💾 Archived View for gemini.spam.works › mirrors › textfiles › magazines › CUD › cud1001.txt captured on 2022-06-12 at 11:07:14.
-=-=-=-=-=-=-
Computer underground Digest Sun Jan 4, 1998 Volume 10 : Issue 01
ISSN 1004-042X
Editor: Jim Thomas (cudigest@sun.soci.niu.edu)
News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)
Archivist: Brendan Kehoe
Shadow Master: Stanton McCandlish
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Ian Dickinson
Field Agent Extraordinaire: David Smith
Cu Digest Homepage: http://www.soci.niu.edu/~cudigest
CONTENTS, #10.01 (Sun, Jan 4, 1998)
File 1--Re: Salary Survey Results + SANS Update
File 2--China clamps new controls on the Net
File 3--THERE GOES THE NEIGHBORHOOD (CyberPatrol again)
File 4--Personal Information No Longer Available (CDT reprint)
File 5-- Clinton Signs "No Electronic Theft Act"
File 6--No Electronic Theft Act; who's to judge?
File 7--Cu Digest Header Info (unchanged since 7 May, 1997)
CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN
THE CONCLUDING FILE AT THE END OF EACH ISSUE.
---------------------------------------------------------------------
Date: Wed, 24 Dec 1997 16:19:26 -0500 (EST)
From: The SANS Institute <sans@clark.net
Subject: File 1--Re: Salary Survey Results + SANS Update
((MODERATORS' NOTE: The SANS Institute, in addition to producing
the annual salary survey, publishes th Network Security Digest
(every 6 weeks) which is the authoritative digest of new security
threats and solutions. Practicing system administrators and security
professionals can get free subscriptions to the Digest by emailing:
sans@clark.net. This is one of the more useful resources on the
Net and is well worth checking out.
The following tables MAY NOT be redistributed or reproduced without
express permission of the SANS Institute (sans@clark.net)).
=================
1. Since this is the season of salary negotiations as well as holiday
cheer, we are sending you a gift of the main tables from the new (1997)
SANS Salary Survey. You'll get the complete survey report with all
fourteen tables at SANS98 (or NT-SANS), but we hope the tables at the end
of this note are helpful in any immediate salary discussions.
2. In the past week, we've gotten more than twenty emails asking whether
we allow people to register early for SANS98 (Monterey in May) or asking
for early data about the courses and program. Earlier today we put the
finishing touches on the program and sent it off to the printers. We'll
mail it, along with the new "Roadmap to Network Security" poster, in late
January. But if you need something right away, we have an email version
of the schedule and registration form you can use to register using 1997
funds or to get a head start on the approval process. To get a copy,
reply to this email with the subject: SANS-1, SANS-2, or SANS-3. For
SANS-1 we'll send you the list of 51 courses scheduled at SANS98, For
SANS-2 we'll send the list of courses plus the program (peer-reviewed
sessions, invited sessions, and eleven short-courses) for the five-track
technical conference. SANS-3 will get you the courses, the program and a
registration form.
I hope the new year brings you health and happiness.
Alan
PS. The first 1998 issue of the SANS Network Security Digest will be
delivered early in January. The Digest is scheduled to come out every six
to seven weeks; there wasn't a December 1997 issue.
====================================================================
Summary Tables from the 1997 SANS System Administration and Security
Salary Survey
How much are system administrators and security professionals paid?
Salary Range-------- Number
of People Percentage
1. Under $20,000 --- 12 1%
2. $20,000 - $29,999 53 3%
3. $30,000 - $39,999 186 12%
4. $40,000 - $49,999 320 20%
5. $50,000 - $59,999 351 22%
6. $60,000 - $69,999 310 19%
7. $70,000 - $79,999 184 12%
8. $80,000 - $89,999 81 5%
9. $90,000 - $99,999 51 3%
10.$100,000 and over 49 3%
Total--------------- 1599
How do size and type of employer affect salary?
-------------Number of Employees---------------
Type of
Employer Fewer 11-100 101-1000 More Average
than 10 than 1,000
Commercial
- Business $58,462 $53,389 $55,825 $60,615 $58,474
Commercial
- Research $70,846 $54,722 $61,860 $62,961 $61,819
Educational N/A $47,262 $43,933 $47,207 $46,389
Government N/A $50,000 $47,349 $55,011 $53,501
System Int'rs. $70,230 $68,471 $58,671 $62,592 $63,168
How do years of system administration experience affect salary?
Years of System
Administration Average Salary Number
Experience
Less than One $50,034 50
One to Three $45,811 300
Three to Five $52,101 369
More than Five $63,907 878
(The high number for low experience reflects lots of experienced computer
people moving into sysadmin jobs)
Does geographic region affect salaries?
Region Average Salary Number
California $68,443 204
US Northeast $61,818 430
US Southwest $59,105 148
US South-central $57,553 110
Asia $54,793 13
US Midwest $54,660 230
US Southeast $53,858 202
US Northwest $53,257 76
Alaska & Hawaii $49,550 8
Australia $46,558 37
Canada $45,161 69
Europe $43,734 86
Africa $41,100 4
South America $36,243 10
How does education affect the gender gap in salary?
Education Women Men
High School $54,500 $50,971
Some College $48,039 $57,770
College Degree $53,910 $56,960
Masters Degree $60,827 $60,671
PhD. $46,400 $64,625
Alan Paller, Director, The SANS Institute
www.sans.org, sans@clark.net, 301-951-0102
Upcoming SANS Conferences: | SANS Publications:
NT SANS (March 2-6, San Diego, CA) | Roadmap to Network Security Poster
SANS98 (May 9-15, Monterey. CA) | The Network Security Digest
Network Security '98 (Oct., Orlando) | The SysAdmin/Security Salary Survey
------------------------------
Date: Wed, 31 Dec 1997 09:43:23 -0800
From: "James Galasyn (Excell Data Corporation)" <a-jameg@microsoft.com>
Subject: File 2--China clamps new controls on the Net
China clamps new controls on the Net
Reuters
BEIJING -- China clamped sweeping new controls on the Internet on Tuesday,
warning that the network was being used to leak state secrets and to spread
``harmful information.''
Regulations unveiled by Zhu Entao, Assistant Minister for Public Security,
cover a wide range of crimes, including leaking state secrets, political
subversion and spreading pornography and violence.
The rules are also designed to protect against computer hacking, viruses and
other computer-related crime.
They call for unspecified ``criminal punishments'' and fines of up to 15,000
yuan ($1,800) for Internet providers and users who violate the rules -- both
individuals and business organisations.
One article says the Internet must not be used to ``split the country,'' a
clear reference to separatist movements in Tibet and the Moslem region of
Xinjiang.
Another on ``defaming government agencies'' appears designed to combat use
of the Internet by dissidents. A number of Chinese political exiles have
home pages which they use to attack the Beijing government.
The regulations explicitly cover information circulating from Hong Kong,
Macau and Taiwan.
Hong Kong reverted to Chinese rule this year and Portuguese-run Macau will
be handed back in 1999. China regards Nationalist-ruled Taiwan as a rebel
province.
The official Xinhua news agency quoted Zhu as telling a news conference on
Monday that Internet links since 1994 had boosted China's cultural and
scientific exchanges with the world.
``But the connection has also brought about some security problems,
including manufacturing and publicising harmful information, as well as
leaking state secrets through the Internet,'' he said.
The regulations, contained in 25 articles, were approved by the State
Council, or cabinet, on December 11 and took effect Tuesday.
They go beyond earlier provisional regulations first promulgated in February
1996 and revised in May 1997, which also ban pornography and warn against
leaking state secrets.
Chinese authorities have made attempts to censor pornography, politics and
Western news organisations on the Internet. But with scores of providers,
Chinese surfers have been able to find almost anything they want.
It was not immediately clear whether Beijing would devote more resources to
policing the Internet now that new regulations were in place.
Xinhua cited figures from the Internet Information Centre of China showing
more than 49,000 host computers and 250,000 personal computers were
connected to the Internet at the end of October.
Under the new regulations, Internet providers would be subject to
supervision by Public Security officials and would be required to help track
down violators.
Zhu said the regulations would ``safeguard national security and social
stability,'' Xinhua said.
Computer networks were now indispensable as tools for managing state
affairs, economic construction, defence and science and technology, he said.
They were a pillar of social development.
``Hence, the safe and effective management of computer information networks
is a prerequisite for the smooth implementation of the country's
modernisation drive,'' he said.
------------------------------
Date: Tue, 23 Dec 1997 12:25:01 -0800
From: Jonathan Wallace <jw@bway.net>
Subject: File 3--THERE GOES THE NEIGHBORHOOD
Jonathan Wallace
The Ethical Spectacle http://www.spectacle.org
Co-author, Sex, Laws and Cyberspace http://www.spectacle.org/freespch/
THERE GOES THE NEIGHBORHOOD (CyberPatrol again)
CyberPatrol blocks a gay community of 23,400 Web sites
by Jonathan Wallace jw@bway.net
Censorware software vendors say that they rarely make mistakes,
and correct them quickly when called to their attention.
CyberPatrol's block of an online neighborhood called West
Hollywood sheds some interesting light on this assertion.
Geocities is a free Web hosting service, organized into
"neighborhoods" of shared interests. The West Hollywood
neighborhood of Geocities,
http://www.geocities.com/WestHollywood/, is for gay people. The
entire West Hollywood neighborhood, of 23,400 separate Web sites,
is blocked by CyberPatrol, a product of Microsystems Inc., a
Boston company.
There were a few hardcore pictures on a few West Hollywood Web
pages, despite Geocities terms of service which ban pornography
on the system. There were tens of thousands of other pages which
contained no objectionable material at all. CyberPatrol critics
say that Microsystems threw out a very large baby with a small
amount of bathwater.
Bob Parker is the Community Leader Liaison for West Hollywood--a
sort of volunteer Webmaster. In a long, impassioned post to the
fight-censorship mailing list, cross-posted to Microsystems and
numerous other recipients, he quoted the Geocities terms of
service, which ban the display of "material containing nudity or
pornographic material of any kind." The company also has a
full-time "Community Response Team" which investigates complaints
filed by anyone, Geocities customer or not, about violations of
the terms of service. In addition, West Hollywood maintains its
own "Neighborhood Watch" program. Parker pointed out that
Microsystems chose to block a community of 23,400 sites when
there was an alternative: "[A]ll it would have taken was a few
minutes of investigation on the part of Microsystems to find out
about the Neighorhood Watch program at GeoCities, get the sites
taken care of and avoid this whole situation."
Challenged to justify the West Hollywood block, Microsystems CEO
Dick Gorgens reacted equivocally. "Upon my review, you were
absolutely correct in your assessment that the subdirectory block
on WestHollywood is prejudicial to the Gay and Lesbian Geocities
community," he told the Gay and Lesbian Alliance Against
Defamation, a group which sits on a CyberPatrol oversight
committee convened by Microsystems. But then he seemed to claim
that the majority of West Hollywood web pages are pornographic:
"We took the 'easier' approach to blocking the small number of
actionable non-nudity publishers in that area rather than
individually sanctioning them." But he acknowledged that
"[t]aking that technique to the limit would have us pull the
plug on the entire Internet which is obviously not our plan." He
pledged that the West Hollywood "problem" would be corrected
within a week. Two weeks later, it still has not been.
"GLAAD was extremely disappointed that such a discriminatory move
was made by Microsystems," wrote Loren Javier, the organization's
interactive media director. Critics had suggested that the
organization reconsider its role in advising Microsystems--that
the organization might be providing cover to the company without
actually preventing the product from blocking legitimate
gay-oriented sites. Javier wrote: "The issue now is whether
GLAAD will continue to serve on the oversight committee. I have
sent a message to Dick Gorgens with conditions that I be able to
review the complete block list and that I be able to ask why
sites have been blocked." Microsystems has not previously allowed
its oversight committee members to view the CyberNot list.
The blocking of West Hollywood raises the issue of whether it is
possible to filter the Internet at all. At five minutes per
site--a very cursory amount of time to determine whether a Web
page is "appropriate" under Microsystems' criteria--it would take
a company employee 1950 hours, a little more than one
person-year, to review every site in West Hollywood. And West
Hollywood's pages constitute just a tiny drop of the estimated
200 million documents on the Internet. Though Microsystems says
that it uses a tool called Cyber Spyder to winnow the Net and
select sites for review, every page returned by the tool as a
potential candidate for blocking is still reviewed by a human
being. No-one seriously claims that any software possible today
is capable of making the kinds of subjective determinations
necessary in evaluating the "appropriateness" of Web pages.
Censoring the net will always be a labor-intensive effort.
The blocking of West Hollywood is not an isolated instance. A
report issued this week by The Censorware Project, an ad hoc
group of which I am a member, lists fifty Web hosting services
blocked in their entirety by Cyberpatrol, even though the
majority of user pages on these services are legitimate. One of
them, members.tripod.com, hosts 1.4 million Web pages. (Source:
"Blacklisted by CyberPatrol: From Ada to Yoyo,"
http://www.spectacle.org/cwp/.)
Faced with the near impossible task of reviewing the
entire Net, censorware companies like Microsystems
will continue to take the easy way out.
---------------------------------------------------
(On Monday, December 22, 1997, Washington attorney
Robert Corn-Revere filed a ground-breaking federal
lawsuit challenging the use of another censorware
product, X-Stop, in the Loudoun County, Va.,
public library
(http://www.pfaw.org/press/loudon_complaint.htm).
I'll discuss the case in an upcoming SLAC bulletin.)
------------------------------
Date: Thu, 18 Dec 1997 11:36:55 -0500
From: Graeme Browning <gbrowning@CDT.ORG>
Subject: File 4--Personal Information No Longer Available (CDT reprint)
A briefing on public policy issues affecting civil liberties online
-------------------------------------------------------------
CDT POLICY POST Volume 3, Number 16 December 18, 1997
CONTENTS: (1) Industry Responds to Online Community RE: Personal Information
(2) How to Subscribe/Unsubscribe
(3) About CDT, Contacting us
** This document may be redistributed freely with this banner intact **
Excerpts may be re-posted with permission of <gbrowning@cdt.org>
|PLEASE SEE END OF THIS DOCUMENT FOR SUBSCRIPTION INFORMATION|
___________________________________________________________________
(1) INDUSTRY RESPONDS TO ONLINE COMMUNITY'S OUTRAGE OVER WIDESPREAD
AVAILABILITY OF PERSONAL INFORMATION
Dec. 18--In the wake of last year's public uproar over the providing of
unique, personal identifiers like Social Security numbers, unlisted phone
numbers and birthdates over the Internet, the country's three leading
credit bureaus and individual reference services have pledged to stop
making that information available to the general public, according to a
report the Federal Trade Commission (FTC) released yesterday. The Center
for Democracy and Technology (CDT) applauds the FTC, the credit bureaus and
the reference services for their work, but warns that it doesn't entirely
solve the problem of protecting consumers at a time when Web sites that
provide fast, easy access to public records containing personal information
on individuals are proliferating.
The Individual Reference Services Group (IRSG)--an industry coalition
composed of Experian, LEXIS-NEXIS, Equifax Credit Information Services,
Inc., Trans Union Corp., and 10 other companies--has agreed to abide by a
set of self-regulatory principles aimed at curbing access to sensitive
private data on individuals. The issue of personal information made widely
and easily available to the general public via the Internet first drew a
public outcry in September 1996 when LEXIS-NEXIS began offering
individuals' mothers' maiden names, Social Security numbers and dates of
birth on its "P-Trak" database. At the height of the controversy Congress
asked the Federal Reserve Board and the Federal Trade Commission to study
the privacy implications of this practice. The FTC's report is available at
http://www.ftc.gov/opa/9712/inrefser.htm. The Federal Reserve Board issued
its report earlier this year.
"The companies involved in the IRSG's effort are to be commended for
stepping up to the plate and crafting the most comprehensive set of
self-regulatory guidelines of any US industry, however, a number of
important consumer and privacy issues remain to be addressed before this
can be considered a complete solution," said CDT Staff Counsel Deirdre
Mulligan, who focuses on privacy issues.
COMPANIES' PROPOSAL RESPONDS TO PRIVACY CONCERNS
The IRSG proposal responds to concerns raised by Internet users and
privacy advocates last September, available at
http://www.cdt.org/privacy/960920_Lexis.html, by: