=============================================================== T H E S E C U R I U S N E W S L E T T E R =============================================================== May 29, 2001 | Vol. 2, #04 | http://www.securius.com/ CONTENTS: SUMMER CRYPTO READING LIST, PART I 1. CRYPTO 2. BODY OF SECRETS =============================================================== A service of PC Guardian | San Rafael, California Computer security products | http://www.pcguardian.com/ "Protecting Computers & Data Worldwide -- Since 1984" =============================================================== Summer is a great time to catch up on some light reading on a heavy topic, cryptography. The fresh air, blue skies, and warm weather provide the perfect setting for gaining some perspective on the patchwork of technology, people, and politics that defines information security. Roll out the beach blanket, open a cold one, and break open either of the two recommended texts below, one of which is grounded in the present, and one of which is concerned with the past. I'll start with present, as explained by _Crypto_ by Steven Levy, and segue into the past, as depicted in _Body of Secrets_ by James Bamford. -------------------------------------------------------- 1. CRYPTO: HOW THE CODE REBELS BEAT THE GOVERNMENT -- SAVING PRIVACY IN THE DIGITAL AGE -------------------------------------------------------- Author: Steven Levy Publisher: Viking Pub. Date: January 4, 2001 Length: 356 pages To buy on Amazon.com: http://www.amazon.com/exec/obidos/ASIN/0670859508/pcguardian-20 Last month's newsletter (Vol. 2, #03) discussed how the war between the crypto community and the US federal government has wound down to détente and mutual accommodation: http://www.securius.com/newsletter/archive/203.txt Crypto is now everywhere, built into every major web browser and every major operating system from Windows 2000 to OpenBSD. In his book _Crypto_, Steven Levy has done an excellent job of telling the story of how a relatively small band of scientists, innovators, and activists brought encryption technology -- once an exclusively military tool -- to the masses. Here you can meet Whitfield Diffie, the charismatic and eccentric co-discoverer of public key cryptography who came up with and then almost forgot one of the greatest discoveries in cryptographic history while walking to the kitchen to get a Coke. You'll meet Jim Bidzos, the flamboyant crypto pitchman for RSA Data Security who out-hardballed everyone from Microsoft to the National Security Agency (NSA), and Ray Ozzie, who fought for years to get government approval to include crypto in the earliest versions of Lotus Notes. You'll follow the triumphs and challenges that confronted David Chaum, the mathematician who invented untraceable anonymous cash while driving his VW van from Berkeley to Santa Barbara, and Philip Zimmerman, the sacrificial geek who invented Pretty Good Privacy. While Levy takes the reader on a whirling biographical, historical, and technical tour of the crypto rebellion, he leaves key NSA actors in the shadows. You won't learn the names of the agents who slapped eerie SECRECY ORDERS on hapless crypto patent applications; find out who told Ray Ozzie that "we could stop your shipments of [Lotus] 1-2-3 tomorrow"; or discover the identity the obviously agitated gentleman who told Jim Bidzos, "If I see you in the parking lot, I'll run your ass over." Levy's omissions are probably for the best. The "rebels" appear all the more heroic in the spotlight; the bad guys appear all the more threatening without names or faces. Besides, Levy is a great writer. _Hackers_, his first book, is a classic in the genre of computer books for general readers. He knows what he's doing and probably has more than a few great books left in him. Like the successful rebels Levy covers, Levy himself rides the thin line between tweaking authority and career suicide. In the end, everyone wins. -------------------------------------------------------- 2. BODY OF SECRETS: ANATOMY OF THE ULTRA-SECRET NATIONAL SECURITY AGENCY FROM THE COLD WAR THROUGH THE DAWN OF A NEW CENTURY -------------------------------------------------------- Author: James Bamford Publisher: Doubleday Pub. Date: April 24, 2001 Length: 721 pages To buy on Amazon.com: http://www.amazon.com/exec/obidos/ASIN/0385499078/pcguardian-20 Very few books break news stories. _Body of Secrets_ is one of the few. This sweeping history of the National Security Agency (NSA) covers the period from World War II through the present. While _Crypto_ dwells on the shift from military cryptography to civilian cryptography, this text firmly anchors crypto in the realm of signals intelligence and military surveillance. The most dramatic revelation in the book concerns the attack on the spy ship USS Liberty by Israeli warplanes during the 1967 Arab-Israeli war. According to Bamford, the attack was NOT an accident. Bamford cites the numerous difficulties faced by forward-placed spy ships and planes. While not referenced in the book, the recent downing of a US spy plane off the coast of China is only the latest example of a long series of high-risk misadventures. Bamford's accounts of the Vietnam War form some of the most compelling material in the book. Despite overwhelming technical advantages, the US lost the "code war" with the Vietcong. US forces relied on unencrypted communication systems throughout the war. The Vietcong maintained an active eavesdropping capability that allowed their forces to evade destruction time and again. US air strikes were ineffectual against an enemy that mysteriously disappeared from target areas. Ground sweeps -- the ill-fated mission led by former US Senator John Kerrey comes to mind -- routinely encountered only the very old and the very young. Marines would storm deserted beaches. Despite the availability of encrypted communication systems, US military commanders refused to mandate their use. They did not believe that the jungle-based Vietcong could make sense of their communications. Meanwhile, the Vietcong leader Ho Chi Minh personally addressed his force of code makers: "Cryptography must be secret, swift, and accurate. Cryptographers must be security conscious and of one mind." Bamford himself appears to be of two minds in this book. On one hand, he's exposing -- as the subtitle suggests -- the "anatomy" of an ultra-secret organization (Bamford notes that NSA is sometimes expanded as No Such Agency). On the other hand, none of the book's disclosures really paint the agency in a bad light. Bamford glosses over the agency's domestic surveillance in the 1960s, which placed high-risk individuals like Jane Fonda and Martin Luther King Jr. on the agency's "watch list". While he mentions the Orwellian aspects of the worldwide surveillance system known as Echelon (I covered this back in Vol. 1, #07; see http://www.securius.com/newsletter/archive/107.txt), his coverage is thin and short on the kind of details that one can find on any one of a dozen conspiracy theory-oriented web sites. While Bamford confirms the existence of the agency's Men in Black, he only mentions a pair of details: they wear elaborate headsets; they wear black. As a cross-over historical book that appeals to both the spy novel set and the paranoid fringe, _Body of Secrets_ is selling briskly. The book is heavily discounted on Amazon.com, but the truly paranoid will prefer to buy in a real bookstore with cash. As Cancer Man says on the X-Files, "There's always somebody watching, Mr. Mulder." See you next issue. I'll review two more summer crypto reading list titles. 'Til then, keep your guard up! /------------------ BEGIN ADVERTISEMENT ------------------\ PC GUARDIAN OFFERS DEFENSE-IN-DEPTH NOTEBOOK SECURITY Purchase a Notebook Guardian(r) for $59.95 and receive a FREE copy of Encryption Plus Folders(r) 4.5 (a $49.95 value). The Notebook Guardian is a PVC-coated galvanized steel cable that locks into your notebook computers existing security slot. Encryption Plus Folders 4.5 delivers automatic on-the-fly encryption that protects multiple folders and files from being deleted or snooped by those who have physical access to your PC. Don't delay securing your computer and its private data any longer. Visit PC Guardian today at: http://www.pcguardian.com/hardware/nbg2000_folders.html \------------------- END ADVERTISEMENT -------------------/ =============================================================== ABOUT THIS NEWSLETTER The Securius Newsletter is published monthly by PC Guardian. For information about our simple and effective crypto software and anti-theft devices, please visit us at http://www.pcguardian.com/ To download our crypto software, visit http://www.pcguardian.com/securius_download/ You can find our archive of back issues at http://www.securius.com/newsletter/archive/ SUBSCRIBING/UNSUBSCRIBING To unsubscribe from this newsletter, send an email to leave-securius-nl@lists.securius.com To subscribe to this newsletter, send an email to join-securius-nl@lists.securius.com FEEDBACK OR QUESTIONS Write the author, Seth T. Ross sross@pcguardian.com PC Guardian 1133 East Francisco Blvd. San Rafael, CA 94901 US ABOUT THE AUTHOR Seth is the Chief Strategy Officer at PC Guardian and author of the book, _UNIX System Security Tools_ (McGraw-Hill 1999): http://www.amazon.com/exec/obidos/ASIN/0079137881/pcguardian-20 SPECIAL THANKS TO Emily Navarre, editor extraordinaire FORWARD THIS MAIL RIGHT NOW Please take a moment and forward this newsletter to a colleague or friend. =============================================================== Redistribution of this newsletter is permitted, as long as the entire message body and this notice are included. Copyright 2001 PC Guardian. All rights reserved.