[3320] in cryptography@c2.net mail archive
Re: October 98 SciAm: Computer Security
daemon@ATHENA.MIT.EDU (Arnold G. Reinhold)
Fri Sep 18 17:47:28 1998
In-Reply-To:
<Pine.GSO.3.96.980918114225.6834I-100000@techreports.jpl.nasa.gov>
Date: Fri, 18 Sep 1998 17:04:31 +0100
To: "Jay D. Dyson" <jdyson@techreports.jpl.nasa.gov>,
Cryptography List <cryptography@c2.net>
From: "Arnold G. Reinhold" <reinhold@world.std.com>
Cc: editors@sciam.com
At 11:47 AM -0700 9/18/98, Jay D. Dyson wrote:
>
...
>
> It is disconcerting to see the name of Carolyn Meinel listed aside
>names like Phil Zimmermann and Ron Rivest. Ms. Meinel is not, in my view,
>even a close approximation of a security "expert." And it would appear
>that I am not alone in this belief. The following is attached for your
>review.
>
>- -----BEGIN FORWARDED MESSAGE-----
>Date: Fri, 18 Sep 1998 03:10:20 -0600 (MDT)
>From: Fyodor <fyodor@dhp.com>
>To: InfoSec News <isn@sekurity.org>
>Subject: Carolyn hacks Scientific American, October issue
>
>Scientific American Compromised
>http://www.dhp.com/~fyodor/meinelfraud.txt
>
>Cedar Crest, NM /InsecureWire/ -- September 16, 1998 -- In a hack which is
>arguably more devastating than the recent NYTimes fiasco, Scientific
>American's "Special Report on Security" has been compromised by notorious
>Internet con artist Carolyn P. Meinel.
>
I thought hers was one of the better articles in the issue. Most of the
others were dry as dust and contained nothing new, much as I respect their
authors. Ms. Meinel gave a very good feel for hard it is to secure a large
network. She explains how a single unauthorized modem can defeat the best
security. I liked her image of a hacker's war dialer searching for such a
modem late at night while a security guard notices that every phone in the
building was ringing in succession and doesn't report it. This article can
help senior managers understand why "buy a firewall" is not the final
answer to network security.
So what if some of the specific techniques she mentions are questionable? I
did not expect a hacking manual.
As for the erroneous comma in "telnet refrigerus.com 31,659," it may not be
her fault. Often I have had computer command strings "corrected" by editors
without checking with me first. And if she got in Sci Am with false
credentials, that only adds a nice irony. How one knows whom to trust is
the very heart of security.
Arnold Reinhold
