Computer underground Digest Sun Dec 22, 1996 Volume 8 : Issue 91

Computer underground Digest Sun Dec 22, 1996 Volume 8 : Issue 91
ISSN 1004-042X

Editor: Jim Thomas ([email protected])
News Editor: Gordon Meyer ([email protected])
Archivist: Brendan Kehoe
Shadow Master: Stanton McCandlish
Field Agent Extraordinaire: David Smith
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Ian Dickinson
Cu Digest Homepage: http://www.soci.niu.edu/~cudigest

CONTENTS, #8.90 (Sun, Dec 22, 1996)

File 1--Review of Flanagan's JavaScript (by Warner Winborne)
File 2--"Disappearing Cryptography" by Wayner
File 3--HPCS'97 CFP (Conference info) (fwd)
File 4--ISOC 1997 SYMPOSIUM NETWORK & DISTRIBUTED SYSTEM SECURITY
File 5--Cu Digest Header Info (unchanged since 13 Dec, 1996)

CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION ApPEARS IN
THE CONCLUDING FILE AT THE END OF EACH ISSUE.

---------------------------------------------------------------------

Date: Mon, 02 Dec 96 22:02 CST
From: Warner Winborne <[email protected]>
Subject: File 1--Review of Flanagan's JavaScript (by Warner Winborne)

Review of Flanagan's JavaScript (by Warner Winborne)
Northern Illinois University

David Flanagan's JavaScript: The Definitive Edition (Beta
Version) is a noble attempt at making sense of this troublesome
language. Flanagan concisely describes JavaScript from top to
bottom, from lexical structure to objects, arrays, functions and
methods, and in so doing, dispels the myth that JavaScript is
merely a watered-down version of JAVA. There are some
syntactical similarities between JavaScript and JAVA, but the two
languages possess separate strengths and weaknesses. Neither
should be considered a substitute for the other, but they may be
combined in a highly complimentary fashion.

The book documents in painstaking detail the structure and
elements of JavaScript. Much of this should be familiar to those
who have experience programming in C or C++, but will be
difficult reading for the neophyte. Flanagan then turns to the
more exciting task of explaining how JavaScript interacts with
the client. Since JavaScript is a "scripting language" which
interacts with the client, the client's browser, and the
browser's contents, client-side JavaScript elements are what can
make JavaScript a dynamic language.

As Flanagan points out so well, JavaScript possesses great
potential. As an HTML-embedded language, it is restricted to the
confines of web pages, but within those limitations, it is quite
flexible. Adding to the excitement is the possibility of
running JAVA applets within JavaScript with "LiveConnect"
(available only in Netscape 3.0). This effectively merges the
strengths of the two languages. Flanagan closes his text with an
impressive and invaluable 260 page reference section, documenting
JavaScript functions, methods, arrays, constants and event
handlers.

But despite the exhaustive reference section and the careful
documentation of the structure, JavaScript: The Definitive
Edition is not the "definitive" work, as even Flanagan must
admit. After all, how can a beta edition be considered
"definitive"?

JavaScript is a programming language that addresses some of
the limitations of CGI scripts, most notably that they run on the
server side. Since JavaScript is an interpreted language (that
is, it needs no compiling), it is possible for the client to
perform many of the functions of CGI scripts, thus reducing the
load on the server. But JavaScript can also be used on the
server side to supplement (and even replace) CGI scripts.
Flanagan's book focuses almost exclusively on the client side.
This is reasonable, since server-side JavaScript (a.k.a.
LiveWire) is in beta release, and since most HTML authors who
wish to program in JavaScript may not have access to the CGI
scripts and cgi-bin directory on their ISPs. As a result, most
of the programming in JavaScript can be expected to occur on the
client side. Therefore, Systems Administrators and those who
desire to program in JavaScript on the server side may wish to
wait for the server side edition of the book, which Flanagan
promises will be forthcoming.

In addition, JavaScript is replete with bugs (as most
webmasters should know). Flanagan admits that "the most notable
feature of JavaScript is its bugs. And the most common
experience of JavaScript programmers is frustration." He makes an
admirable attempt at documenting the most frequently encountered
bugs, but since there are so many of these bugs, and since they
vary based upon the client's browser and operating system,
Flanagan can only scratch the surface. He acknowledges that
"there is a desperate need for a definitive list of known bugs in
JavaScript. . . Definitively documenting all bugs in all
versions of Navigator on all the platforms it supports would be a
task more difficult than definitively documenting JavaScript
itself."So, we'll have to wait for JavaScript Bugs: The
Definitive Edition.

JavaScript: The Definitive Edition is a well crafted, well
organized, indispensable resource for the JavaScript programmer.
While readers with experience programming in C++ or JAVA while
find the book easier to read and understand than will the novice,
it is possible for the uninitiated yet dedicated to begin
programming in JavaScript with the assistance of Flanagan's book.
Yet I remain unconvinced that I should begin to program in
JavaScript. The fault lies not with Flanagan and his work, but
with the language itself.

In the first place, JavaScript is supported by Netscape
(versions 2.0 and up) and by Microsoft Internet Explorer 3.0.
While Netscape continues to command a large share of the browser
market, it is folly to assume that the client will be running a
JavaScript-capable browser. Both Mosaic and Lynx will completely
ignore all of your hard work with JavaScript. So will Netscape
1.22. Flanagan recommends that webmasters who program with
JavaScript instruct clients to upgrade to a JavaScript capable
browser. But what of the client who browses with a networked
version of Netscape 1.22 (or Mosaic or Lynx)? It is not uncommon
for businesses and universities to make networked copies of web
browsers available to employees or students. As a result,
upgrading is not an option for these clients.

Second, JavaScript is unbelievably buggy. In an attempt to
corner the client-side scripting language market, Netscape
duplicated its strategy to corner the web browser market.
JavaScript was thrust upon us early, so that it would become the
"default" language. But what we got was remarkably flawed.

Flanagan offers two JavaScript "tutorials". The first
employs the Date object, which should display the local day,
date, and time. The code for this marvel is

<HTML>
<BODY>
<SCRIPT LANGUAGE="JavaScript">
var now = new Date();
document.write(now);
</SCRIPT>
</BODY>
</HTML>

This may or may not display the true day, date and time. I
get the correct day, date and time, but the wrong time zone. A
trip to the reference section of JavaScript: The Definitive
Edition tells us that "In Navigator 2.0, the Date object has
quite a few bugs and is almost unusable." I find it instructive
that the first tutorial employs an object so buggy as to be
rendered worthless.

A further bug worthy of note is the Object.eval() method.
This method (with Netscape 2.0 it is a function), is used to
evaluate, and return the value of, code that is placed between
the (). But for clients using Netscape 2.0 on Windows 3.1
platforms, this function has a different effect.

It crashes the browser.

Of course, JavaScript is infamous for its security bugs. The
initial release of JavaScript (with Netscape 2.0) permitted the
creation of code that would read the browser's e-mail address,
and then send mail from that address. To its credit, Netscape
released Netscape 2.0.1 to fix such security holes, and this
particular one was hobbled. But after the release of Netscape
2.0.1, it was discovered that code could be written which would
read and write files to the client's hard drive!

Finally, and I believe most alarmingly, is Netscape's
admission that future releases of JavaScript may not be backwards
compatible. Citing Netscape's online documentation of
JavaScript, Flanagan writes, "Development of the JavaScript
language and its documentation continues. Additional features
are planned; some current features could be modified if
necessary." Since JavaScript made its debut prematurely, it may
be better to jettison the "beta" version of the language when a
more stable form is released. Regardless, the news that the
JavaScript programming I do today may not work tomorrow does not
fill me with the desire to program in JavaScript. Nor am I
emboldened by the prospect of creating multiple JavaScript
programs (old and new versions) to accomplish one task.

With these reservations, I can not help but wonder why
Flanagan wrote JavaScript: The Definitive Edition. Flanagan
himself shares these same reservations, but claims that he was
hounded by HTML authors to produce the book. Well, I can not
find fault with him for responding to demand. But I must wonder
if the demand was caused by the frustrations experienced by these
JavaScript programmers, and by the hope that Flanagan could point
out the errors in their programming. Unfortunately, the errors
reside in the language itself.

Flanagan also claims that, like it or not, JavaScript has
become the default programming language for the Web community.
But this too may change. SunLabs has just released a plug-in for
Netscape 3.0 which permits the browser to run Tcl (Tool Command
Language) application code. Like JavaScript, Tcl is an
interpreted (i.e. non-compiled) scripting language. And like
JavaScript's "LiveConnect" which is a "wrapper" around JAVA code,
Tcl is often used with Tk, its wrapper around JAVA and C and C++
code. JavaScript may not be the only kid on the block for long.
Furthermore, Tcl/Tk is being released slowly. SunLabs has the
benefit of witnessing JavaScript's difficulties with security,
and has released Safe-Tcl to limit the security risks on the
client side.

For the HTML author who simply can not wait to program in
JavaScript, David Flanagan's JavaScript: The Definitive Edition
is indispensable. Well crafted, organized and documented, this
book will be useful to all programmers, whether they are new to
the challenges of programming, or "old hands".

But for those who, like me, balk at the idea of the
frustrations that the author promises will accompany programing
in JavaScript, Flanagan and O'Reilly Press will produce a final
version of this beta edition, documenting the most recent (and we
hope substantially more stable) version of JavaScript. He has
also promised the addition of a section with examples of code for
common tasks, which should be of great use to the novice.
Finally, chapters on server-side JavaScript, or LiveWire, will be
added, which should be attractive to those who wish to program on
the server side.

------------------------------

Date: Mon, 25 Nov 1996 11:15:46 EST
From: "Rob Slade, doting grandpa of Ryan & Trevor"
Subject: File 2--"Disappearing Cryptography" by Wayner

"Disappearing Cryptography", Peter Wayner, 1996, 0-12-738671-8, U$29.95
%A Peter Wayner [email protected]
%C 1300 Boylston Street, Chestnut Hill, MA 02167
%D 1996
%G 0-12-738671-8
%I Academic Press Professional
%O U$29.95 +1-617-232-0500 +1-800-3131277 [email protected]
%P 295
%T "Disappearing Cryptography"

The title seems to allude to, and the book jacket definitely
trumpets, steganography, the act or art of "hiding in plain
sight". An example of a steganographic message would be one
which appears to be an innocuous and ordinary family letter, but
which carries detailed information in the background. One
chapter of the book does deal with this type of encryption,
although only in terms of hiding text data in pictures. The book
as a whole seems more like a collection of essays on topics
related to encryption.

The topics represented cover a broad range of information
science. The level of detail provided varies, but in general the
explanations are fairly simple.

copyright Robert M. Slade, 1996 BKDSCRPT.RVW 960902

------------------------------

Date: Thu, 12 Dec 1996 18:49:11 -0500 (EST)
From: Noah <[email protected]>
Subject: File 3--HPCS'97 CFP (Conference info) (fwd)

From -Noah

---------- Forwarded message ----------
Date--Thu, 12 Dec 1996 18:33:49 +0200
From--Dimitris Serpanos <[email protected]>
Subject--HPCS'97 CFP

*******************************************************************************

CALL FOR PAPERS
===============
Also available at: "http://www.ics.forth.gr/events/hpcs97/hpcs97cfp.html"
and "http://emperor.arl.wustl.edu/arl/workshops/hpcs/"

The Fourth IEEE Workshop on the Architecture and Implementation
of High Performance Communication Systems (HPCS'97)
Sani Beach, Chalkidiki, Greece
June 23-25, 1997

Sponsored by:
=============
IEEE Communications Society

In Cooperation with:
=================================
AUTH, NTUA, ICS-FORTH, CTI, INTRACOM

HPCS'97 will focus on all issues related to systems and services
for the 21st century. Advances in all areas of computing and
networking have resulted in systems that provide a wide range of
applications, from digital libraries to real-time games, attracting
a diverse population of users, from researchers and students to
travellers and shoppers. The rapid changes in the infrastructure
used by telephone, cable, and satellite companies and the new
competitive environment fosterd by privatization and reregulation
as well as the growth of intranets and internet service providers
have triggered significant efforts to provide additional services
over the network to potential users and buyers. HPCS'97 will focus
on the architecture, design and implementation of networks, systems
and applications that target these emerging systems.

Presentations are sought, which describe original techniques,
methodologies, experimental results, design issues and comparative
studies related to the general theme. New ideas, approaches and
early results are very welcome.
Topics of interest include (but are not limited to):

- Communication systems architecture, design and implementation
- End-to-end Network Architecture
- Applications and their requirements
- Residential Broadband Networking
- Wireless Networks and Mobility
- IP/ATM Integration
- Active Networks
- Quality-of-Service
- Multimedia Systems
- Internet Telephony
- Digital Video Technology
- Enabling Technologies
- Security, Management and Service Integration
- Standards
- Regulatory--Social--Economic Issues

Important Dates
===============
1/15/97: Paper submission deadline (Extended Abstract - 2 to 5 pages)
3/1/97: Acceptance notification.
4/15/97: Final manuscript due.
4/15/97: Pre-registration deadline.
6/23-25/97: Conference.

Submissions
===========

Papers are restricted to an extended abstract no longer than five
formatted postscript pages. To complete your submission, please send
the following items by electronic mail to [email protected]

(1) The paper in POSTSCRIPT form

(2) The title of the paper, the list of authors with complete contact
information in the form of email address and phone number, and an
abstract summarizing the paper in PLAIN TEXT.

Only if electronic submission is IMPOSSIBLE, papers may be sent to the
following mailing address:

Dr. Gurudatta M. Parulkar
ATTN: HPCS 97
Washington University
Department of Computer Science
Applied Research Laboratory
Campus Box 1045
St. Louis, Missouri 63130
USA

Steering Committee:
===================
Zygmunt Haas (Cornell U, USA)
Ahmed Tantawy (IBM Research, USA)

General Chair:
==============
Radu Popescu-Zeletin (GMD-FOKUS, Germany)

Program Committee:
==================
CHAIR: Guru Parulkar (Washington U, USA)
------
Andreas D. Bovopoulos (3Com Corporation, USA)
Augusto Casaca (IST-INESC, Portugal)
Olga Casals (U of Barcelona, Spain)
Jon Crowcroft (UCL, UK)
Christophe Diot (INRIA Sophia Antipolis, France)
David J. Farber (U of Pennsylvania, USA)
Nicolas D. Georganas (U of Ottawa, Canada)
Mario Gerla (UCLA, USA)
Per Gunningberg (SICS, Sweden)
Zygmunt Haas (Cornell U, USA)
David Hutchison (U of Lancaster and HP Labs, UK)
Manolis Katevenis (FORTH and U of Crete, Greece)
Simon Lam (U of Texas, Austin, USA)
Hanafy Meleis (Racal Data Group, USA)
Yoram Ofek (IBM Research, USA)
Michael Paterakis (TU Crete, Greece)
Niovi Pavlidou (AUTH Thessaloniki, Greece)
Bernhard Plattner (ETH, Switzerland)
George Polyzos (U of California, San Diego, USA)
Krishan Sabnani (Bell Labs, USA)
Pavlos Spirakis (TU Patras and CTI, Greece)
George Stassinopoulos (NTUA, Greece)
Heinrich Stuettgen (IBM Heidelberg, Germany)
Hiroshi Suzuki (NEC, Japan)
Asser Tantawi (IBM Research, USA)
Don Towsley (U of Massachessets, USA)
Yannis Viniotis (North Carolina State U, USA)
Martina Zitterbart (TU Braunschweig, Germany)

Local Organization Chair:
=========================
Leonidas Georgiadis (AUTH Thessaloniki, Greece)

Financial Chair:
================
Chatschik Bisdikian (IBM Research, USA)

Registration Chair:
===================
Yurdaer Doganata (IBM Research, USA)

Publicity Chair:
================
Dimitrios N. Serpanos (U Crete & FORTH, Greece)

------------------------------

From: "David M. Balenson" <[email protected]>
Subject: File 4--ISOC 1997 SYMPOSIUM NETWORK & DISTRIBUTED SYSTEM SECURITY
Date: 1 Dec 1996 09:27:59 -0000

Source - Newsgroups: comp.virus

----------------------------------------------------------

THE INTERNET SOCIETY 1997 SYMPOSIUM ON
NETWORK AND DISTRIBUTED SYSTEM SECURITY
(NDSS '97)

10-11 FEBRUARY 1997

SAN DIEGO PRINCESS RESORT, SAN DIEGO, CALIFORNIA

This fourth annual symposium will bring together researchers,
implementors, and users of network and distributed system security
technologies to discuss today's important security issues and
challenges. It will provide a mix of technical papers and panel
presentations that describe promising new approaches to security
problems that are practical, and to the extent possible, have
been implemented. We hope to foster the exchange of technical
information and encourage the Internet community to deploy
available security technologies and develop new solutions to
unsolved problems.

WHY YOU SHOULD ATTEND

The use of the Internet is rapidly growing and expanding into
all aspects of our society. Commercial organizations are coming
under increasing pressure to make their services available on-line.
This in turn is increasing the need for rapid and widespread
deployment of usable and effective network and distributed system
security technologies. High visibility attacks on the Internet
underscore the vulnerabilities of the Internet and the need to
solve its security problems. There is growing concern for securing
the network infrastructure itself. Recent trends in software
distribution (such as Java and ActiveX technologies) have made
certain attacks easier to carry out. Privacy has become an
important issue for the Internet.

NDSS '97 will bring together researchers, implementors, and users
of network and distributed system technologies to discuss today's
important security issues and challenges. We have selected the
technical papers and panel presentations that describe promising
new approaches to security problems that are practical, and to
the extent possible, have been implemented. Topics to be addressed
include Internet infrastructure and routing security, security
for the World Wide Web, Java and ActiveX security, cryptographic
protocols, public key management, and protection of privacy.

The symposium will have a positive impact on the state of Internet
security. You will have the opportunity to actively participate
in the dialog. Ask questions of the speakers, raise your important
issues during the panel sessions, and let other participants know
of your requirements, observations, and experience in this
important area. We hope to encourage the wide-scale deployment
of security technologies and to promote new research that can
address the currently unmet security needs of the Internet
community.

CONTENTS

Preliminary Program
Organizing Committee
San Diego Princess Resort
Registration Information
Registration Form

- --------------------------------------------------------------------------

P R E L I M I N A R Y P R O G R A M

SUNDAY, FEBRUARY 9

6:00 P.M. - 8:00 P.M.
RECEPTION

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

MONDAY, FEBRUARY 10

7:30 A.M.
CONTINENTAL BREAKFAST

8:30 A.M.
OPENING REMARKS

9:00 A.M.
SESSION 1: THINGS THAT GO BUMP IN THE NET
Chair: Stephen T. Kent (BBN Corporation, USA)

Experimental Results of Covert Channel Elimination in One-Way
Communication Systems, Nick Ogurtsov, Hilarie Orman, Richard
Schroeppel, Sean O'Malley, and Oliver Spatscheck (University
of Arizona, USA)

Blocking Java Applets at the Firewall, David M. Martin Jr.,
Sivaramakrishnan Rajagopalan and Aviel D. Rubin (Bellcore, USA)

Continuous Assessment of a Unix Configuration: Integrating
Intrusion Detection & Configuration Analysis, Abdelaziz Mounji
and Baudouin Le Charlier (Institut D'Informatique, Namur,
BELGIUM)

10:30 A.M.
BREAK

11:00 A.M.
SESSION 2: PANEL: SECURITY OF DOWNLOADABLE EXECUTABLE CONTENT
Chair: Aviel Rubin (Bellcore, USA)

12:30 NOON
LUNCH

2:00 P.M.
SESSION 3: PROTOCOL IMPLEMENTATION AND ANALYSIS
Chair: Christoph Schuba (Purdue University, USA)

An Interface Specification Language for Automatically Analyzing
Cryptographic Protocols, Stephen H. Brackin (Arca Systems, USA)

Probable Plaintext Cryptanalysis of the IP Security Protocols,
Steven M. Bellovin (AT&T Research, USA)

Misplaced Trust: Kerberos Version 4 Session Keys, Bryn Dole (Sun
Microsystems), Steve Lodin (Delco Electronics), and Eugene Spafford
(Purdue University, USA)

3:30 P.M.
BREAK

4:00 P.M.
SESSION 4: PANEL: SECURITY OF THE INTERNET INFRASTRUCTURE
Chair: Russ Mundy (Trusted Information Systems, USA)

7:00 P.M.
DINNER BANQUET

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

TUESDAY, FEBRUARY 11

7:30 A.M.
CONTINENTAL BREAKFAST

8:30 A.M.
SESSION 5: ROUTING SECURITY
Chair: Hilarie Orman (DARPA, USA)

Securing the Nimrod Routing Architecture, Karen E. Sirois and
Stephen T. Kent (BBN Corporation, USA)

Securing Distance-Vector Routing Protocols, Bradley R. Smith,
Shree Murthy and J.J. Garcia-Luna-Aceves (University of California
Santa Cruz, USA)

Reducing the Cost of Security in Link-State Routing, R. Hauser,
A. Przygienda and G. Tsudik (IBM and USC/ISI, USA)

10:00 A.M.
BREAK

10:30 A.M.
SESSION 6: SECURITY FOR THE WORLD WIDE WEB
Chair: Win Treese (OpenMarket, USA)

Securing Web Access with DCE, Brian C. Schimpf (Gradient
Technologies, USA)

PANEL: SECURITY FOR THE WORLD WIDE WEB
Chair: Win Treese (OpenMarket, USA)

12:00 A.M.
LUNCH

1:30 P.M.
SESSION 7: PUBLIC KEY MANAGEMENT
Chair: Jonathan Trostle (CyberSafe, USA)

Hierarchical Organization of Certification Authorities for
Secure Environments, Lourdes Lopez (Universidad Politecnica de
Madrid, SPAIN)

Trust Models in ICE-TEL, Andrew Young and Nada Kapidzic Cicovic
(Univeristy of Salford, UNITED KINGDOM)

Distributed Authentication in Kerberos Using Public Key
Cryptography, Marvin Sirbu and John Chung-I Chuang (Carnegie
Mellon University, USA)

3:00 P.M.
BREAK

3:30 P.M.
SESSION 8: PANEL: WEB PRIVACY AND ANONYMITY
Chair: (To Be Determined)

- --------------------------------------------------------------------------

O R G A N I Z I N G C O M M I T T E E

GENERAL CHAIR
David Balenson, Trusted Information Systems

PROGRAM CHAIRS
Clifford Neuman, USC Information Sciences Institute
Matt Bishop, University of California at Davis

PROGRAM COMMITTEE
Steve Bellovin, AT&T Research
Tom Berson, Anagram Laboratories
Doug Engert, Argonne National Laboratory
Warwick Ford, Verisign
Richard Graveman, Bellcore
Li Gong, JavaSoft
Burt Kaliski, RSA Laboratories
Steve Kent, BBN Corporation
Tom Longstaff, CERT
Doug Maughan, National Security Agency
Dan Nessett, 3Com Corporation
Hilarie Orman, DARPA/ITO
Michael Roe, University of Cambridge
Christoph Schuba, Purdue University
Jonathan Trostle, CyberSafe
Theodore Ts'o, Massachusetts Institute of Technology
Doug Tygar, Carnegie Mellon University
Vijay Varadharajan, University of W. Sydney
Roberto Zamparo, Telia Research

PUBLICATIONS CHAIR
Steve Welke, Institute for Defense Analyses

LOCAL ARRANGEMENTS CHAIR
Thomas Hutton, San Diego Supercomputer Center

REGISTRATIONS CHAIR
Torryn Brazell, Internet Society

STEERING GROUP
Internet Research Task Force, Privacy and Security Research Group

SPONSORED BY THE INTERNET SOCIETY
Donald M. Heath, President & CEO
Martin Burack, Executive Director

- --------------------------------------------------------------------------

S A N D I E G O P R I N C E S S R E S O R T

LOCATION

The Symposium venue is the San Diego Princess Resort, a tropical
paradise on a forty-four acre island in Mission Bay, ten minutes
from the international airport. Lush gardens landscaped with
hundreds of species of tropical and subtropical plants are
always ablaze with color and perfect for themed group events.
Charming pathways wander among sparkling waterfalls, across
quaint footbridges and sleepy lagoons filled with water lilies
and waterfowl. A white sand beach curves around the island
for over a mile, and the award-winning grounds encompass five
swimming pools and six lighted tennis courts.

Spouses and family members can catch a convenient Harbor Hopper
for a quick trip to Sea World. Plan to visit La Jolla, the world
famous San Diego Zoo or Mexico, only 30 minutes by car or Trolley.

HOUSING INFORMATION

We have reserved a special block of sleeping rooms at the San Diego
Princess Resort at the following rates:

Lanai Patio Rooms $ 81*
Lanai Garden Rooms $114

* This represents the Government Rate for San Diego. A limited
number of rooms are available at this rate. Reservations must
be made no later than January 13, 1997. You must present a
valid government id upon check-in.

Based on room type and space availability, the special group
rates are applicable two days prior to and two days after the
symposium. Current Room Tax is 10.5%.

Check-in availability cannot be committed prior to 4:00 p.m.
Check-out time is 12:00 noon. The San Diego Princess Resort
will make every effort to accommodate any early arrivals, so
make sure you give them your arrival time when you make your
reservation.

TO MAKE A RESERVATION

Contact the San Diego Princess Resort at +1-800-344-2626
(+1-619-274-4630 if outside the United States). To receive
the special group rates, reservations must be made no later
than January 20, 1997. To receive the special goverment
rate, you must make your reservation by January 13, 1997.

CLIMATE

February weather in San Diego is normally very pleasant. Early
morning temperatures average 55 degrees while afternoon
temperatures average 67 degrees. Generally, a light jacket or
sweater is adequate, although, occasionally it rains.

- --------------------------------------------------------------------------

R E G I S T R A T I O N I N F O R M A T I O N

FEES ISOC Non-
Members Member*
Early registration
(postmarked on/before Jan. 22) $305 $345

Late registration $375 $415

REGISTRATION INCLUDES

- Attendance - Symposium Proceedings - Two luncheons
- Reception - Banquet - Coffee Breaks

* Non-Member fee includes one year Internet Society membership.

FOR MORE INFORMATION

Contact Carol Gray at the Internet Society at +1-703-648-9888
or send E-mail to [email protected].

WEB PAGE

Additional information about the symposium and San Diego, plus
on-line registration, are available via the Web at:

http://www.isoc.org/conferences/ndss97

SPONSORSHIP OPPORTUNITIES AVAILABLE!

Contact Torryn Brazell at the Internet Society at +1-703-648-9888
or send E-mail to [email protected].

- --------------------------------------------------------------------------

R E G I S T R A T I O N F O R M

INTERNET SOCIETY SYMPOSIUM ON NETWORK AND DISTRIBUTED SYSTEM SECURITY
10-11 FEBRUARY, 1997 SAN DIEGO, CALIFORNIA, USA

Fill out this form and FAX it to NDSS'97 Registration at +1-703-648-9887,
send it via E-mail to [email protected], or mail it to NDSS97,
12020 Sunrise Valley Drive, Suite 210, Reston, VA, 20191, USA

PERSONAL INFORMATION

__Mr __Ms __Mrs __Dr __Prof __M __Prof Dr __Dip Ing __Ing __Miss __Mlle

First Name: ________________________________ MI: ____________________

Family Name: ___________________________________ __Sr __Jr __II __III

Badge Name: __________________________________________________________
Please enter your name as you would like it to appear on your name tag.

CONTACT INFORMATION

Title: _______________________________________________________________

Organization: ________________________________________________________

Street address: ______________________________________________________

______________________________________________________________________

City: ________________________________________________________________

State/Province: ___________________________ Postal Code: ____________

Country: _____________________________________________________________

Telephone Number (work): _____________________________________________

Telephone Number (home): _____________________________________________

Fax Number: __________________________________________________________

E-mail address: ______________________________________________________

SPECIAL NEEDS? (Vegetarian meals, wheelchair access, etc?)

______________________________________________________________________

______________________________________________________________________

APPEAR ON REGISTRANTS LIST?

___ Please check here if you would NOT like your name included
in the list of registrants.

PAYMENT INFORMATION

All Payments must be in United States Dollars.

Conference Fee
--------------

If you are an Internet Society member, you are eligible for a
reduced conference registration fee. Non-member symposium
attendees will receive a one year Internet Society membership
as part of the non-member registration fees.

Check one: On/Before After
January 22 January 22
---------- ----------
___ Internet Society Member Fee US$ 305.00 US$ 375.00

___ Non-Member Fee US$ 345.00 US$ 415.00

Method of Payment
-----------------

Payment must be received on/before February 7, 1997 or we will
be unable to pre-register you.

1. ___ Check. Make payable to the Internet Society.

2. ___ Credit Card. ___ American Express ___ Visa ___ Mastercard

Name on Credit Card: ____________________________________

Credit Card Number: _____________________________________

Expiration Date: ________________________________________

3. ___ CyberCash. Account Number: _____________________________

4. ___ First Virtual. Account Number: _________________________

5. ___ Wire Transfer*

Bank ABA Number: 054000030
Account Number: Internet Society 148 387 10

Riggs National Bank of Virginia
950 Herndon Parkway
Herndon, VA 20171 USA

Wire Transfer Confirmation Number: ______________________

* Please process wire transfer before sending registration
form.

6. ___ U.S. Government Purchase Order*

P.O. Number: ____________________________________________

* Please fax or mail a copy of your purchase order along
with your registration form.

Cancellation Policy
-------------------

Refunds (less a $25 processing fee) will be issued for cancellations
received on/before February 7, 1997. No refunds will be issued
after February 7, 1997.

------------------------------

Date: Thu, 15 Dec 1996 22:51:01 CST
From: CuD Moderators <[email protected]>
Subject: File 5--Cu Digest Header Info (unchanged since 13 Dec, 1996)

Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically.

CuD is available as a Usenet newsgroup: comp.society.cu-digest

Or, to subscribe, send post with this in the "Subject:: line:

SUBSCRIBE CU-DIGEST
Send the message to: [email protected]

DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS.

The editors may be contacted by voice (815-753-0303), fax (815-753-6302)
or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115, USA.

To UNSUB, send a one-line message: UNSUB CU-DIGEST
Send it to [email protected]
(NOTE: The address you unsub must correspond to your From: line)

Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on RIPCO BBS (312) 528-5020 (and via Ripco on internet);
and on Rune Stone BBS (IIRGWHQ) (860)-585-9638.
CuD is also available via Fidonet File Request from
1:11/70; unlisted nodes and points welcome.

EUROPE: In BELGIUM: Virtual Access BBS: +32-69-844-019 (ringdown)
In ITALY: ZERO! BBS: +39-11-6507540
In LUXEMBOURG: ComNet BBS: +352-466893

UNITED STATES: etext.archive.umich.edu (192.131.22.8) in /pub/CuD/CuD
ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/
aql.gatech.edu (128.61.10.53) in /pub/eff/cud/
world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/
wuarchive.wustl.edu in /doc/EFF/Publications/CuD/
EUROPE: nic.funet.fi in pub/doc/CuD/CuD/ (Finland)
ftp.warwick.ac.uk in pub/cud/ (United Kingdom)

The most recent issues of CuD can be obtained from the
Cu Digest WWW site at:
URL: http://www.soci.niu.edu/~cudigest/

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.

DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.

------------------------------

End of Computer Underground Digest #8.91
************************************