CRYPT NEWSLETTER 34

October-November 1995



Editor: Urnst Kouch (George Smith, Ph.D.)

Media Critic: Mr. Badger (Andy Lopez)

INTERNET: 70743.1711@compuserve.com

          Urnst.Kouch@comsec.org

          crypt@sun.soci.niu.edu

COMPUSERVE: 70743,1711







�������������������������������������Ŀ

� Contents: Crypt Newsletter #34      �

���������������������������������������



 THIS ISSUE

BOOKS 

  The Real Cyberpunk Fakebook

  Giant Black Book of Computer Viruses

  The Emperor's Virtual Clothes

NEWS 

  National Reconnaissance Office secret fund

  Keeping up with the NRO's cash flow

  National Vanguard mail-bombs

MEDIA

  The low spark of well-heeled noise

SOFTWARE

  Dr. Solomon's Anti-virus Toolkit

  Symantec dirt

LEGAL

  Computer viruses and institutional liability

MISCELLANY 

  Letters page

  Glossary

  Crypt Newsletter database

  Crypt Masthead Info

  Credits/Acknowledgements







CYBERSPACE: THE LOW SPARK OF WELL-HEELED NOISE ACCORDING TO

FRONTLINE



On Halloween, FRONTLINE ran "High Stakes in Cyberspace," one of 

the best snapshots of the near future of on-line bizness Crypt 

Newsletter has seen.



Host Robert Krulwich was critical - even almost nasty - as PBS's 

investigative team trotted around to get the goods on the ZIMA 

Web homepage, the Washington Post's Digital Ink and other stuff 

being sold by an assorted group of ad agents posing as info-highway

gurus.



The Post's Digital Ink, a so-called electronic version of the

newspaper, was shown as a project its editor was tricked into 

revealing as fundamentally a mechanism for blurring the distinction 

between editorial and advertising content. Community, community, 

community, virtual community - that's what Digital Ink claimed to be 

about!  Yes, Digital Ink's editor had the "community" line down so pat

it sounded like his personal mantra. While he was chanting it, Crypt 

News wasted time by imagining someone striking him cruelly about the 

head with a metal baton until the real truth leaked out - which it 

did, anyway.  Digital Ink's leader let slip the true power of the 

on-line newspaper: the ability to glue advertising onto page one 

. . . the ability to bring white, fattish ruling-class bankers in 

on the decision-making . . . the ability to turn the operation 

into . . . PRODIGY! 

     

The ZIMA Web page was shown as the black-hole of advertising

vacuity it is.  It was a lot of point-and-click about nothing -

"meta-information" or _information about information_ it's called -

fiendishly designed to generate more junk from advertisers deposited

in your mailbox. Although Krulwich never said it, what FRONTLINE 

was _really_ showing was that personal computers have provided a 

Jim Dandy way in which parasitic businessmen can create money from 

nothing by gulling yuppie consumers into being subscribers to a

potentially infinite set of on-line informercials.  "Irritating" was 

the word Krulwich used to describe the phenomenon.



"High Stakes in Cyberspace" would have been 100 percent perfect 

if not for Howard Rheingold showing up. But the clock ran out on 

him and FRONTLINE editors spared viewers his soppy cliches about 

the virtual world. Spffffft - and the credits inexorably rolled 

Howard up in a merciless 30-second soundbite.







FROM THE "SEE THE WORLD IN A GRAIN OF SAND" DEPARTMENT



While browsing the local bookstore yesterday, Crypt ran across

"Cyberpunk Handbook: The Real Cyberpunk Fakebook" by R.U. Sirius,

St. Jude and Bart Nagel (Random House), writers for MONDO 2000

and other publications that Crypt Newsletter does not understand.



It's a humorous - I'm pretty sure - trade paperback for the

unwashed masses.  It's mission: tell the proles if they're cyberpunks,

how to be one, or <wink-wink> how to fake being one.  Bruce Sterling

wrote the intro and somewhere in there, much to the humor desk's

surprise, CuD and the Crypt Newsletter's Web sites are mentioned as

k3wel places to hang.



In honor of this grand event and for a short time only, Crypt

Newsletter will be conducting cyberpunk lessons on how to smoke

clove cigarettes, drink Japanese beer, write in~elyte~script, wear

leather jackets, be sarcastic even while asleep, send the AT command

to your modem, use hacked Celerity BBS software, get arrested for

red-boxing, visit a "sting" board, read alt.2600, ask the password

for Nowhere Man's Virus Creation Lab, get banned from Internet Relay

Chat, watch "Johnny Mnemonic" and pretend to know what's going on,

surf the Web and pretend to know what's going on, choose the correct 

hair pomade or coloring, recognize the best places to shop for 

rubber bondage wear or ritual scarification paraphernalia and 

- last - but  most important, leave your credulity in the toilet.



Unusual for this type of book, the authors have written it so that

it's occasionally mean and cutting right around the time you begin

to consider brandishing a virtual bludgeon in their direction. Did

I mention it was a _very_ amusing read for 10 bucks (cheap)??



"The Real Cyberpunk Fakebook" features a photo of Eric Hughes in

cyberpunk raiment on its cover, too.  Right down to the duds, he's 

a dead ringer for Greg Strzempka, the singer for an obscure metal 

band named Raging Slab.  It's true, by golly!



The book is also loaded with photos of menacing-looking GenX'ers,

cans of Jolt cola, one stuffed cat, an odd-looking leather

device - perhaps used during sado-masochistic floggings, and someone

with a chrome bolt through their tongue.  If you are still bored, 

there's also a crossword puzzle or two.





NATIONAL RECONNAISSANCE OFFICE SPOOKS SECRETLY SET UP SLUSH FUND



In late September, the Washington Post reported that the

spy satellite-flying ultra-secret National Reconnaissance Office

had salted away over $1 billion in cash money left over from 

operating costs. In related news, it was revealed the agency had 

also been squirreling away unused spy satellites in its Sunnyvale, 

CA, facility at an estimated cost to the US taxpayer of $10-15 

billion for cleanrooms and maintenance.



The secret NRO fund disclosure comes about one year after the 

Senate Intelligence Committee discovered the agency had built a 

$300 million headquarters complex in Fairfax County, Virginia,

without telling anyone. Locals were misinformed on the owner of 

the complex, believing it was a plant for Rockwell International.



The $1 billion secret fund was accumulated by the NRO as a result

of the agency's practice of being paid in advance for multi-year

satellite programs.  The fund was built from budget money diverted 

from agency contracts which unfolded at rates slower than planned.



CIA head John Deutch launched an investigation into the $1 billion

fund over the summer  but   found  nothing  wrong with  the

NRO's handling of cash money.  A new chief financial officer, 

however, was put in place at the spy satellite agency.  

     

It is also quite entertaining to take a look back at the outcry 

which resulted from news of the NRO's new headquarters in August 1994. 

An especially pungent quote came from Rep. James Traficant who 

railed, ". . . I say we should convert that [new NRO building] to a 

prison and start by locking up these lying, thieving, stealing CIA 

nincompoops."



As for the NRO secret fund, agency mouthpiece Pat Wilkerson commented 

to the Post that he would not comment on his organization "because 

the programmatic and dollar content of the NRO budget are still 

considered classified."  



CONGRESS ERODES INTELLIGENCE BUDGET SECRECY



by Steven Aftergood, Secrecy & Government Bulletin 53, Federation

of American Scientists, 307 Massachusetts Avenue, NE, Wash. D.C.,

20002



Congress has highlighted new details of the structure of the 

secret intelligence budget following the disclosure that the

National Reconnaissance Office had been hoarding over a 

billion dollars of unexpected funds.  Specifically, Congressional

actions have made it possible for anyone to discern where secret

funding for the NRO is hidden with the Defense Dept. budget.



Discovery of the NRO's extraordinary accumulation of unspent

funds, first reported in the Washington Post, led Congressional

appropriators to cut "more than $1 billion" from the NRO's

budget (New York Times, 9/27/95).



After the conference report on 1996 defense appropriations was

issued on September 25 (House Report 104-261), it became possible

to ask: Where in the defense budget was this "more than $1 billion

taken from?  The following budget cuts are conspicuous:



  � The line item called Selected Activities in the category "Other

    Procurement, Air Force" was funded at $4.9 billion, a reduction

    of approximately $500 million from the budget request.



  � The line item called Special Programs in the category "Missile

    Procurement, Air Force" was funded at $1.2 billion, a cut of

    approximately $400 million.



New rescissions in previously appropriated 1995 funding of these

two categories were made in the amounts of $180 million and $120

million respectively for a total of $1.2 billion in funding cuts,

which corresponds neatly to the reported reductions in NRO funding.



In conjunction with other sources, the following sources may be

drawn:



  � Selected activities in Other Procurement, Air Force is the funding

    line for the CIA's portion of the NRO satellite procurement 

    budget, as well as for the CIA itself.



  � Special Programs in Missile Procurement, Air Force is the funding

    line for NRO procurement of spy satellites assigned to the Air

    Force.



  � Other components of the massive NRO budget are hidden in the Navy

    budget and in the line item Classified Programs in the category

    "Research, Development, Test and Evaluation, Air Force" which 

    includes the NRO's r&d budget.  This line item was funded at $3.3

    billion.



The ease with which the NRO budget may be detected by even a casual

observer makes a mockery of claims that intelligence budget secrecy

is a matter of national security.  Rather, it has become a 

convenient means of reducing public accountability.



Public exposure of the budget details of individual intelligence

agencies now seems increasingly necessary because Congress is so

plainly incapable of performing its intelligence oversight function.

Rep. Larry Combest, who ironically led the effort a week earlier on

the House floor to block public disclosure of the total intelligence

budget (Congressional Record, 9/13/95, p.H8833), complained to the

Post that NRO officials had "fallen quite short of being open

about this."



Taken at face value, Rep. Combest's complaint suggests either a

surprising incapacity to gain access to even the most elementary

information about the NRO, or an astonishing lack of curiosity

and understanding concerning NRO operations and budgeting.



It is hard to comprehend the difficulty of the oversight committees

in spotting the NRO's reservoir of funds, given that the continued

operation of spy satellites beyond their design lifetimes and the 

resulting backlog of unlaunched satellites have been publicly noted

by intelligence community officials for several years.  It is a 

mystery how the "oversight" committees could have failed to realize

that NRO had a substantial surplus of funds that had already been

appropriated to support launches that had not yet taken place.



Fundamentally, the NRO's secret accumulation of a billion dollars

is much less disturbing than the fact that Congress was unaware of

it for an extended period.  If the designated Congressional 

overseers are unable to reliably keep track of where any given

billion is gowing, then even a rudimentary level of accountability

is impossible and the job must be taken over by others.



Fortunately, the public has access to other sources of information.

For example, an article in the Los Angeles Times entitled "US

Launches Costly Overhaul of Spy Satellites" (9/28/95) provides

background on the classified "8X" satellite program and its budget

implications.





TYRANNY & MUTATION: MARK LUDWIG PUBLISHES GIANT BOOKLOAD OF

COMPUTER VIRUSES



In 1990 Mark Ludwig published "The Little Black Book of Computer

Viruses."  It contained the source code for four computer

viruses, one of which - Stealth Boot - has become one of the more

common computer viruses infecting business and home PC's worldwide.

[The virus, known as Stealth Boot C, is the same as the copy 

published in the second printing of "The Little Black Book of

Computer Viruses."] As a result, by 1992 Ludwig (also my publisher,

incidentally) was a pariah in conservative computing circles, fit 

predominantly for freak-flag-fly-type stories on viruses as artificial 

life in WIRED magazine or bad craziness and hate parties at assorted 

computer security conferences. In 1990 Ludwig wrote, rather 

accurately in retrospect, "[Stealth Boot] is _highly contagious_ . . . 

once it's infected several disks, it is easy to forget where it's gone.  

At this point, you can kiss it good-bye."  Even the printing business 

Ludwig uses for his books was infected with Stealth Boot during 

production runs.



The introductory parts of Ludwig's new "Giant Black Book of 

Computer Viruses" (American Eagle trade paperback, 700 pages) 

feature a tone more baldly revolutionary than his previous books.  

It's a pitch that resonates with many outsiders - the militias, tax 

resisters, Internet anarchists, true believers of New World Order 

conspiracy orthodoxy - convinced a big takeover by the 

military-industrial complex is imminent. In a segment on "military 

applications" of computer viruses Ludwig writes, "Putting military 

grade weapons in the hands of ordinary citizens is the surest way to 

keep tyranny at bay."  We are moving toward an "Orwellian god-state" 

he says, and "the Orwellian state is vulnerable to attack -- and it 

should be attacked . . . Perhaps we have crossed the line [of this 

state] or perhaps we will sometime between when I [write] this and 

when you are reading.  In such a situation, I will certainly sleep 

better at night knowing that I've done what I could to put the tools 

to fight in people's hands."  Ironically, even extremist Soldier of 

Fortune magazine has dropped Ludwig's advertising with nary a word of 

explanation. For it, computer viruses are now apparently more feared 

than serrated truncheons, pepper spray, assault weapons and 

advertising for military adventurers and hit-men.



Dire stuff this is, and the remainder of the "Giant Black Book" is

no exception, with segments devoted to boot sector-infecting

computer viruses, writing "droppers" for them - for example,

the complete source code for Stoned and a diskette-infecting 

launcher for it; file-infecting viruses for a multiplicity of 

operating systems, virus stealthing; complicated, exotic encryption 

schemes aimed at defying anti-virus scanning; and anti-security 

measures designed to make clumsy or incomplete disinfection of 

Ludwig's viruses a task fraught with the possibility that the 

replicating programs will destroy the data structures on the infected 

machine in retribution.  Portions of the book are reprints or 

clean-ups of articles which have appeared over the past couple of 

years in Ludwig's Computer Virus Developments Quarterly and its 

successor, Underground Technology Review, which have ceased 

publication.



The only other books in the arena even remotely reminiscent of 

Ludwig's newest - beside his own stuff - is Ralf Burger's 

"Computer Viruses -- A High-Tech Disease," published in 1988 by 

a company also in the business of marketing Burger's anti-virus 

software.  However, Burger's chapters on simple overwriting viruses 

and the mutilation of computer data coupled to simulation of horrible 

hardware problems with software - besides being simplistic and dated 

- lacks the weird joie de vivre Ludwig's "Giant Black Book" flashes 

in assembly language-illustrated tracts on choosing between 

formulations of sudden, unexpected data incineration or creeping 

file corruption - routines perhaps perfected while Ludwig was writing 

destructive code for a US Army group attached to NATO a couple of 

years ago.

     

Those who worry about presumed virus-writing churls from the Internet

getting a copy should stop right now.  Real life probably won't be

quite as predictable. Even though the "Giant Black Book" is genuinely

menacing-looking, for the truth to be told experience suggests most 

would-be and practicing virus-writers are either too penniless to 

purchase it, too oblivious to everything but their own transient 

concerns to read it carefully enough so it really hurts, or too 

bitterly envious of Ludwig for making a living selling viruses which 

they've been unable to trade for even a bag of chipped wampum, to 

make much of the virus code and tutorials which constitute the 

backbone of the book. History also indicates that it's not a big 

jump to see that as with "The Little Black Book," one or two of the 

"Giant Black Book's" Ludwig viruses could wind up in circulation on 

national computers within two to three years, resulting in an 

indeterminate amount of garment rending, trashed data and lost money, 

blood on the floors of information systems departments, insane 

shouting, and kill crazy editorializing in computer security 

publications, none of which will have any impact on the perverse 

reality of the world of computer viruses. 



There's a part near the end of the "Giant Black Book," written

with an X-file-ish sci-fi whiff of looming future techno-anarchy. 

Those comfortable with the reading material found in comic books

devoted to the current fascination with cyberpunk, computer network

dystopia, mysterious helicopter flights over the hinterlands, and 

rental vans packed with bags of fuel oil-soaked ammonium nitrate will 

be pleased. As for the bottom line on "The Giant Black Book of 

Computer Viruses": Like all Ludwig's books, it's a distinctly 

unusual acquired taste requiring a small but significant amount of 

technical acumen to crack. But it also tends to be as interesting a 

read as you'll find if you're one with the stones for it.

    

"The Giant Black Book of Technological Booby Traps, er, Computer 

Viruses" -- $39.95 cash money from American Eagle, Show Low, Arizona. 

(ISBN 0-929408-10-1)



Additional notes:  A recent Computer underground Digest tabbed

Jean Bernard Condat, president of the French chapter of the Chaos 

Computer Club, as a hireling of a French secret government agency,

the Direction de la Surveillance du Territoire. Indeed, he

appeared to be its puppet, blackmailed into service when fingered

for a petty crime as a student in Lyons.  According to the report

in CuD, he provided reports and acted as an agency beard while 

posing as the most famous French hacker. Condat claimed to have 

broken away from the agency in 1991 but the excerpt in Computer

underground Digest implies the facts are fuzzy in this area. In 

1992, Condat translated "The Little Black Book of Computer Viruses" 

for Ludwig and agented it to French publishers.  Turned down by 

Idalis, one of the largest French publishing firms, reportedly 

over qualms with the translation, the book was eventually optioned 

by Addison-Wesley France.  The publication of it in France in 

1993 as "Naissance d'un virus" resulted in a civil suit.  Ludwig 

dropped Condat as an agent about a year later for reasons 

apparently having to do with reliability, according to the 

American Eagle publisher.







NET-BABBLERS INEXHAUSTIBLE PREPARE INSTITUTIONS FOR OVERTHROW -or-

ELECTRO-PAMPHLETEERS FOR NATIONAL VANGUARD LAUNCH OCTOBER OFFENSIVE



A spam a day keeps the delete key in play.  It's something everyone

seems to forget when dealing with mail-bombs, particularly when

they're selling conspiracy theory like one that declared dead 

cultural anthropologist Franz Boas the root of all world evil in 

early October.  Yes, the same Franz Boas who wrote famous

books on the Indians of the Northwest.  



Skipping the hare-brained discussion for the sake of sanity, the 

anti-Franz Boas essay arrived on e-mail doorsteps and Usenet news

packaged as annoyance electronic mail.  It triggered the usual 

outrage - pissed-off Netizens shaking their cyberfists in hackneyed

fury, promising unspecified retribution: perhaps nasty phone calls and 

retaliatory nuisance spam -- all aimed at National Vanguard/National 

Alliance, a Hillsboro, West Virginia, publisher responsible for the 

best-selling piece of race-hate conspiracy science-fiction, 

"The Turner Diaries."   



Consider the nature of National Vanguard, a publisher that advertises 

in the back of "The Turner Diaries" for a comic book called "New World 

Order Comix."  Fifteen to eighteen-year olds, says the advertising, 

can read the NatVan funnies to "understand the nature of the evil 

forces which have deliberately wrecked their schools . . . by 

organizing to oppose the enemies of their race and civilization."  A 

few pages earlier is the blurb for another book, "Serpent's Walk," 

that promises the "Good guys" -- Hitler's SS -- finally win after 

going underground and continuing the fight for a century.  Are you 

left with impression that the anger of spammed Netizens might just 

roll off the back of the National Vanguard, already certified as 

a social leper for about two decades?  



If not, revisit for a moment the history of "The Turner Diaries."

First published in 1978 by author William Pierce after being

serialized in his magazine, National Vanguard, "The Turner Diaries"

has sold approximately 200,000 copies without really being in any

bookstores to speak of.  



The National Alliance spam is mildly reminiscent of the strategy 

Piece used with Soldier of Fortune magazine's subscription list 

in 1981.  Pierce purchased SOF's mailing list and subsequently 

sent a National Alliance/National Vanguard catalog to the magazine's 

subscribers.  Some readers of SOF complained vigorously and the 

magazine apologized to its readers, promising to more carefully

screen those wishing to purchase its subscriber base.



"The Turner Diaries" is an escalatingly violent book, apocalyptic

and brutal in its imagery of a white supremacist underground 

fighting a total war against the US government.  It's told primarily

from the point of view of one of the minor lights of the white

supremacist underground, one "Earl Turner," who takes part in a

number of the book's key battles. 

     

In "Turner," guns are outlawed by the hated US government with 

"the Cohen act."  Soon after, Earl Turner and a cell of guerillas

demolish FBI headquarters in Washington, D.C., with a rented truck

filled with fertilizer/foil oil explosives.  The aim: to smash a

super-computer and database designed to keep track of US citizens.



The "freedom fighters" declare war on the government, blacks, Asians, 

Latinos, those who fornicate with them and liberal journalists. In 

scenes straight out of Nazi Germany, those in the ruling overclass

arrayed against the insurrectionists are rounded up and hung en 

masse - made to wear placards proclaiming "I defiled my race." There 

are scenes of torture, sodomy by metal rod, numerous shootings 

and savage beatings.  Israel, Russian and US cities are destroyed by 

nuclear warheads.  The Pentagon is leveled by Earl Turner who flies 

an atomic bomb into it while on a kamikaze mission -- his

final initiation into the book's holiest of holies, The Order.

China is rendered uninhabitable by biological weapons. Turner's white

supremacists impose a new "empire" upon the world.



Pierce put a reading list of required material for white supremacists 

in one of his National Alliance catalogs.  In it, Pierce claimed, 

"[Turner] will be too strong a dish for any reader who has not 

thoroughly prepared himself for it," according to "Warrior Dreams" 

author and academic James Gibson.



Despite its repellent nature, many took "The Turner Diaries" very 

seriously. In 1983, the Bruder Schweigen, or Order, were one heavily

armed, well-organized outlaw group of white supremacists inspired by 

it.  The Order held up banks and armored cars to raise money - almost

$4 million - for their revolution and modeled it on the struggle 

portrayed in "The Turner Diaries."  Order member Bruce Pierce murdered 

Alan Berg, a Denver talk radio host, by submachine-gun fire and was 

eventually caught, convicted and sentenced to 200 years to life in 

prison.  Berg fit the Order's interpretation of "Turner Diaries'" 

definition of a liberal Jewish journalist. In 1984, the FBI, writes 

author Gibson, "closed in on the Order's island hideout [in Puget 

Sound, Washington] . . . Several members of the Order surrendered; 

[Bruce] Matthews, [their leader], refused." The FBI set the hideout 

on fire with magnesium flares and a grenade launcher, an exploding 

weapons cache widened the blaze and Matthews died in the conflagration.  

His body was recovered later, a gold Order medallion charred into his 

chest [page 250].



Laurence Canter and Martha Siegel created a cottage industry early

this year when they hit stores with "How to Make a Fortune on the 

Information Superhighway," a book on the "legitimate" business uses 

of ruthless scattershot e-mail advertising.  Having reportedly sold 

47,000 copies as a hard cover for one of the major publishers, it was 

only a matter of time until businesses or groups like National 

Alliance, those which could hardly be expected to even faintly mind 

the collective ire of 'Net administrators, began to act on it.





AUTHOR DINTY MOORE'S HANDBOOK FOR CLOSET INTERNET CURMUDGEONS

    

"The Emperor's Virtual Clothes: The Naked Truth About Internet 

Culture" (Algonquin Books of Chapel Hill, $17.95) is a bird

of a different feather: an Internet cynic's handbook written

in a happy, frothy tone - presumably because it's author seems

to be a pretty pleasent prof in residence at Penn State University.



Packaged by Algonquin so it's somewhat reminiscent of Jon Winokur's

"Closet Curmudgeon" books, "Emperor's Clothes" is its author's

anecdotal view of on-line culture.  In it Moore covers all the

popular 'Net issues and controversies: privacy, sex, the nature of

obsession and creeping Toffler-ism.  Never so mean as Crypt 

Newsletter, "Emperor's Clothes" nevertheless drives home its 

skeptic's point of view well, even invoking Thoreau as a comical 

muse from time to time.



One of my favorite parts was Moore's description of one 'Net 

fanatical collegian seemingly lacking even the wit of a pig's 

bladder on a stick. The subject has become so encrusted with the 

trivia of networked existence he can't break away from on-line 

games and chat.  His grades are shit; what's left of his mind is 

oozing from his ears.  The poor sod has forfeited his personality 

to a $1000 plastic and glass box! However, you can bet there's 

always time for one more round in the multi-user dungeon role-playing

game.



For those who enjoy their prose sardonic, "The Emperor's Virtual

Clothes" is cool.





THE SOLOMON ANTI-VIRUS TOOLKIT: THE EVOLUTION OF SCANNING SOFTWARE 

     

Back in 1993 in an article for Crypt Newsletter #9 called "Take

the Prodigy challenge with the Dr. Solomon Anti-virus Toolkit," I

did a run through of this British program, then distributed by

On-Track Data Recovery in the U.S.



PRODIGY's marketing of the Dr. Solomon Toolkit was uniquely absurd,

so weird I've never seen it repeated anywhere else.  The 

Sears-Roebuck administered "personal information service"

for yuppies hyped the software offer which, on the surface, 

appeared quite attractive. It offered a special data integrity and

recovery package which was essentially a broken up grab-bag of 

software utilities looted from other commercial products. In toto

it consisted of the Solomon Toolkit's FindVirus anti-virus scanner, 

an "unerase" program designed to allow buyers to easily recover 

recently scotched files and a rudimentary set of hard disk 

maintenance programs. This was a vile deal aimed squarely at suckers 

since the current version of DOS had already shipped with programs 

that covered almost everything included in the package except for 

Solomon's FindVirus.



However, Prodigy did offer the Solomon Anti-virus Toolkit for 

$39. The catch was it came sans manual. Of course, you could  

also buy the manual, thereby bringing the total price up to

$99, about what you would paid for the Toolkit straight from

On-Track.  The logic behind the marketing hook seemed to be the 

thinking that consumers would jump at the apparent _reduced_ price 

of the Toolkit, order it and find that once they had it, it didn't 

make sense without the manual.  Of course, then the manual would be 

purchased anyway.



In 1995, Alan Solomon (S&S International) is no longer dependent

on this kind of "help" to merchandise his product in the U.S.

The company has moved aggressively into the national market and

opened offices in Mission Viejo, California, and Burlington,

Massachusetts. However, the core of his Toolkit's virus control

strategy remains the same: effective use of the FindVirus anti-virus

scanner and Guard, a memory resident utility which acts as a

sentry armed with a sub-set of FindVirus's capability.



FindVirus operates on a philosophy of rigorous detection and

identification of computer virus infection. Briefly, one can

explain it thus: 

     

The FindVirus scanner has an entry for the "Mr.X" virus in its

virus information database.  According to the entry for the

"Mr.X" virus, FindVirus knows the virus infects .COMfiles and that 

infected files begin with a jump command that points to the end of 

program where the virus has added its code to the parasitized file.  

FindVirus looks for a string of bytes uniquely chosen from the

"Mr.X." virus and if it finds such a string - or perhaps matches

a calculation based upon the string - checks for the true virus 

identity by performing another calculation on the expected volume 

of the virus, say, from the beginning of its control point to the 

end of the viral code.  If the calculation corresponds to the value 

FindVirus holds in its database for this particular virus and every 

other check mentioned is valid, a live copy of the "Mr.X" virus has 

been found in the file.



Using this method, FindVirus can only rarely be tricked into 

inappropriately identifying viruses.  This means its rate of false 

alarming on programs and data contained within the average computer 

is vanishingly small.  The 1993 version of FindVirus was just as 

fussy about virus identification.  However, when it came to repairing 

virus-infected programs, the Toolkit's on-line help recommended

replacing the infected file from distribution disks because while

it was possible "to remove the fly from the ointment," most users

preferred a "new jar of ointment."



This is gone from Toolkit 1995. Since FindVirus's mechanism of 

detection is dependent upon exacting identification of computer 

viruses, there is little point in shrinking from using the program 

to cut viruses from infected programs.  Stated another way,

FindVirus will simply refuse to disinfect viruses it cannot identify

exactly. This seems like an obvious point until you realize that

many, many anti-virus programs don't supply this rigor, and can be 

happily demonstrated ruining infected programs when asked to remove 

viruses - if they can remove them at all - for which they only have 

an approximate diagnosis.  Such a result would be catastrophic if 

practiced on a heavily infected network. The flip side of the coin 

is that a program like FindVirus, with the records of approximately 

7000 computer viruses in its database, can be expected to perform

rapid and precise disinfection in such a situation.



Going beyond exact identification of rudimentary viruses, FindVirus 

has been optimized for polymorphic detection. According to the

Toolkit's on-line help and Alan Solomon's books, the current

engine driving FindVirus got its start when Nowhere Man's NuKE

Encryption Device landed on his desk embedded in the ITSHARD virus.

Blocked by the complexity of the code garbling generated by it,

Alan Solomon started development on a fix for FindVirus that would

enable it to unwind Nowhere Man's encryptor reliably as well

as universally covering all similar types of polymorphic encryption.

Generally, this could be approached by writing software which

simulates the code in a suspect program. One could start by

inspecting a stretch of code thought to be part of a virus and

responsible for its self-decryption (which a polymorphically 

encrypted virus must have) by checking if the code appears to 

sequentially walk through a chunk of the suspected virus, modify it 

and write it back in unencrypted form.  Such an anti-virus scanner 

could load a suspect file into a buffer, set up a bunch of registers 

in memory and start inspecting.  It would update the simulating 

registers according to the action dictated by the instructions found 

in the scanned code. However FindVirus was to do this, the idea was

to apply an engine which would drive the decryption employed by

just about any type of virus.  Once perfected, then the same

rules FindVirus uses to detect and disinfect simple viruses can

be brought into play to identify and disinfect any virus underlaying

various layers of disguising encryption.  Alan Solomon incorporated

just such a technological innovation into FindVirus and the program

won a Queen's Award for Excellence as a result of it.



Anyway, however FindVirus does this, it seems to work rather well.  

In a quick and dirty test we generated 200 samples each of a handful 

of encrypted viruses: Oi Dudley, Mutation Engine Insuff and Encroacher 

from the old Crypt Newsletter, SMEG v.03, and Virogen using the Vice 

encryptor. FindVirus hit almost all, missing only 3 percent of the 

Virogen Vice samples.  It precisely identified the one-in-every-ten

unencrypted copies of Encroacher generated by a buggy version of

the Mutation Engine and the original Encroacher virus seed file, or 

dropper, a feature useful in computer forensic work. Oddly, it 

identified all Mutation Engine Insuff samples as "like" Mutation 

Engine viruses.  It also successfully disinfected all detected 

infections except for Mutation Engine Insuff, which can only be 

deleted or renamed.  FindVirus renamed them which is an adequate 

solution. A competing program, Dr. Web, was used as a simple 

barometer.  Web detected all Mutation Engine Encroacher samples, 

for example, but promptly destroyed every program upon disinfection.



The final S&S selling point for FindVirus, implemented just

recently, is "heuristic" virus detection, or detection based

upon the looking for code that does things viruses are expected

to do.  Although not a new feature in anti-virus land, it's

new for FindVirus which delivers the capability _only_ if

called for specifically by command-line switch.  So, while 

FindVirus missed 3 percent of the Virogen Vice infections, it's 

"heuristic" ANALYZE switch, coupled with the program's virus 

decryption engine, uncovered every one of the misses with a 

generic "like a virus" warning message.  The catch is the user 

must have the wit to use it in potentially hot situations. With 

the ANALYZE feature enabled, FindVirus - like any "heuristic" 

detector - can generate, or be compelled to generate, false 

alarms.



The memory resident VirusGuard portion of the Solomon Toolkit

intercepted most, but not all of the encrypted viruses.  It

missed Mutation Engine and SMEG samples, but was successful

at intercepting Oi Dudley and Virogen Vice specimens.



The Solomon Anti-virus Toolkit creates the usual anti-virus

industry standard rescue disk capable of jump-starting a

dead dog hard disk but no longer carries along a copy of FindVirus

as it did a couple years ago. The documentation concedes that 

the steady rain of increasing computer virus strains has inflated

the size of the program, making this impractical. Instead, it recommends 

use of the copy of FindVirus on the original diskettes when treating 

a badly contaminated or damaged system.

     

The Anti-virus Toolkit comes with a manual and an interesting

Virus Encyclopedia which contains entries for a large number 

of viruses S&S International has thoroughly dissected. Oddly, 

the index page numbers for the viruses described in this edition 

were listed as variant numbers of pages _beyond_ the actual 

entries in the encyclopedia. For example, the data on Micropox 

virus was listed at page 247 but actually resided on page 239;

the data for FLIP listed as 108 when it was on 105, the entry

for Natas virus as 163, but actually on page 158. Initially, 

this led me to suspect I was a victim of creeping mental illness. 

[Hmmmm. Could be evidence of Index.Fiddler. Just a little inside 

computer virus humor!] 



The Toolkit also contains a number of other programs including 

a file integrity checker, disk and file examination programs, and 

a couple of certification programs which augment the use of FindVirus 

and Guard in virus control and additionally supply an easily administered 

measure of access control to a secured machine's files and diskettes.

     

The Solomon Toolkit's use of technology in precise virus 

identification and removal are features that serve it well. It is 

these same features, seamlessly incorporated into the software, 

which are difficult for magazines to explain adequately to potential 

consumers. It is a paradox that they are the same features which set 

the Toolkit apart from and above elegant-looking, power-marketed 

turds like Symantec's Norton Anti-virus.



S&S International USA: 17 New England Executive Park, Burlington,

MA, 01803 ph: 1-617-273-7400.





FROM THE "YOU CAN'T POLISH A TURD BUT THAT WON'T STOP 'EM FROM

TRYING" DEPARTMENT



Alert reader David Kennedy passed along this latest bit of

consumer news, courtesy of the institutional machine at Symantec. 

Apparently, Philistines in charge of marketing and disinformation 

at the Norton Anti-virus issued a statement of unique interest to 

Crypt Newsletter readers. 

     

Symantec, it claims, has opened an "Anti-Virus [telephone] HotLine." 

"This _revolutionary_ [emphasis added] new service will place 

live anti-virus technicians at your finger tips to quickly and 

efficiently help you resolve those burdensome live virus infection 

situations, no matter what product you are using to detect the virus,"

it reads.



"To help you in your fight against virus infections Symantec is 

proud to introduce the industry's _first_ [emphasis added] dedicated 

anti-virus hotline." 



This was inspirational and in the spirit of the free flow of

information, Crypt Newsletter announces it has opened an 

Anti-Symantec telephone HotLine.  This revolutionary new service

will place live editors at your fingertips to quickly and

efficiently help you resolve those burdensome confusions that arise

from reading Symantec corporate babble and then spending too much

cash money on software products like the Norton Anti-virus.



As a bonus, the Crypt Newsletter Anti-Symantec HotLine releases

the following:



       Peter Norton, the guy whom the Norton Anti-virus is named 

       after, once claimed computer viruses were urban legends!



       Symantec's Anti-Virus HotLine is not the first anti-virus 

       help line. (Big surprise!) Why, just this summer Crypt saw 

       the National Computer Security Association advertising one 

       in its company magazine. Peter Tippett, who recently worked 

       for Symantec, had his photo on its cover, too. It's true!



       Much of the development staff that went into programming and

       "perfecting" the Norton Anti-virus left the company this

       year for the competition!  Oh no! They won't be around to answer

       telephones.  It's true!

       

       For example, Martin Fallenstedt, Dave Perry and Jimmy Kuo

       went to McAfee Associates. Therese Padilla went to Command

       Software (F-Prot). (Crypt knows this is true because Crypt 

       spoke with her recently.) Peter Tippett is now affiliated 

       with the National Computer Security Association.  The NCSA 

       magazine says he's its "President." Joe Wells, another Norton 

       Anti-virus developer, went to IBM.



       Joe Wells even mentioned on Compuserve this summer that "there 

       [were] several other people," who also went from Symantec

       to McAfee Associates. "When I visited them early this month, 

       I suggested the company name be changed from McAfee to McMantec," 

       said Joe.  Haha! Joe made a joke of it! What a funny guy!



       John McAfee, when in an ebullient mood,  also used to speak of 

       having a McAfee Associates special team drive around in a mobile

       home to supply emergency service to companies laid low by

       computer virus!  McAfee Associates has telephones, too.

       It's true!  ["The Virus Creation Labs," page 11.]







QUESTIONS: COMPUTER VIRUS LIABILITY



[In January 1995, the US Bureau of Public Debt's Security Branch and

its legal department debated the issue of unintentional distribution

of computer viruses and the legal liability of institutions found to

have passed contaminated software or diskettes.  The discussions

were published in the US Bureau of Public Debt's Information Systems

Security Monitor newsletter and credited to Kim Clancy (Security

Branch), Jim Kramer-Wilt (Legal) and Lisa Martin (Legal). It is  

reprinted here with permission.]



Security Branch:  "What, if any, boilerplate language exists that

we could put in contracts that would protect us if we received disks

that were infected with a virus?  What are [others] doing?



Legal:  "At present, Public Debt is not using any special language

in . . . contracts.  The present warranty clause does not protect

us from consequential damages.  Procurement uses a general clause

unless the Contracting Officer determines that a greater level of 

protection is necessary.  We could insist that a clause be inserted

that the contractor has screened the software for any known viruses.

This, of course, would not protect us from unknown viruses.  It 

appears that we should be making the screen ourselves, rather than

relying upon the contractor.  I would assume that such screens

are being made."



Security Branch:  "In the area of Interagency agreements - what is

our liability if, for example, we would send [someone] a diskette

with a virus?  Is exempting language available? Would it be 

effective, such as in contracts with these [others]?" 

     

Legal:  "Contracts between government agencies follow the general

outline of the first question above.  Government agencies are pretty

much self-insured for such damages.  Any diskettes sent to other

agencies should carry the following disclaimer:



WE HAVE SCANNED THIS DISKETTE FOR VIRUSES USING <SOFTWARE BRAND AND

VERSION INSERTED HERE>.  NONE OF THE DISKETTES HAVE ANY VIRUSES

ACCORDING TO OUR USE OF THESE PROGRAMS.  HOWEVER, BE AWARE THAT 

THERE MAY BE VIRUSES OR OTHER DANGEROUS PROGRAMS THAT HAVE ESCAPED

DETECTION.  WE DO NOT WARRANT OR REPRESENT THAT ANY OF THE DISKETTES

ARE ABSOLUTELY FREE OF VIRUSES, TROJAN HORSES, WORMS, TIME BOMBS OR

ANY OTHER TYPE OF DANGEROUS COMPUTER PROGRAM.  YOU SHOULD PERFORM

YOUR OWN TESTING TO ASSURE THAT THE FILES YOU DOWNLOAD ARE TRULY

FREE OF VIRUSES OR OTHER DANGEROUS PROGRAMS.



This disclaimer could be in the form of a pre-printed sticker that

is affixed to the diskette package."



Security Branch:  "What should we do if we get a diskette with a 

virus from another company?  Should we contact the vendor?  Are

there any repercussions if we do contact the vendor?"



Legal: "You should contact the vendor and inform them of your

finding.  Whatever action they choose to take is up to them. 

I believe that there is a duty to contact the vendor and there

should be no legal repercussions.  We also feel that you should

pass along your findings to Main Treasury, e.g. 'I scanned the

diskette with a certain virus checker and found this virus,'

thereby making no statement as to how the virus got on the

diskette.  In other words, only reporting exactly what you

observed."



PART II: LIABILITY FOR VIRUSES, A NEGLIGENCE STANDARD 

 

. . . Tort and civil liability is rarely discussed in the

context of [computer] viruses since there is a growing body of

criminal law regulating the introduction of them into a system.  

The introduction of viruses _may_ allow an injured plaintiff relief 

under the tort theories of conversion, trespass and tortious 

interference with contractual relations. Tort liability has been 

an issue of concern to the managers of computer systems and networks. 

The failure of managers to safeguard their systems may lead to 

recovery in tort by injured third parties.  One suggestion has 

been to impose strict legal liability on the producers and vendors 

of computer systems, services, networks and software, requiring 

adequate safeguards and barriers to be placed to avoid unauthorized 

invasions, and to carry adequate insurance should an invasion occur. 

This standard may be too demanding since even the best boundaries 

of technological protection have proved to be penetrable. A system's 

need for the existence of trap doors for programming and debugging 

will also be troublesome for managers should a strict liability 

standard be implemented. Negligence may be a viable alternative 

standard should strict liability be too harsh. A manager's duty to 

the system would entail the reasonably prudent selection, 

implementation and maintenance of the security provisions of the 

system.          

 

Application of negligence principles to the manager would require

her to use reasonable care to secure the system when it is

foreseeable that failure to secure it would result in injury to

foreseeable plaintiffs. A test similar to the one created by Judge

Learned Hand in United States v. Carroll Towing may be a viable

standard in this instance. Since there are times when every

computer system may be infected by a virus, the manager's

duty should be a function of three variables, paraphrased from

Judge Hand's decision in Carroll Towing:

 

     1) the probability of invasion by a virus; 

 

     2) the gravity of the resulting injury; and 

 

     3) the burden of adequate precautions. 

 

The application of this test may provide a flexible and workable

alternative approach to manager's liability for the failure to

protect the computer system from viruses. 

 

Suggestions for reasonable protection:

 

     1) Limiting computer access by terminated employees, particularly

     those who have been subjected to disciplinary action; 

 

     2) Requiring a showing of need before allowing any employee to

     access system software on multiuser systems; 

 

     3) Requiring staff to devote greater attention to monitoring the

     use of computer systems and to checking for evidence of unusual

     or suspicious activity. 

 

Staff with responsibility for computer systems should be centrally

involved in analyzing these or other protective policies, and

should be given necessary resources to carry out these functions. 

 

     

 _Establishment of Operational Safeguards_ 

     

In addition to establishing access restrictions, a number of steps

might be taken to reduce the risks of harm from a computer virus: 



     1) Installing software programs that keep watch for computer

     viruses; 



     2) Testing software [and storage media] for presence of computer 

     viruses; 

 

     3) Initially installing new software, particularly those of

     uncertain origin on an isolated computer system; 

 

     4) Immediately investigating unexplained or suspicious activity,

     including unauthorized attempts to . . . alter files 

 

     5) Immediately removing from computers any software that exhibits

     symptoms of possible virus infection; 

 

     6) Establishing backup policies designed to assure that clean

     copies of uninfected application programs remain available for

     a reasonable time; 

 

     7) Requiring the grandfathered rotation of backup copies, stored

     off-site; 

 

     8) Conducting periodic security audits to determine whether

     reasonable steps have been taken to assess and counter any

     particular virus threat. 

 





LETTERS: READER WONDERS ABOUT CRYPT BY FTP, WELFARE OF SECURITY 

BRANCH'S KIM CLANCY; UTR AND MORE AMUSING BUSINESS AT NORMAN DATA





Dear Crypt:



A few months ago, I asked about early issues of Crypt Newsletter.  

You said you weren't aware if they were generally available by 

anonymous ftp through the Internet.  My recent travels took me to 

an anonymous ftp site - ftp.fc.net - which has a complete set of 

the newsletters under the directory: pub/deadkat/virus/CryPt.  I'm 

letting you know for informational purposes. You must get requests 

for these issues quite often.



I also read your book and found it entertaining as well as 

informative. One thing I would find interesting - perhaps in a future 

issue - is a follow-up story on Kim Clancy and the bulletin board 

system she ran that came under criticism. 



---Tom Corrigan



[Crypt responds:  Thanks for the tips.  Crypt Newsletter gets many

requests for back issues by anonymous ftp and most of them go

unanswered.  There are a number of Web pages and Internet sites

with accounts offering Crypt News but they're not listed because 

of the frangible nature of so many Internet sites.



In 1992 Crypt Newsletter was distributed by bulletin board system

and I got into the habit of posting telephone numbers in the credits

section of the magazine.  However, the numbers were ephemeral, always 

changing, and it became pointless to maintain a list.

     

Today, however - for one time only (or until the topic comes up 

again), two spots which offer links to Crypt News are:



           http://www.xcitement.com/virus

           http://www.io.org/~ronl



Both are clean-looking pages, utterly lacking in pictures of floral

arrangements, furniture, pets, soiled underwear, obscure rock groups, 

rubber fetishists or the vain gimmickry and pitiless infomercialism 

common to the more garish spots on the Web.  These pages exist to 

publicize a wide variety of computer virus binary images and source 

code. Along with similar spots, the sites infrequently become topics 

of discussion in the Usenet's alt.comp.virus newsgroup. If you are 

inexperienced in the area or someone new to the Crypt Newsletter, 

keep in mind that Internet sites with computer viruses on-line for 

FTP or World Wide Web access can sully your image and reputation if 

you let slip you fancy them while in conservative company. By nature 

they're controversial, which is understating the issue somewhat.

     

Also, you can't - can't - can't - be infected with computer 

viruses by viewing Web pages or ftp directories filled with them.  

However, it's possible to become an embarrassment to yourself and 

many loved ones if you download computer viruses from the Internet 

and deliver them into the hands of incompetents, yourself included. 

It's also not impossible to imagine a poor unfortunate scruff so 

bereft of good sense and self-control he runs afoul of the law and 

becomes the object of a criminal investigation as a result of an 

interest in computer viruses. [Nota bene: Crypt Newsletter 32 and 

33, "Blewed, screwed and tattoo'd, parts one and two: The sorry 

tale of an English virus writer strung up in the Crown Court."]



There's a subtext embedded in the preceding discussion but Crypt News

thinks that, frankly, most of it is lost on the average readership.



As for Kim Clancy, is working for Security Branch of the US Bureau of 

Public Debt in Parkersburg, West Virginia.  She comments she will

be leaving the department at the end of this month. Clancy also hosts 

the Security RoundTable discussion group on Mindvox in New York City.



Congressman (Dem.) Ed Markey, the political nuisance who became 

tangentially involved in the AIS scandal, fell on hard times in 

1994 when the Republicans rode into town and knocked the Democrats 

from power. Markey is now farther from the limelight on information 

technology affairs and has had a difficult time living up to the 

sobriquet Washingtonian magazine awarded him in 1988: "No. 1 Camera 

Hog in Congress."  Remember, it was just in an August 1993 issue of 

the Los Angeles Times that Telecommunications and Finance 

subcommittee Markey-underling Rep. (Dem.) W. J. Tauzin of Louisiana 

was claiming "Ed . . . has arrived" and courtier for the entertainment 

industry and Motion Picture Association of America president Jack 

Valenti burbled "[Markey is presiding] over a sea change in the way 

we communicate."   



Anyway, Markey - or more likely a staff flunky ghost-writer - has 

recently written on atomic bomb technology transfer  in "Nuclear 

Peril: the Politics of Proliferation." He's also been involved in 

hassling the State Department over French overflights of the US by 

air transports carrying fissionables for use in the controversial 

Pacific test shots.  Markey is also working to clean up children's 

television programming and involving himself in the Congressional

debate and legislation over obscenity and the Internet. Come to 

think of it, Crypt Newsletter believes this is more useful work 

than any amount of fiddling with the Internet, BBSes, computer crime 

or computer viruses.]



     



Dear Crypt:



How do I get the Underground Technology Review?  I am interested

in making pepper spray and computer viruses.



---Name of young reader withheld for his own benefit



[Crypt responds:  Underground Technology Review is no more. UTR

editor Mark Ludwig recently confided that a Norman Data Defense 

employee (name withheld to protect job security) called him trying 

to secure, scrounge - actually, a complimentary subscription to the 

publication. Sadly, for Norman Data, UTR is now discontinued.



As for pepper spray, it's not effective against computer viruses.] 

     

     



Dear Crypt:



Hi! I am from Cyprus. I want to know if you have the latest version 

of Virus Creation Laboratory. I have the 1992 version and I want an 

upgrade. Or, if you have another virus creation programme, please

inform me.



---Name of young reader withheld for his own benefit

     

[Crypt responds: Does this mean you're still deviling the Turks on 

the other side of the island?]





CRYPT HYPERBASE



If you're reading this you don't have it.  Crypt #34 was also published

as a hypertext/xText reader. It adds hyperlinked cross indices and a 

linked glossary, as well as greatly expanded discussion of topics 

covered in this edition. The hypertext editions provide a convenient

way to order your library of Crypt Newsletters.  With the reader,

it is only necessary to copy the Newsletter database issues - the

files with names like CRYPTxx.XDB - into the same directory as the

reader and go.  The reader will provide a pick list of the

collected issues and link through them as they are displayed and read.





CRYPT NEWSLETTER HYPERTEXT DATABASE



The CRYPT NEWSLETTER database is now available as a hypertext

tool.  We've collected all the Crypt Newsletters from the

magazine's initial publication in 1992 to the present and

reworked them into a linked, keyworded, annotated hypertext

database.



The database contains not only the best of Crypt Newsletter but

also a great deal of additional material and notes never published

before.  Where appropriate, additions have also been made to old

issues and articles to provide current perspective and background.

The database also contains a keyworded glossary and extensive 

subject index spanning the length and breadth of the newsletter.



In the database you'll find comprehensive stories and news on: 

    

     � the computer virus underground and virus-writers

     

     � the anti-virus industry

     

     � on-line culture and sociology

     

     � the secret government within the military industrial complex

     

     � anti-virus software reviews

     

     � book reviews of current titles in security

     

     � annals of computer crime & computer virus spread

     

     � discussion of legal issues with regard to computer viruses and

       related computer crime



     � review of the mainstream media: the shams and scams reported as

       real news. Take a clear-eyed, skeptic's look at the information 

       highway!



And there's much more, all delivered in the acerbic, to-the-point

style used by the Crypt Newsletter.



The Crypt Newsletter database is also extensible.  Future hypertext

issues can easily be copied to the database's directory on your

home computer and be seamlessly integrated into the collection.



The Crypt Newsletter hypertext database can be purchased

for $60, plus $1.50 shipping and handling.  Overseas customers

add $6.50 for shipping and handling.



Checks or money orders should be made payable to:



                George Smith, Editor

                

Send to:        Crypt Newsletter

                1635 Wagner St.

                Pasadena, CA 91106

                USA



Remember to include your current mailing address with purchase.





REACHING CRYPT NEWSLETTER





Send software, books, or public-relations phlogiston for review

and consideration to:



                Crypt Newsletter

                1635 Wagner St. 

                Pasadena, CA 91106



Alternatively: public relations phlogiston may be e-mailed:



crypt@sun.soci.niu.edu or 70743.1711@compuserve.com



Phones:  818-568-1748







CRYPT ON COMPUSERVE



Those readers with accounts on Compuserve can now take part in the

dedicated Crypt Newsletter message base and attached file library in

the National Computer Security Association special interest group.

GO NCSAFORUM and look for message base #20, Crypt Newsletter.

Current issues are on-line in the attached file library.





CRYPT NEWSLETTER WORLD WIDE WEB HOME PAGE



You can visit Crypt & The Virus Creation Labs on the

World Wide Web, download back issues and sample a chapter

from VCL!



Set your graphical browser (Mosaic, Netscape, etc.) to:



URL: http://www.soci.niu.edu/~crypt





ACKNOWLEDGEMENTS - In one way or another, this issue couldn't 

be the scintillating read it is without:



Bob Casas, Ph.D., of CPC Ltd.(COMSEC), Glenview, Illinois, for 

hypertext & hyperlinks prodding; Roger Thompson of Thompson 

Network Software, Marietta, Georgia, for sundries; Steven 

Aftergood of the Federation of American Scientists, Washington, 

D.C., for keeping Urnst, the cat, in good reading material with 

those timely FAS reports; Dave Kennedy of NCSA for consumer

alerts.



----------------------------------------------------------------

If you quite enjoy the Crypt Newsletter, editor George Smith's book,

The Virus Creation Labs: A Journey Into the Underground,"  will 

really flip your wig. In it Smith unravels the intrigue behind

virus writers and their scourges, the anti-virus software

developers and security consultants on the information highway.



What readers are saying about THE VIRUS CREATION LABS:



     "[VIRUS CREATION LABS] is informative and stunningly 

     incisive . . . "

                      ---Secure Computing, October 1995



     "George Smith . . . takes a look at the world of virus writers

     and anti-virus software vendors in a style similar to that

     of 'Cyberpunks' -- anecdotal, humorous and revealing . . . a

     lucid and entertaining read."



                      ---Computer Security Journal

     

     "Heavens -  I don't think I've had as hysterically funny a read

     in MONTHS!  The politics of the anti-virus field is at

     least as back-biting and insane as the virus writing field, if not

     more.  You really probably have no idea exactly how 'corrupt, 

     corroded and tangled' the anti-virus field really 

     was . . . *chuckle* . . . Anyhow, I just thought I'd write to you 

     to express my appreciation, as an ex-member of that 'long chain 

     of cheats, hypocrites and fools' for a hysterically funny look 

     into the 'underground' that produced the code we had so much 

     fun - and really we DID, especially in the early

     days - reverse engineering and countering."



                       ---an ex-McAfee Associates employee



     "There are relatively few books on the 'computer underground' that

     provide richly descriptive commentary and analysis of personalities

     and culture that simultaneously grab the reader with entertaining

     prose. Among the classics are Cliff Stoll's 'The Cuckoo's Egg,' 

     Katie Hafner and John Markoff's 'Cyberpunk,' and Bruce 

     Sterling's 'The Hacker Crackdown.'  Add George Smith's 

     'The Virus Creation Labs' to the list . . . 'Virus Creation 

     Labs' is about viruses as M*A*S*H is about war!"



                       ---Jim Thomas, Computer underground

                       Digest 7.18, March 5, 1995



     "THE VIRUS CREATION LABS dives into the hoopla of the Michelangelo

     media blitz and moves on to become an engaging, articulate,

     wildly angry diatribe on the world of computer virus writers . . .

     Expert reporting."

                      ----McClatchy NewsWire





-------------------------order form-------------------------



Yes, I want my wig flipped and wish to receive a copy of George

Smith's "The Virus Creation Labs: A Journey Into the Underground"

(American Eagle, ISBN 0-929408-09-8).



   Price: $12.95/copy plus $2.50 shipping per book (add $7.50 overseas)



   NAME: _____________________________________________



   ADDRESS: __________________________________________



   CITY/STATE/ZIP: __________________________________



   Payment method:



   ___ Master Charge



   ___ Money Order



   ___ Check



   ___ Visa



   Credit Card # ___________________________________________



   Expiration date _________________________________________



   Name: ____________________________



   Orders can be taken by voice or fax through regular phone

   number and/or 1-800 number in USA.  COD welcome.



   American Eagle: 1-800-719-4957

                   1-602-367-1621

                   POB 1507

                   Show Low, AZ 85901









-------------------------------------------------------------

George Smith, Ph.D., edits the Crypt Newsletter. Media critic 

Andy Lopez lives in Columbia, SC. 



copyright 1995 Crypt Newsletter. All rights reserved.