Subject: IW Mailing List iw/960320
[Moderator's Note: Sorry - all the moderators have been out of
town for the last several days.  We're back and moderating again.

Re: the thing, the deeper question that I would like to see
discussed deals with the social issues of the emerging GII and how
services, attacks, defenses, and the networked environment interact with
each other.  I don't see this as a simple attack and defense issue, but
rather as spanning a wide range of IW issues - to wit:

	IT was the target (a computer system)
	I  was the objective (the policies on that system)
	I and IT was the method (PM via networked communication, etc.)
	I and IT was the weapon (Several technical I-based attacks were involved.)

The question of netiquette, the "unwanted access attempt" vs. "freedom to
explore" vs. "privacy from intrusion", etc.]
From: (Peter da Silva)
Subject: Innocent telnets...
Date: Wed, 20 Mar 1996 10:05:36 -0600 (CST)

> [if you] have no valid account on a system, and nobody invited you in, then
> it is technically an unwanted access attempt, and possibly criminal depending
> upon the interpretation of the law.  If someone wanted to download files
> legitimately, they would try to come in through a gopher or ftp port. 
> Telnet's only purpose is to establish access. 

Not so. There are many services on the net available through telnet, from
the whois server at down to literally hundreds and maybe
even thousands of muds, bbses, chat systems, and games.

[Moderator's Note: I think the simplistic question is not whether public
telnet services exist, but rather whether the offerings of some means
that all telnet ports are considered public access sites/public
knock-on-the-door sites, or private entrances unless otherwise publicly
announced.  The broader questions are outlined above.]

This is even more obviously ambiguous than the case of a bloke getting
suspended from college for NFS-connecting to his school computers from
his home Linux box. There's only a handful of sites with public NFS access
(such as, and I think but people
were arguing that anonymous NFS was common enough that it should be
considered an honest mistake.

[Moderator's Note:  Is there a good reference on this, and could we get
complete details in order to better understand the issues?  It is common
for such summary reports to be inaccurate, misleading, unfairly presented,
etc. - not that this applies here - only that a more complete report would
be far more enlightenning.]

> Sending a message to an administrator does nothing more than alerting
> them to a possible incident, which is how the message was worded
> (admittedly strongly).

I agree. That sort of response is a good idea, though the message should
probably be worded to avoid becoming an attractive nuisance.
Date: Wed, 20 Mar 1996 15:05:38 -0600 (CST)
From: "John A. Morrison" 
Subject: TISC'96 NASA Security Conference

There will be a NASA Sponsored Computer Security Conference, 
May 14th-16th 1996, with eight one-day workshops given on May 
13th 1996 in Houston, Texas at the J. W. Marriott Hotel and
Convention Center.

For up-to-date information, please refer to the URL
or call 713-282-3336
Date: Sat, 16 Mar 1996 22:58:45 -0500
From: winn@Infowar.Com
Subject: InfoWarCon V 1996: Call For Papers

                          InfoWarCon 5, 1996
           Fifth International Information Warfare Conference
            "Dominating the Battlefields of Business and War"
                         September 5-6, 1996
                           Washington, DC

For details contact winn@Infowar.Com