Where to go on the net to find out about security? Well, start with the Usenix SAGE Security group, Computer Security Institute, a large number of magazines for example "Security For Buyers of Products, Systems and Sevices", A Canhers Publication, Computer Emergency Response Team (the ftp site ftp.cert.org), NIST has a bbs and internet site and has published a set of specs for multi-user operating systems, IEEE POSIX 1003.6 security, mainframe RACF user groups, physical security and disaster recovery. The newsgroup is comp.security.misc

This is unrelated, but don't get Webstalker from Haystack Labs confused with this: From Reuters today Anderson's Alien Theories "X-Files" star Gillian Anderson says she believes extraterrestrials have definitely landed -- and the authorities are covering it up. According to the New York Post, she told Allure magazine that "It would shock the hell out of me if the government had never been involved in a UFO cover-up and if there was not life on other planets." She also said she believes aliens seem hostile became they are projections of our own negative vibrations. She also concedes, "This is going to make me sound like a complete nut."

pgp is an application that offers two main capabilities: encryption and signatures. While pgp is now well known, there is a free service that may not be as well known, that builds on pgp. It is a timestamping service. The basic idea is that when you create a pgp digital signature of a document (it can be text, but could also be a graphic file for example), that you not only sign your name but you also timestamp the signature. However, you could alter the system clock on your computer, and forge the time in order to make it appear that you had signed a file at a different time or date. The timestamping service that I mentioned above is a service intended to allow pgp users to obtain a signature and timestamp applied to their own signature and timestamp. IOW this service provides an independent timestamp that presumably no user can corrupt. As an additional layer of certification, the timestamps also include a sequential serial number, and the sequential serial numbers are apparently published weekly to provide a public record of the timestamps. And so, a user has the additional evidence that their timestamp would be bracketed by two other timestamps that they would not be able to corrupt. The url for this service is: http://www.itconsult.co.uk/stamper.htm

****************************************************************** NUA INTERNET SURVEYS NUA INTERNET SURVEYS NUA INTERNET SURVEYS Weekly free email on what's new in surveys on the Internet By Nua Email: surveys@nua.ie Web: http://www.nua.ie/surveys/ ******************************************************************* July 20th 1998 Published By: Nua Limited Volume 3 No. 22 ******************************************************************** EDITORIAL ******************************************************************** Welcome to another weekly edition of Nua Internet Surveys. This newsletter provides information on surveys and reports on the Internet, and is brought to you by Nua - one of Europe's leading Internet consultancies and developers. The Internet School Filtering Act, sponsored by Senator John McCain, Arizona, recommends that public libraries and schools in the US install filtering software on all machines connected to the Internet. The bill is presented as being about protecting children from stumbling on potentially harmful material. While there is clearly a growing concern among parents for the protection of children online, the bill raises more questions than it answers. The most fundamental questions are: what is harmful material and who decides what is harmful? The proposed bill begs the question, who should monitor children's and in the case of public libraries, adults' Internet activity, the US government or the parents of those children? To what extent can you ask people to behave and have the same views as others? Is blanket legislation realistic? The children that are being protected are most likely to be the children who are naturally more adept at technological navigation and it's likely that they will innovate and find ways to get around filtering software. In addition curiosity is often roused by secrecy. In the case of pornography, while it is universally available on the Net, many sites - perhaps even a majority demand a credit card number upon entry. The majority of material deemed harmful by the majority of people has to be consciously sought out online. If someone, child or adult, is seeking this kind of material out on the Internet then it's not unreasonable to suggest that they will seek it out in physical shops. If they are going to public libraries to access the Internet we can assume that they probably cannot afford their own PCs/Web TV or Internet access or they do not want to use work accounts for private Internet use. Of course this is a generalisation and there are obviously other reasons why one might have to use public computers to go online but public libraries should be just that, public. Those who use public machines to go online are fighting an uphill battle in terms of having equal acess to the most important communications medium of the late C20th and the suggestion that they should be monitored or "babysat" in any way is offensive. There are many problems with this bill, least of all the fundamental assumption that people need to be guided or controlled in some way, be they parents or individuals. In a very quick straw poll of my colleagues in Nua, I asked the following questions, and 15 (about half the staff) took the time to answer. [Has anyone ever been "really offended" by material they came accross online, either through email or surfing?] - Four said yes [Would you advocate blanket legislation for filtering content in public libraries and schools or should it be left up to individuals and parents?] - 12 said it should be left to individuals, 3 were unsure. [Does anyone think that blanket legislation for children's use of the Net is the start of a slippery slope towards controlling people's use of the Internet?] - 15 said yes. We're not a particularly paranoid bunch here at Nua but the unanimous response to the last question provides much food for thought. The implementation of blanket legislation "for the protection of children" is in my mind paranoid on the behalf of those who advocate it. Parents have up until now made their own decisions on what their children should or should not be exposed to, from books to television programmes. Why does the Internet in particular incapacitate that ability to monitor children? What exactly is on the Internet that is not in the physical world? Are parents and teachers who may not be that familiar with the Internet and its culture being scaremongered into thinking that their children will be corrupted if they go online without filtering software? What is the need for filtering software in a public school if there is a supervisor? Should children be left unsupervised by an adult and supervised by software that decides what they can and can't see and that is often prejudiced against minority groups such as gays and lesbians. What do you think? Is mise le meas, Sorcha Ni hEilidhe. surveys@nua.ie

oops...should have been in topic 12...

An amusing trojan horse that may be spreading around the net: http://www.thetopoftheworld.com/spartanhorse

Uh-oh *8-/ http://www.economictimes.com/120199/lead2.htm Red alert issued against US network software Mayur Shetty MUMBAI 11 JANUARY The [Indian] Defence Research and Development Organisation (DRDO) has issued a 'red alert' against all network security software developed in the US. And the Central Vigilance Commissioner, N Vittal, is following up on the warning - he might make it mandatory for all Indian banks and financial institutions to buy only software developed in India. The DRDO's concern about US-developed software stems from one basic insecurity - the data traffic and network security software that comes from the US can be easily hacked into and could prove to be a security hazard. Currently US software vendors can export only those "encryption software products" that can be 'broken' by the US National Security Agency. This makes the quality of the US software exported to India doubtful from a security point of view. In a letter to the CVC, the centre for artificial intelligence of the DRDO, Bangalore, has said that it has begun to develop secure communication tools and will have an indigenous prototype in place in three months. The CVC is expected to wait for the final product before deciding on the action to be taken. The centre has developed software tools that protect wide area networks from hostile attackers. It is also developing software tools for protecting traffic passing through the network. "The encryption part of the software is complete and only the communication protocols remain to be written," the DRDO unit's letter says. "Since the software has been written by ourselves, there is no upper limit on the security level provided by the encryption in the software exported from the USA," it added. Pointing out the defects in imported software, the letter says that the present 'firewall' products on sale by commercial vendors incorporate only rudimentary packet level filtering. These can be compromised easily. It also points out that as per US law, "no encryption software products can be exported from the US if they are too strong to be broken by the US National Security Agency". The letter says: "To put it bluntly, only insecure software can be exported. When various multinational companies go around peddling 'secure communication software' products to gullible Indian customers, they conveniently neglect to mention this aspect of the US export law. "Another related point is that when we buy an imported software product that is a 'black box' to us, we cannot be sure that the software package does not contain a time bomb of sorts, to cause havoc to the network when an external command is issued by a hostile nation." Mr Vittal is also believed to have agreed to this and said he was in favour of working towards developing the indigenous software within three to four months. However, banks are yet to receive any directive from the CVC on this issue. --- # distributed via nettime-l : no commercial use without permission # is a closed moderated mailinglist for net criticism, # collaborative text filtering and cultural politics of the nets # more info: majordomo@desk.nl and "info nettime-l" in the msg body # URL: http://www.desk.nl/~nettime/ contact: nettime-owner@desk.nl