NETWORK ATTACK TREND ANALYSIS: WHO HACKS WHAT HOW
ProWatch Secure, a security company that markets network intrusion
detection and prevention software, has reported on five months' worth of
security hacking attempts. They looked at 556,464 "security alarms" from
May to September of this year. The write-up is somewhat peppered with
market speak and self-promotional prose, but the results look solid.
ProWatch's customers suffer serious hacking attacks 0.5 to 5.0 times per
month. Unsophisticated attackers using widely available exploitation
scripts to probe a site, known in the biz as "script kiddies", launched the
majority of these attacks. Most hackers attack commercial sites, and 72% of
attacks originate outside the US. You'll find more fascinating details in
the report, part of the indispensable BugTraq site.
<http://www.geek-girl.com/bugtraq/1997_4/0352.html>
KYOTO SUMMIT ON GLOBAL WARMING
A special summit on global warming is currently meeting in Kyoto, Japan.
The World Wildlife Fund (WWF) site has dedicated a section to the summit,
including this informative and entertaining report from one of its
vegetarian representatives: "IF I EAT ANOTHER LETTUCE AND TOMATO SANDWICH,
I'LL JUMP OFF THE ROOF OF THE CONVENTION CENTER!!" Apparently, it's not
easy being a strict vegetarian in Kyoto. Of other resources on global
warming, probably the best starting place is the Pace University Greenhouse
project with abstracts of key science and government reports, text of
treaties, legislative action, information on experts, Web links, and a
mailing list. Since science demands that we always question everything -
most especially prevailing orthodoxy - also read "Global Warming: Inventing
an Apocalypse" by Kevin McFarlane, an unabashedly skeptical 1994 report for
the Libertarian Alliance.
WWF: <http://www.panda.org/>
Pace: <http://www.nyt.com/library/national/120197resources.html>
Apocalypse: <http://www.aloha.net/~pjc/green/globalwarm.html>
THE PUMPKIN OF NOTRE DAME - UMM, OF CORNELL
Remember that pumpkin skewered on top of Cornell's bell tower? Not wishing
to place anyone in danger to remove it, Cornell's administartion decided to
wait for it to rot and fall off. It's still there. Cornell officials have
placed barricades and warning signs at the base of the tower warning of
falling pumpkin. Cornell students have also decorated the area with small
jack-o-lanterns - some looking up in horror at the plight of their sibling,
others with "Jump!" signs. As you you might expect, someone's finally
gotten around to putting a Web cam on the pumpkin, though not - to our
disappointment - on the crowd below. The squashkebab isn't the ponderous
gourd you might expect, and it shows up as a mere speck on the Web cam, but
you can spend days here waiting for it to drop.
<http://pumpkin.library.cornell.edu/>
THE WINTER-SOLSTICE-SUNSET-IN-A-5,000-YEAR-OLD-CAIRN CAM
Ancient Europeans often constructed megaliths and cairns so that they'd
align with astronomical events. For scientific reasons, a camera is
recording the winter solstice sun at one such cairn in Orkney, Scotland,
and of course somebody came up with the brilliant idea of turning this into
a Web cam. Broadcasts are scheduled for December 10 to 22, everyday between
14:30 and 15:15 GMT. <http://www1.tip.nl/~t755096/maeshowe/eng/press.htm>
By all measures of success, the Pathfinder mission to Mars was a triumph of
technology and science. The mission team lost touch with the little lander
on October 6, probably due to the batteries succumbing to the cold Martian
environment. Even so, the probe lasted over three times its designed
lifetime and returned a wealth of scientific information. The team will
keep trying to contact the craft periodically, but must give up time on the
space tracking network to other space missions. The Pathfinder team has
posted a press release which neatly sums up the achievements of this
mission. <http://mars.jpl.nasa.gov/mpf-pressrel.html>
This week, over 120 nations are signing an international treaty to ban land
mines. The catch is that the signatures of major powers China, Russia, and
the US are conspicuously absent. Will the treaty be worth the paper it's
written on when the elephants dance? In any event, if you've ever wondered
what an international treaty looks like you can check out the prose at this
site. All in all, it's a remarkably short document for such a large
subject. <http://www.vvaf.org/landmine/us/updates/events97/treaty9_29.html>
SECURITY ALERT: "LAND.C" DENIAL OF SERVICE ATTACK
A new hole in certain implementations of TCP, the underlying connection
protocol of the Internet, makes certain operating systems and sites
vulnerable to a crippling denial of service attack. You can work around the
problem by properly setting up your network. More alarmingly, certain Cisco
routers - the major hardware glue holding the Internet together - are at
risk. Cisco has a page with extensive information on the problem. For other
technical discussion of the bugs go to the BugTraq list and look for
threads with the string "Land" in them. CNet has also published a good
plain-language article about the bug.
Cisco: <http://www.cisco.com/warp/public/770/land-pub.shtml>
BugTraq: <http://www.geek-girl.com/bugtraq/1997_4/>
CNet: <http://www.news.com/News/Item/0,4,17009,00.html>
PGP ACQUIRED BY NETWORK ASSOCIATES
Pretty Good Privacy, founded by Phil Zimmermann, the legendary author of
PGP encryption software, has been bought for $35 million by Network
Associates (NA), a company which actively promotes key recovery. Privacy
advocates and cryptophiles, a paranoid bunch at the best of times, are now
worried that future versions of PGP will no longer be trustworthy should NA
make secret deals with law enforcement to incorporate stealthy key recovery
Phil's testimony before Congress. NA is a member of the Key Recovery
Alliance (KRA), a lobbying organization promoting key recovery products.
PGP: <http://www.pgp.com/>
NA: <http://www.networkassociate.com/>
KRA: <http://www.kra.org/>
Lest you had doubts that even the innocent get hurt in the Spam Wars,
here's a cautionary tale of friendly fire. After his most recent ISP booted
Sanford Wallace, the Spam King started up Global Technology Marketing Inc.
(GTMI) to create a spam-friendly Internet backbone. The only trouble is
there's more than one company called GTMI. Ever zealous anti-spam radicals,
shooting entirely from the hip, located GTMI - in fact, any and all
companies named GTMI - and started harassing employees without bothering to
verify whether Sanford was their boss. Several innocent people wound up
taking phone threats and hate mail from anonymous and clearly clueless spam
fighters. CNet has the story.
<http://www.news.com/News/Item/0,4,16730,00.html>
ULTIMA ONLINE UBER-HACK: GAME SERVERS EMULATED
In NSD 3.34, we told you about Ultima Online, an ambitious online game
environment capable of simultaneously sustaining thousands of players in a
faux-medieval virtual world. The game has succeeded phenomenally, despite
startup problems. It's been so successful that Marcus Rating, a 19-year-old
German student, hacked together a game-server emulator that basically
simulates the multimillion-dollar software investment which runs Ultima's
world - only two months after the game came out of beta. Rating and a
Canadian company planned to open their own Ultima servers when Origin shut
down the attempt, apparently in a friendly manner. Read the story at
Gamespot. Check out Wired for a story about Ultima players' virtual
protests of problems with the game.
Gamespot: <http://headline.gamespot.com/news/97_12/03_offline/index.html>
Wired: <http://www.wired.com/news/news/culture/story/8545.html>
Ultima: <http://www.ultimaonline.com/>
We're usually too busy to delve into trivia, but Trivial Net challenges
Webophiles, computer geeks, and anyone else who has regularly touched a
keyboard since the early 1980s. One component of Trivial Net is an
interactive Web game. Each game consists of ten mostly multiple-choice
questions. In our first game, we scored 7/10 and were awarded the title of
"Mad Hacker". In our second, we scored 3/10 and were described as "Slightly
Nerdy". Shucks! Your chances may be better if you've seen a few classic SF
movies or you hang around disgruntled and verbose network administrators
and Mac and Unix folk. Your only prize is satisfaction and cheap
entertainment. You can also sign up for a mailing list that sends you one
trivia question every weekday. <http://www.trivial.net/>
HTML ELEMENTS EXPOSED (IN A GOOD WAY)
If you create Web pages, you'll want to bookmark this one. The Compendium
of HTML Elements makes an excellent resource for HTML writers, offering an
organized reference manual. You'll get a complete listing of all HTML tags,
organized alphabetically, with links to detailed pages for each tag.
<http://www.htmlcompendium.org/>
ISLAND - the Internet Source for Learning and New Development - succeeds
despite the cheesy acronym (and our cheesier headline). Snap up a free user
account and start creating a Web site with the information provided. While
this sounds like painting by numbers for the Net, it actually shows,
clearly and without patronizing, just how to feel comfortable with not only
navigating the Net, but getting your hands dirty.
<http://library.advanced.org/10021/>
ARCHETYPAL ARCHITECTURE FROM MEDIEVAL CHARTRES
Gothic Dreams approaches the Cathedral at Chartres as not just an example
of architecture but the embodiment of learning and ideas. It guides us
through stained glass rosettes, flying buttresses, gargoyles, statues, and
vaults, and introduces Chartres' contemporary European and modern American
cousins. With particular emphasis on the use and diffusion of light and the
art of anonymous craftsmen who coaxed gentle-eyed saints and grand open
spaces from stone, Gothic Dreams' implicit homage to Joseph Campbell
intentionally leaves much of the interpretation to us. The site is laden
with images - 30 and more to a page in some spots - from Chartres,
Canterbury, Notre Dame de Paris, Salisbury, and St. Patrick's cathedrals,
but it's worth the downloading. Reserve time to devote to this site and its
ideas. <http://elore.com/elore04c.html>
ALL THE FUN OF AN ARTIST COLONY WITHOUT THE BERETS
Structured like a real colony, the Virtual Colony offers artistic talent a
slightly different place in cyberspace than the typically right-brained
gathering sites. Working with the spatial metaphor, the Colony routes its
visitors into the familiar options of Gallery, Reading Room, or Concert
Hall, depending on the chosen medium of the artist. These virtual spaces
themselves describe a little about the artist, both through words and page
layout, before presenting the work. <http://www.virtualcolony.com/>
ART MADE OF MONEY - AND TAX ADVANTAGES
At this site, you can view the cool work of Barton Benes, an artist who
uses currency to create imagery. Then buy and donate the art to a worthy
cause, so you can enjoy a nice little tax deduction.
<http://www.artshelter.com/>
With this issue come reviews of "Signal to Noise" (fiction by Carla
Sinclair), "Web Authoring Desk Reference", "Intranet Security: Stories from
the Trenches", and "Office 97 Annoyances".
<http://www.netsurf.com/nsd/books/book.03.39.html>
NETBITS'S WEEKLY BOOSTER SHOT FOR THE ONLINE CROWD
Whether or not they realize it, most Net-savvy citizens have read an
article by Glenn Fleishman and have a volume on their bookshelves authored
by Adam Engst, the two collaborators whose latest brain-child is NetBITS, a
free e-weekly available via the Web or e-mail. The press release claims
that NetBITS's "editorial mission is to succinctly present information
needed by anyone who spends significant amounts of time on the Internet,
whether for professional or personal reasons". Succinct is the key word. It
takes less than 15 minutes to soak up the contents of the week's Internet
news, doesn't tax the brain cells, and still allows time to get in a quick
game of Quake during the lunch hour before the boss walks in.
<http://www.netbits.net/>
Feeling tired? Blue? Got Pre-christmas Post-thanksgiving Stress-related
Weight-mood Fluctuation Syndrome? Janine Smith's Jzine humor and story page
may be just the Prozac your tired soul needs. The jokes and stories, both
fiction and fact, should distract and entertain netsurfers worn out from
holiday shopping. <http://www.jzine.com/>
ALL THE TECH NEWS THAT'S FIT TO LINK
Technical news junkies, have we got a treat for you! The Andover News
Network offers the latest on what's happening in the world of technology,
categorized by subject. There's an AppleWatch, HardwareWatch,
Internet-Watch, JavaWatch, and many more. Other features include a Cool
Tool of the Day link, which reviews new software, and FreeCode, which
offers an archive of free source code. <http://www.andovernews.com/>
NewsWorks' search engine lets you sift the contents of more than 100
newspapers. A handful of preselected features and news articles in a
variety of topics greet you immediately. One example we read focused on
Media Madness: "Those chasing nanny Louise Woodward have forgotten the
sober talk that followed Diana's death." <http://www.newsworks.com/>
The Ultimate TV site is - well, the ultimate in TV. You get daily TV news
(with such earth-shaking announcements as "Beavis and Butthead take final
bow") and features. The features include topics such as "The Problems with
'C16'" and an interactive poll. The dog ate the TV Guide? You can check
your listings for tonight in different areas, and search the site, too.
Other sections include US TV, World TV, and, of course, the Ultimate TV
Show list. <http://www.ultimatetv.com/>
AMERICAN MUSEUM OF NATURAL HISTORY CELEBRATES 125 YEARS
The Star of India, a tattered US flag, ammonites, the dodo. Varied in
origin, medium, significance, and age, all they have in common is their
current address at the American Museum of Natural History. Judged to be
among the museum's most prized and representative possessions, they're part
of an exhibition celebrating the museum's work over the past 125 years. At
the forefront of exploration as well as acquisition, the museum also
presents artifacts that were unearthed during its own expeditions -
including an entirely unique unhatched dinosaur embryo. We can only imagine
the heartaches curators suffered, tasked with selecting 50 representative
artifacts from such a rich and diverse inventory. Generous notes accompany
each item, detailing its intrinsic significance and its importance in
relation to the museum's collection and mission.
<http://www.amnh.org/Exhibition/exped.html>
A federal agency whose existence depends on public image has given us a
wonderful catalogue of planetary photographs. NASA's Image Access home
page, Planetary Photojournal, awesomely culminates decades of research and
exploration. At last visit, this collaborative database contained 850
images, and it's growing. Pick a planet or moon and a NASA mission and go
for it. Navigation is logical and quick, the quality of the online images
excellent. Color photos relayed from Viking 2 on the surface of Mars in
1976, for example, seem as fresh and sharp as those from Pathfinder. You
can order hardcopies from vendors. The first Leif Ericsons and Christopher
Columbi of interplanetary space may remember this mirrored site.
<http://photojournal.jpl.nasa.gov/>
AN AS YET UNGRIZZLED LUNAR PROSPECTOR
Lunar Prospector will leave for the Moon, January 5, 1998. Through this Web
site you can follow the progress of the experiments and observations it
makes, watch its movements, and even monitor the Prospector Instrumentation
panel. Backed by NASA and the major space authorities, this exciting site
furthers the uploading of space exploration onto the Internet. Among the
questions Lunar Prospector hopes to answer is whether water ice exists in
moon craters. The dozens of projects, information pages, and background
data that fill the site make it a fantastic tool for educators - schools
will find much here of great value - and the rest of us.
<http://lunar.arc.nasa.gov/>
Every second, on average five people are born and two people die. You don't
need a calculator to see that Earth's population is growing at what some
consider an alarming rate. To provide a more user-friendly way of learning
about the dynamics of the world's birth rate, France's Musee de L'Homme
(politically incorrect translation: Museum of Man) has created an online
exhibit, enhanced with clever Shockwave graphics. The site allows users to
tinker with the parameters of the displayed statistics, for instance to
calculate the world's population in the year of the user's birth.
<http://www.popexpo.net/english.html>
ReproLine delivers some serious information on reproductive health,
including the latest in contraception methods and family planning. Some
documents are available in French, Portuguese, Spanish, and Russian.
<http://www.reproline.jhu.edu/>
INTERNET EXPLORER 4.0 UPGRADE FOR WIN95, NT
A couple of months after its latest release, the Explorer browser is
getting an upgrade. This release includes bug fixes with some slight
performance enhancements. One of the few new features is better support for
the disabled. Three versions of the update range in size from 13-25 MB. As
usual, you should get this latest release not just for the bug fixes but
for security reasons. <http://www.microsoft.com/ie/>
POISONED TRAP FOR SPAMMER SPIDERS
Those who study organismal biology are intimately familiar with
predator/prey arms races, where each species continually evolves better
measures and countermeasures in the battle for survival. (Go do a search
for the Red Queen Hypothesis.) The Internet happens to be a delightful
little (OK, delightful BIG) ecology in which similar arms races rage across
the wires. In this case, it's the spammers and the anti-spammers. The
latest weapon for the anti side is a CGI script called "wpoison". When a
spammer's spider visits a Web site to troll for e-mail addresses, this
script will generate huge numbers of bogus addresses, as well as links
which loop around back to the script - and thus takes in more bogus
addresses. The spammer sucks up the bad addresses and hopefully chokes on
the bounces. Watch for the inevitable further escalation of this particular
arms race. <http://e-scrub.com/wpoison/>
The Blacklist Import Wizard, a Windows utility, sucks addresses from a
large number of existing sites that blacklist known spammers. The lists are
consolidated into one large text file which can then be sorted, merged,
checked for duplicates, and sifted with wildcards to generate spam filter
rules for another mail server. Obviously, this is of interest to mail
server administrators. The home site of this software, Unsolicited Email
Resource Center (UERC), not only offers various Windows e-mail tools, it
also has a complete set of links to anti-spam resources all over the Web.
Wizard: <http://www.seattlelab.com/slmail/xtras.asp>
#wizard
UERC: <http://www.seattlelab.com/slmail/uerc/>
Netsurfer Digest Home Page: http://www.netsurf.com/nsd/index.html
Subscribe, Unsubscribe, Check Delivery Address:
http://www.netsurf.com/nsd/subscribe.html
Frequently Asked Questions: http://www.netsurf.com/nsd/ndfaq.html
Submission of Newsworthy Items: pressrm@netsurf.com
Letters to the Editor: editor@netsurf.com
Advertiser and Sponsor inquiries to: sales@netsurf.com
Netsurfer Communications: http://www.netsurf.com/
Letters to the editor may be printed unless you explicitly tell us not to.
Writers and Netsurfers
NETSURFER DIGEST © 1997 Netsurfer Communications, Inc.
All rights reserved.
NETSURFER DIGEST is a trademark of Netsurfer Communications, Inc.