<H5>Subject: Re: Information Superhighway books From: R Ballard <rballard@cnj.digex.net> Date: Wed, 5 Apr 1995 22:42:04 -0400 (EDT)</H5>
<A HREF=index.php><H5>How the Web Was Won</H5></A>
<A NAME=db/011440.html>Subject: Re: Information Superhighway books</A>
From: R Ballard <rballard@cnj.digex.net>
Date: Wed, 5 Apr 1995 22:42:04 -0400 (EDT)
<HR><PRE>
In-Reply-To: <Pine.SUN.3.91.950331235913.6116A-100000@seatimes>
Message-ID: <Pine.SUN.3.91.950405221030.21511N-100000@cnj.digex.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII


I am a bit cautious about print books about the Internet.  They seem to 
have a common habit of driving up paranoia about the internet security.  
When Stoll wrote "Cukoo's Egg", DEC and HP used to snoop each other's 
e-mail over the ethernet feed that connected them at UCCS (Colorado 
Springs), it was a big joke.  Sometimes they would send des encrypted 
garbage (randomely generated character strings) through each other's 
networks (along with classified flags), just to drive each other crazy.

Remember, until 1991 the internet was a bunch of modems, UNIX (4.2 BSD yet)
and ethernet cards that could "sniff" TCP/IP packets.  In 1991, Common 
Carriers such as MCI, Sprint, and AT&T started taking over the formal 
control of the Comm links.  Routers with tight IP packet filtering to 
prevent outbound spoofing, and Firewall gateways have given much more 
control over the internet.  In most cases, the IP packet can be traced 
all the way back to the ANI telephone number that sent it.

In Cucoo's Nest Days, 11 year old kids were logging into DOD host 
computers with anonymous logins using "guest" accounts that were more 
like welcome-mats.  Today, "cracking" into a computer that puts up
a "no trespassing" indicator is a felony with a 15 year prison term and a 
$150,000 fine.

In 1992, banks and insurance companies started using protected segments 
of the internet to carry traffic.  By 1994 NASD had standardized on 
TCP/IP and SCO UNIX with Kerberos authentication.  Domestic commerce is 
conducted over the internet using DES, RSA, and PGP encryption on a 
regular basis.  There are even "customs gateways" which provide
"attach wiretap here" interfaces to government agencies and encrypt on 
either side of that link.

I've spent the last 10 years working toward making the internet suitable
for commercial use.  Making it easy enough to be used by my mother, and 
secure enough to bank my paycheck.  It is frustrating to see the panic 
when the print press sensationalizes a break-in by a very technically 
astute "safe cracker" who makes it into a relatively unsecured system.

If you leave the keys to your house on the window-sill and tell all your 
neighbors about the stash of diamonds you have in the pillow in your 
bedroom, it is quite likely that you will be visited by someone who 
watches how you come in, and where you leave your key.

At one time, the internet was as safe as Hunt's point at midnight.  Today
its more like Wall street at 3:00 P.M.  Do we WANT it to be as safe as 
NORAD?

	Rex Ballard


From rballard@cnj.digex.net Wed Apr  5 23:11:25 1995
Status: O
X-Status: 
</PRE>