Contents:
Online with the Superhacker
(c) Copyright 1993 by Michael E. Marotta
mercury@well.sf.ca.us
He calls himself "The Knightmare." He is one of a new breed of
computer security crackers. He hasn't read HACKERS by Steven
Levy or Tracy Kidder's THE SOUL OF A NEW MACHINE. He doesn't
particularly like Chinese food and doesn't know too much about
old technology. He hasn't read any books by William Gibson and he
hasn't seen SNEAKERS or LAWNMOWER MAN. But he can break into a
computer system and find out anything he wants to know.
We never met. I've never seen him. We exchanged email. Our
conversation took six days. My 1000-byte questions were answered
with 10K-responses. I used a local commercial site on the
Internet while he came to me from an Ivy League school. Proves
nothing. There's even an internet node in Antarctica now. He
could be anyone, anywhere.
He first used a computer in the fifth grade. "That's when I
became a _computer_ hacker," he wrote. "I've been a hacker all my
life, of course." Today, he programs in C, C++ and Basic on an
IBM PS/1 and a laptop.
I asked him about changes in computer technology. The GUI
(Graphical User Interface) has had two effects. It has made it
easier for anyone to use a computer and it has made it harder for
hackers to get around. With a GUI, you use a mouse to point and
click at something. If a command isn't allowed, there is no way
to call it. You can't hack them.
I could almost hear The Knightmare's keys clacking. "Did
somebody say 'can't'? 'You _can't_ do that'? That's what the
hacker thrives on! If there's no immediate access to a command
system, perhaps there's an account that allows such access. If
not that, there will be hackers who will get in touch with the
people who work at the company, or get a job there themselves."
mercury: "I collect old computer stuff. I have a Scientific
American from 1949, conference proceedings from 1962..."
The Knightmare: "I collect useful stuff that I've found in the
trash (and through other sources). I have a huge collection of
security manuals, including a very nice set from AT&T. I also
have various electronic components, printouts, disks, tapes,
microfiche, books, and in-house journals and directories. Most of
this stuff has been useful in one way or another, sometimes
offering means to a hack; other times, in other ways."
One of the ways it was useful was that it lead him to write
SECRETS OF A SUPERHACKER for Loompanics. It took him a year to
gather his thoughts and a summer to put them out via Wordperfect
for Windows. The book is written in colloquial American, just
the way a smart person would talk. Bill Landreth's OUT OF THE
INNER CIRCLE and the movie WARGAMES typified the 1980s. This
book will join the movie SNEAKERS in defining the 1990s.
He says that his handle doesn't mean anything to him, that he
made it up to play a computer game and that he can't understand
why people confuse him with Craig Neidorf who is known as Knight
Lightning.
mercury: "What would the world be like if everyone were like you?"
The Knightmare: "I don't think I'm doing anything bad; I really
don't. And I have a high sense of moral values. I'm not an
'anarchist techno-guerrilla', and I'm not recommending nor
suggesting nor _teaching_ that behavior. If everyone in the world
were hackers in the broadest sense, we'd be more independent,
more curious, and more concerned with the world--because we would
realize what control we individuals can have over it. But I'm
talking about people who hack responsibly. If people start World
War III or insert your favorite hacker horror story... then
obviously we've got problems.
mercury: "Loompanics hired two different data processing
professionals to review the manuscript for technical accuracy.
What was the result of that?"
The Knightmare: "A good number of comments, questions, and
concerns came up. Usually things were added to the text, to make
it easier to understand. I think it was very helpful to hear
outside comments, because it made the book a better book."
He denies being an anarchist techno-guerrilla but he calls the
NREN data superhighway a "sham... just one more instance of
government trying to control every facet of our lives.... People
all over the world are exchanging information, and the government
is pissed because they don't have the ability to regulate it,
infiltrate it, intercept it, and promulgate their own
fabrications. ...There are plenty of CIA and NSA thugs sitting
around in leather chairs somewhere, masturbating to the thought
of complete and total access to every electronic transmission
nationwide."
Yet, that description applies to hackers, as well. It seems that
what we have is an open competition for access to information.
Call it Spy vs Spy or Pudknocker vs Pudknocker.
mercury: "What do you see as a Good Hack in the year 2001? When
the Net carries video and voice along with data, what
opportunities open up for hackers?"
The Knightmare: "I think satellite-based technologies will take
over those sorts of roles long before corporations and government
can agree on NREN and video transmission protocols and how many
secret police they'll need to govern the highway. I don't think
the technology changes the way hackers work, but it changes what
they will work _on_."
Joseph Weizenbaum is one of the fathers of artificial
intelligence, a pursuit he all but renounced. The Knightmare
has never read COMPUTER POWER AND HUMAN REASON and so he falls
right into the pits marked by Weizenbaum. According to The
Knightmare, "The hacker believes he has the right to be God over
other people's worlds. Your passions supply your life
algorithms. The photographer mentally clicks some snapshots. I
look at a lot of life events AS IF THEY WERE PROGRAMS to be
tweaked, poked at, the bugs removed. But I also see it from
other perspectives as well."
Those other perspectives include playing piano and guitar. When
he writes about music, it sounds like when he writes about
hacking.
The Superhacker: I compose in my head. Sometimes I'll just be
driving or in the shower or something, and a "song phrase" will
pop into my head. I don't know if that's a real concept, but I
define a song phrase as a bit of lyrics and music that works
together perfectly. I sing the phrase so I don't forget it, and I
add on a second phrase or two. Usually I get a couple lines and
then I'm stuck. I repeat those constantly so I don't forget...
(man, I really should practice notation)... then one day I do
forget what I've written. But the next morning I wake up and the
song is just pouncing through my brain. And it just flows out. I
write down the lyrics, sing the song, and its mine. As I keep
singing it and thinking about the finished song, I begin to learn
things like how the bass line should play, and different ways to
add newness to the song.
On the matter of right and wrong, he concedes that other hackers
"will give you any sort of argument to tell you that what they're
doing is okay. Perhaps we're doing it _because_ it's wrong." And
yet he backpedals, claiming to to introspective and moral. For
The Knightmare, morality is not damaging the system you have
just broken into. This is, in fact, in line with the "classical
tradition" of hacking.
According to The Knightmare "Design is rules. Design is thinking.
I don't want to be bothered with pre-planning and pre-design. I
want action and I want it now." (He also hasn't read ATLAS
SHRUGGED.) This underscores the preference that hackers have for
absurdly powerful handles like Doktor Deth and The Grim Reaper.
Hackers are in fact nerds. It's just that they are seldom
constrained by any pretense of morality. Cyberspace is a new
world and in it the hacker is a datalord, a baudrate barbarian
who takes what he wants.
The Knightmare: "I always stumble across little leads and ideas
to get into systems, like maybe I wake up one day and realize
I've never broken into the New York Stock Exchange computer
system. So my goal for the day becomes, 'break into NYSE'. In
short, I hack a particular system because I see an experience
I've never had before.
mercury: "Is there some way that finding the New York Stock
Exchange computer network is like writing a fortune cookie
program in 20 bytes?"
Knightmare: "A person who writes tight code has much in common
with a person who breaks into computers, but there is a big
difference too, sure. We can call both people 'hackers', and
they'll be happy you called them that. All hacking, no matter if
it's good or bad, hacking or cracking, all hacking is connected
in that regard."
The Knightmare wants people to learn from him how to break into
systems. Then they can understand how to protect their own. He
intended his work start from the wrong side of the law. He
knows that his SECRETS OF A SUPERHACKER is "a really great book"
because it includes anecdotes that reveal what's beneath the
surface, the unseen, and because it provides "the resources to
continue on your own after the book is over."
The Knightmare's first hack involved guessing a password by
looking around a grown-up's office, seeing a calendar with boats
on it and trying BOAT. He prides himself on his empathic ability
to put himself in your shoes and feel what was going through your
mind at the time. Silly as this sounds at first, it is indeed
the intuition that deftly turns a genius onto the correct track
of an investigation.
He flatly denies relying on the grinding trial-and-error
described in THE CUCKOO'S EGG and CYBERPUNKS. At one point he
interrupts himself in lieu of interrupting me -- a quirk of
working via email, where immediacy is lost. He emphatically
denies once more ever relying on repetitious trial and error.
Then he denies the denial.
mercury: You deny relying on the grinding repetition of trial and
error so stereotypical of hackers.
The Knightmare: No I don't! I don't deny that at all! Sometimes it
is necessary to repeatedly try things until something finally
works. ... And some of them might have to be repetitions
themselves. We try not to do that. You're right, traditionally we
think of hackers grinding away at the computer. But look, part of
being a hacker is that you want to use the computer in the
fastest, most efficient way possible; like you said, generating a
small program was your favorite hack. Efficiency in action is as
stereotypical as its opposite that you mention.
mercury: Would you call hacking an art?
The Knightmare: No, I wouldn't call it an art unless the hacker
wants to call some growth of his hacking "art".
mercury: "Do you see a future for hacking?"
The Knightmare: "Sure. Maybe it won't be computers. Edison hacked
the light bulb, and aren't you glad he did? There's always
something to hack. Sometimes there's something new."
mercury: "Your book is going to wake up a lot of people. Would
you say that after 1995, any system you _can_ break into isn't
_worth_ breaking into?"
The Knightmare: "But you don't know if you can break into the
system until you try! That means there will always be systems to
hack, and there will always be hackers to try their hands at
hacking those systems."
-30-
"That's a thirty," said Les Nessman.
The Government and Inspiration
by Michael E. Marotta
(C) Copyright 1994 by The Freeman: Ideas on Liberty
Irvington on Hudson, New York
In his monograph, "Edison," published by the Newcomen
Society in 1948, Gen. David Sarnoff, then president of RCA, said:
The Government is to be congratulated for the
encouragement which it is giving to the advance
of science through the scientific training of
young men and young women in colleges,
universities and research institutions throughout
the country. If out of the thousands of young
men and women who are now pursuing scientific
studies, there emerges one Edison, then the
millions of dollars being devoted to their
training will be well worthwhile.
It has been over 40 years since this pronouncement and still
no Edison has emerged -- at least not from the government-funded
universities. It is well-known that Edison was not happy in
school. He was taught at home because the publicly-funded
teachers found him untrainable. For today's student, college
education is driven by homework and tests.
Edison claimed that genius is 99% perspiration. His former
employee and lifelong competitor, Nikolai Tesla, said that if
Edison were tasked to find a needle in a haystack, he would
examine each straw in turn until he found the needle. This can
be taught. Meticulous, grinding, repetitive labor is very much a
part of most schoolwork. Yet the other 1%, the inspiration,
cannot be taught. Without that spark of genius, there is no way
to know what a "haystack" is, and why finding a "needle" would be
exciting.
Since 1985, I have worked as a community college teacher and
a corporate trainer. I can show proof positive that I have
helped people learn to use technology. Yet, I cannot imagine any
way that any teacher in any school can "train" someone to be an
Edison. A million smart young people cannot be collected into a
single mastermind. Edison was a once-in-a-century genius who
cannot be created by government fiat.
Software Viruses: A menace with potential for good
by Michael E. Marotta
(C) 1989 by DG REVIEW (now defunct)
A virus is a computer program that makes copies of
itself. The genesis of self-replicating programs is not without
amibguity. Several programs invented over the last 30 years
could have lead to the kinds of software which today are called
viruses.
At Bell Labs in the early 1960s, M. Douglas McIlroy
developed a game called "Darwin" in which opposing programs
attempt to write copies of themselves within a pre-defined area
of main memory.
Also in the 1960s there came to be two programs on the
ARPANET facility. (ARPANET is funded by the Department of
Defense to allow computer users at different univerities to share
resources.) "Creeper" was a program that would duplicate itself
every time it was run. It became such a nuisance that another
program called "Reaper" was written to find and destroy
Creepers.
These concepts spread slowly. For 20 years, it was an
arcane pastime for sophisticated programmers.
In the early 1980s Fred J. Cohen used DEC computers (a
poor choice, indeed!) running UNIX to create viruses. In his
doctoral dissertation, Cohen credits Dr. Len Adleman[1] with
coining the term "virus" to describe the software that Cohen
created. According to this model, a virus does more than just
reproduce itself. A virus must be able to identify a program
which has already been infected. (Lifeforms do not generally
compete against themselves.) Also, a true software virus does
not kill its host program immediately. The host must function
normally for some arbitrary period for further infection to
occur. Cohen's dissertation is considered a seminal work in the
theory and use of self-replicating programs.
The May, 1984 issue of SCIENTIFIC AMERICAN carried an
article in its Computer Recreations column about "Core War".
Core War is a game (based on Darwin) that is played out by
competing programs, each of which seeks to destroy the other.
Self-replication is a battle tactic in this game.
The November 4, 1985, issue of TIME carried an article
entitled, "A Threat from Malicious Software" which mentioned
viruses along with news of other security violations. In late
1987, the current spate of viruses began with the release of the
"Lehigh University virus" which infected the COMMAND.COM file of
IBM-PC compatibles. On September 28, 1988, computer viruses made
the cover of TIME.
The book COMPUTER VIRUSES: A HIGH TECH DISEASE by Ralf
Burger presents a somewhat different history. Burger cites a
paper on mathematical models of epidemics (1957), an ACM article
on how virus functions can be used to enhance the APL language
(1974) and also the work of Fred J. Cohen.
Writing in the March, 1989, issue of SCIENTIFIC
AMERICAN, A. K. Dewdney disavowed any link between his earlier
article and the current spate of viruses. Dewdney also accepts
the Cohen model for viruses.
However you trace the geneology it is clear that once the
IDEA of a self-replicating routine was transmitted from one
programmer to another it was only a matter of time before they
became well-known. This concept circulated within a fairly
closed set of self-styled system "gurus" or "hackers". Then came
personal computing.
Today the IBM-PC product line is considered "industry
standard". (As one announcement put it "IBM Compatibility Sets
Data General Apart".) Based on the Intel 80xx and 80xxx
microprocessors, these computers are widely used and their
internals are well-known. There are other brands, of course.
Generally, educators lean toward the Apple II while graphic
artists like the Macintosh. The Commodore Amiga and Atari ST
line are favored by the typical teenage game-player. The
Macintosh, Amiga and Ataris ST all run on the Motorola 68xxx
processor and have been called the MAST family.
Given the popularity and compatibility of the IBM-PC
compatibles and the MAST line, it is no wonder that viruses have
spread so quickly. As viruses have spread, so have antidotes.
UNPATENTED MEDICINES
To combat the COMMAND.COM virus that infects MS-DOS
environments, Ross M. Greenberg (Software Concepts Design 594
Third Avenue New York, New York 10016 (212)-889-6438 - 24 hr.
BBS, 2400/1200,N,8,1) wrote FLUSHOT. FLUSHOT checks all files
with BAT, SYS, EXE, and COM extensions. It specifically targets
four key programs: AUTOEXEC.BAT; COMMAND.COM; IBMBIO.SYS; and
IBMDOS.SYS.
Steve Tibbett (2710 Saratoga Pl. #1108 Gloucester, Ont.,
K1T 1Z2, Canada; OMX BBS, 613-731-3419) wrote "VirusX" and as
antidote for users of the Commodore Amiga.
These programs are "shareware". They can be used for
free and be purchased for less than $100 each. There are other
"vaccines" available. Commercial programs to combat viruses can
cost more than $1,000. COMPUTER VIRUSES by Ralph Roberts
examines over 20 such products for the IBM-PC and MAST computers.
It is not known that any of them is inherently better than the
labors of love developed by desktop hackers. In fact, it might
be said that among the plagues unleashed is the flurry of
expensive solutions, including seminars at $600 per seat.
The best example of an overblown claim for curing
software viruses comes from the Soviet Union. In January of
1989, Sergei Abramov of the USSR Academy of Sciences announced
that a virus had been found the previous August at the academy's
Institute of Program Systems and that computers in at least five
other institutions had been infected. In response to this, they
have announced the existence of "PC-Shield" a "state secret"
which counters the "15 known" viruses.
Naturally, American governments have gotten into the act,
also. In Illinois, House Bill 794 would amend the Criminal
Code to "include within the offense of computer tampering
the accessing of one computer and causing destruction of any
other computer, its program or data." Also, House Bill 498,
introduced by Ellis B. Levin (D-Chicago), would amend the
Criminal Code to define as a felon anone who "knowingly:
inserts into a computer program information or commands which,
when the program is run, causes or is designed to cause the loss,
damage or disruption of a computer or its data, programs or
property to another person; or provides or offers such a program
to another person."
There are also two bills in the federal House of
Representitives. H.R. 55, sponsored by Wally Herger of
California and over 30 of his colleagues, is called the "Computer
Virus Eradication Act." The bill targets anyone who
"knowingly
(A) inserts into a program for a computer, or a
computer itself, information or commands, knowing or
having reason to believe that such information or
commands may cause loss, expense, or risk to health or
welfare --
(i) to users of such computer or a computer on
which such program is run, or to persons who
rely on information processed on such computer;
or
(ii) to users of any other computer or to
persons who rely on information processed on any
other computer; and
(B) provides (with knowledge of the existence of such
information or commands) such program or such computer to
a person in circumstances in which such person does not
know of the insertion or its effects"
It is not clear how passing this law will "eradicate" viruses,
but it sounds good to the voters back home, no doubt.
Also introduced in the 101st Congress was H.R. 287
(McMillen, Maryland), the so-called "Computer Protection Act of
1989". This proposed law would set imprisonment for up
to 15 years for
"Whoever willfully and knowingly sabotages the
proper operation of a computer hardware system or
the associated software and thereby causes the
loss of data, impaired computer operation, or
tangible loss or harm to the owner of the
computer"
Again, it sounds good on the surface, perhaps. Yet there is no
telling how this proposed law would be applied against the
student in FORTRAN 101 who blunders into an infinite loop.
The inability of legislation to effectively deal with
technological problems is probably one reason that one "anti-
virus law" was never introduced. In late 1988, various computer
industry news sources reported that Michigan state senator Vern
Ehlers, Ph.D. (R-Grand Rapids) intended to introduce a bill that
would provide felony penalties for anyone who willfully or
accidentally programs a virus into a computer. The news media
failed to report that this bill was not actually introduced.
There have been rumors that Ehlers will introduce this bill in
the second session of 1989, which convenes in September.
ETIOLOGY OF THE DISEASE
Hermits do not catch communicable diseases. The IBM-PC
and other personal computer systems are often the hosts for
software viruses because these are all well-known to hundreds of
thousands of inquiring minds. The virus [2] which struck ARPANET
in November of 1988 depended on the UNIX operating system, an
environment which purposely seeks universality.
Steven Levi's book HACKERS tells the story of how the
"hands on imperative" spread from MIT to the home computerist.
The generalizations are basically correct. Computing fills a
void for many young males who find computing to be a path for
expressing their efficacy. There must be something admirable in
this. As Ralf Burger puts it: "How are we to judge a programmer
when he puts his intellect into a binary pattern and sends it on
a journey with the task of reproducing and competing against what
it finds 'outside' in the real world?"
Personal computers are designed for and purchased by
people who want to get their hands on the system. While it is
surely true that there are many people in the business world who
use desktop computers only because they are paid to, the fact
remains that the microcomputer is a world apart from the MV line.
Broadly speaking, Data General equipment is sold by OEMs
who provide solutions. The teller at a credit union, the
clerical worker for a township and the warehouseman at a
furniture store generally lack the ability to run AOS/VS through
DEBUG to find out how it works. This is one reason why viruses
have not yet presented a serious problem in the DG environment.
To date, there is no documented occurance of a virus at an
installation of DG MV machines. However, it is only a matter of
time before your computer system becomes the host of a computer
software virus.
In Cohen's experiments, programmers with an "average"
understanding of their craft were taught the principles of
viruses. Also, more adept systems programmers were involved. The
time required for creating crude or sophisticated viruses was
shown to require from 26 hours to two weeks.
Cohen's programs were written in Fortran, Assembler and
operating system command languages. His dissertation gives
source code in muLisp; he also shows how a virus can be created
under MS-DOS with a *.BAT file that calls a C program. Ralf
Burger's book provides source code in Microsoft Assembler, Basic
and Pascal. Burger also provides a listing for an MS-DOS *.BAT
file. It is apparent that any language can be used.
ONE RING TO RULE THEM ALL
The AOS/VS operating system is modeled after a set of
concentric rings. According to Tracy Kidder's THE SOUL OF A NEW
MACHINE, this idea was incorporated into the MV line by Steve
Wallach who borrowed it from the MULTICS operating system used
at MIT. Kidder explains it this way:
"Picture an army encampment in which all the
tents are arranged in several concentric rings.
The general's tent lies at the center and he can
move freely from one ring of tents to another.
In the next ring out from the center live the
colonels, say, and they can move from their ring
into any outer ring as they please, but they
can't intrude on the general's ring without his
dispensation. The same rules apply all the way
to the outermost ring, where the privates reside;
they can't move into any ring inside their own
without permission."
The AOS/VS programmer's manual has this to say about rings:
"The eight segments (with their associated rings)
are hierarchically arranged: Segment 0 has the
greatest ability to alter or access the contents
of other segments and is afforded the greatest
protection by Ring 0. Segment 7 has the least
ability... Segment 0 contains the kernel of the
AOS/VS operating system, while Segment 7 is
reserved for user programs....Rings 0 through 3
are the system rings, while Rings 4 through 7 are
the user rings....Ring 7 is the default user
ring. However, you can load a program into one
of the other rings by using the ?RINGLD system
call."
The power a virus has is determined by the rings it can access.
It is possible for a virus to find a healthy environment in an
outer ring. Be aware, however, that there are ways to
gain control of an inner ring, all the way to Ring 0.
Note that all of the viruses which have hassled personal
computer users grab control of some part of the operating system.
There are other ways to provide a host environment. For
instance, a virus could be inserted into to an accounts payable
program. However, control of the operating system (access to
Ring 0) is the key to a long life for a virus.
Fred J. Cohen's doctoral dissertation, cites an
experiment in which an entire DEC VAX 11/750 was infected in one-
half of a second. The system was considered compromised as soon
as "root" (Ring 0 to us) privileges were granted to the virus.
All that was required was for a common user to pass the virus to
the editor and as soon as the system manager editted some other
program, the virus gained system-level privileges.
FIRST THE BAD NEWS ...
Aristotle said that Art imitates Life. In our culture we
have seen Life imitate Art. Jules Verne wrote about a submarine
named NAUTILUS and a spacecraft called COLUMBIAD. Today's
"cyberpunk" science fiction gives us a glimpse at a future we are
coming to experience, perhaps all too quickly. In books like
William Gibson's NEUROMANCER and Bruce Sterling's ISLANDS IN THE
NET we see aggressive countries and corporations using software
as a weapon.
On December 24, 1987, a virus was discovered at the
Hebrew University of Jerusalem. The virus attached itself to any
executable program it could identify. It was designed to sleep
undetected until May 13, 1988 when it would delete these files.
It is no coincidence that the state of Israel was proclaimed on
May 14, 1948. The virus was not perfect. It was detected.
Writing in the February 29, 1988, issue of PC MAGAZINE,
John C. Dvorak said of computer sabotage: "It's getting worse and
we should all be aware of it. On the West Coast a battle wages
where Apple Macintosh and IBM PC users are loading software with
viruses to 'attack' their foe: a user of the other kind of
machine."
....NOW THE GOOD NEWS
According to Charles Wood of the Software Service Bureau,
"Out of over 1,400 complaints ... in only 2 percent of the cases
was an electronic virus the cause of the problem. People are
jumping to the conclusion that whenever a system slows down, it's
a virus that's responsible."
More to the point, viruses offer some interesting
possibilties for software which serves us better. Every computer
operator knows how much time is spent making archival backups.
If programs (and data) could make copies of themselves, much of
this effort could be dedicated elsewhere. Likewise, programmers
make copies of their current work before "improving" it. If the
latest "great idea" is a dud, the programmer can go back to an
earlier version and start again. This can happen 20 times a day.
Programs that copy themselves can save time for programmers,
also.
As a life-like entity, a software virus must fight for
its survival. The tools that make this possible also point to
operating systems and applications programs that modify
themselves to the benefit of their users. A smart operating
system can readily adapt to the addition of more memory, another
disk drive or a new printer. An application could adapt to an
upgrade of the operating system or even a change in operating
systems. Cohen suggests that a virus could be used to compress
and uncompress files. While causing some degradation of runtime
execution, this kind of virus would increase potential storage
capacity by 30% to 50% on any system.
A program which distributes itself can increase the net
wealth of the world by shortening the long path from the creator
to the user of software.
In the closing chapter of his book, Ralf Burger puts
forth an Aristotlean argument for the importance of viruses as a
condition for artificial intelligence. Basically, he asserts
that intelligence requires consciousness and consciousness
presupposes life. So-called artificial intelligence projects are
doomed because there is no way to make a program be a human. In
order for software to acquire intelligence, it must first have
the attributes of life, competing for surival in a hostile
environment.
Software viruses will not go away. You must always be on
guard against damage to your software and data. Even so there
is great potential for good viruses. After all, germs may make
you sick but without micro-organisms, we would never have bread
and wine.
----------------------------------------------------------------
FOOTNOTE:
[1] While at MIT Adleman worked with Ronald Rivest and Adi Shamir
to create the RSA Public Key Cryptosystem. Adleman later taught
a seminar in computer security at the University of Southern
California
[2] Strictly speaking, this program was a "worm" because it
accessed user accounts across directories. Whether a program is
a worm, a virus or a Trojan horse depends on how you choose to
identify its essential distinguishing characteristics. Is the
tomato a fruit or a vegetable? Is English a Germanic or Latin
language?
-----------------------------------------------------------------
Further reading
THE SHOCKWAVE RIDER, John Brunner, Harper and Row, 1975. (A
science fiction story well-known to hackers. A computer wizard
creates a software "worm" to unlock all government data.)
COMPUTER LIB/DREAM MACHINE, Ted Nelson, Theodore Nelson, 1978
(Describes several many topics in computing, including SURFIT, a
"survival of the fittest" game similar to Core War and Darwin.)
"Computer Recreations: In the game called Core War hostile
programs engage in a battle of bits", A. K. Dewdney, SCIENTIFIC
AMERICAN, May 1984.
COMPUTER VIRUSES, Fred J. Cohen, Ph.D. Thesis, University of
Southern California, 1985
COMPUTER VIRUSES: A HIGH TECH DISEASE, Ralf Burger, Abacus Books,
1987
COMPUTER VIRUSES, Ralph Roberts, COMPUTE! Books, 1988
"Computer Viruses", Howard Rheingold, WHOLE EARTH REVIEW, Fall
1988. (Includes a "Software Bestiary" that briefly describes
invasions of Univac, DEC, MS-DOS and other systems.)
THE COMPUTER VIRUS CRISIS, Philip Fites, Peter Johnston and
Martin Kratz, Van Nostrand Reinhold, 1989
Written for Computer Underground Digest circa Jan 1991
by Michael E. Marotta
BOOK REVIEW: Exporting the First Amendment: The Press-Government
Crusade 1945-1952 by Margaret A. Blanchard, Longman Publishers,
New York, 1986.
This book was reviewed in the same issue (Vol. 39, No. 3. Oct
1987) of the Federal Communication Law Journal that contains the
article "An Electronic Soapbox: Computer Bulletin Boards and the
First Amendment." "Soapboax" was cited by The Electronic Frontier
Foundation in the amicus curiae brief on behalf of Len Rose.
EXPORTING THE FIRST AMENDMENT is the more telling tale.
Time and again, Eleanor Roosevelt and her team mates from the
United States were overpowered by compromisers who viewed
"freedom of the press" as a necessary evil. To most of the
delegates to the press conventions in Geneva and New York,
RESTRICTING the press by adopting "principles of responsibility"
was more important.
Freedom of the press was for everyone EXCEPT... Except for
issues of national security (all nations agreed with that).
Except for when the press in one place insults the politicians in
another place (Egypt's King Farouk enjoyed the Riveria and Monte
Carlo). Except when materials are injurious to youth
(Scandanavia and France feared American comic books and the
communists hated the daily comics because in the background was
all this luxury). Except when opinions are injurious to the
reputation of natural and legal individuals (a "legal individual"
is a corporation). And indeed, while Eleanor Roosevelt was
insisting that the press should be free, the United States was
chasing "communist" writers at home and abroad.
Sadly, the author actually shares the views of the totalitarians.
To Blanchard, the press is like religion or politics, it is an
institution than cannot be superimposed on a culture. However,
freedom of the press is merely a logical extension of the freedom
to speak which comes from the freedom to think. Why it is that
Islam and Christianity and atheism, socialism and communism and
capitalism, hot dogs and tofu and tacos can be exported and
imported but freedom of the press cannot?
Recently, the National Science Foundation pressured a sysop into
dropping "obscene" GIF files from his FTP directory. (The fate
of publishers like Craig Neidorf and Steve Jackson has been well-
documented.) To the extent that we compromise, we deliver to our
enemies the weapons that are used against us. The failure of the
"First Amendment Crusade" following World War II is still
haunting us today. The threat to your right to think comes not
from the fact that Egypt and Israel impose censorship, but that
the United States imposes censorship. The key difference is that
for them, it is the rule and for us, it is the exception. So be
it.
Very often in cyberspace, we come upon systems that ask us not to
post "illegal" information on bombs or lockpicking or sex or
credit cards. A sysop or moderator has a right to define what is
appropriate on their system. But stop and think. There is
nothing inherently ILLEGAL about publishing these facts.
Security textbooks are one source. Mystery stories are another.
If you don't know how cars or credit card numbers are stolen, you
cannot PROTECT yourself and you become dependent upon the
socialized police forces to inefficiently record your losses.
And why is it wrong to write about SEX? What next, walking down
the street?
Freedom of the press comes from freedom to think. EXPORTING THE
FIRST AMENDMENT is the sad story of what happened when these
principles were compromised.