive at http://www.tbtf.com/ . To subscribe send
the message "subscribe" to tbtf-request@world.std.com. TBTF is
Copyright 1994-1997 by Keith Dawson, <dawson dot tbtf at gmail dot com>. Com-
mercial use prohibited. For non-commercial purposes please forward,
post, and link as you see fit.
_______________________________________________
Keith Dawson    dawson dot tbtf at gmail dot com
Layer of ash separates morning and evening milk.