Index
Previous
Next
Letter from Cybersalem #9
Lansford Hastings on the best route to California:
"The most direct route, for the California emigrants, would be to leave the Oregon route, about two hundred miles east from Fort Hall; thence bearing west southwest, to the Salt lake; and thence continuing down to the bay of St. Francisco, by the route just described." [1]
It was based on this account that the Donner Party choose its "shortcut" to California.
"[The Donner Party and the other emigrants of 1846] read [Hasting's] light suggestion that a fine way to shorten the trip would be to try a route which Mr. Hastings had so far not bothered to try (and no one had yet broken), a possible cutoff from Fort Bridger (which Hastings had barely seen) to the southern end of Great Salt Lake and thence due west to Ogden's River (country about which Hastings knew nothing whatever). The saving of several hundred miles seemed promising on a winter evening in the kitchen." [2]
Rich Cower qualifying himself as State's Expert before the court in Oregon v. Schwartz:
Judge Bonebrake: "Is it not possible that someone else would both have the knowledge of the facts of the case and the computer skills and knowledge to assist you without necessarily being a witness? Isn't there someone else? For instance, I know that Mr. Woodard is here. He isn't listed as -- Mr. Woodard knows about the facts. He's been involved all the way with counsel, hasn't he?"
Tom Tintera (the prosecutor): "I just spoke to Mr. Cower and he indicated to me that there is no one with his computer knowledge that's as familiar with the facts as he is and is able to assist. That's my opinion also. I did want to check with him." [3]
In any court case, the qualifications of an expert witness are relevant. They are especially so in Oregon v. Schwartz, where the crime is technical and lacks many of the intuitive elements in the notion of crime. Add to this that the prosecution expert was a material witness, worked for the alleged victim, accompanied the police on the search, and sat beside the prosecutor as his assistant throughout the trial. The phrase "relevant" hardly describes the situation. Only those who want to avoid examining the result of Oregon v. Schwartz will unquestioningly accept Rich Cower's claim to expertise.
Rich Cower claimed two decades experience as a sysadmin and systems programmer, prior to joining Intel. He did not say on what systems he gained his experience [4]. Whatever they were, his programming and sysadmin skills seem not to have transfered well to UNIX, the primary operating system in this case. Cower confused UID (user ID, the unique number assigned to every user) and PID (process ID, the unique number assigned to every instance of a program running) [5]. And in what is clearly prepared testimony, he could not quite nail down what function the execute bit performs in permissions for directories [6]. It is unlikely Cower accomplished much in the way of UNIX systems programming.
When he started his 5 years with Intel, Cower had no training or prior expertise in network security [7], but Internet security is such a rapidly changing field this means very little. More significant would be what he learned on the job. However, since the publication of the first, still classic, book on Internet security [8] went completely unnoticed by Cower, he can hardly have been following the field very closely. It is no surprise, then, that Cower did not know what Intel's safeguards for Internet access were at the time of the Randal "incident". However, he did state he was sure there were some [9].
Randal was convicted of a felony for running the crack program. Cower did not know the actual command name for crack [10] or whether it sent email to users with bad passwords as an option or automatically [11]. This did not prevent Cower from testifying as an expert that the way in which Randal ran crack was suspicious [12].
Cower's expertise on the fishiness of Randal's use of the various tools, when hung up alongside his almost total lack of hands-on knowledge of these same tools, often exudes a certain mackerel smell itself. It results at least once in a logical impossibility, when Cower at one point claims to have read Randal's Perl code, only a few days later to admit he knew no Perl at all [13].
Cower's involvement in the investigation of and follow-up on the Randal incident seems to have excluded everything that would require technical skills. He did not participate in the examination of the files and materials seized in the search of Randal's house [14]. Randal was indicted for running a gateway which was last on Brillig, and cracking passwords on the machines Wyeth and Snoopy. Cower did not know how the router filters were set up on Brillig's subnet [15]. (Unsurprisingly, if you recall he had no idea of any of the safeguards for Internet access.) On Snoopy Cower had no account [16]. He was unaware of whether Snoopy's backup tapes had been preserved [17]. He did not know where Wyeth was physically [18]. Cower did not check the logs to see if Randal had used any of the passwords he had cracked, or who had done so, or whether anyone had done so [19]. Just about all of the technical tasks there were to perform in the Randal incident, we know Cower did not perform. Under cross-examination, Cower confirmed he was not one of the principal people investigating Randal [20].
To determine how Cower beguiles the time when he is not sending the real experts to jail, I studied those parts of the transcript where he gives his job description. According to these, Cower wrote security policy, but neither had responsibility for, or tracked, its implementation [21].
Even Cower's knowledge of security policy was narrowly focused. He did not know if Intel had non-disclosure agreements with employees and contractors [22]. And he believed that it required a card to take a laptop out of Intel, but only because he himself needed one for his own laptop [23].
On the other side, Cower displayed basic computer literacy and had a user's knowledge of UNIX. He claims authorship of Rich Drawing, "a well known program in Intel for drawing foils in a short period of time" [24]. And when others at the search of Randal's house were alarmed to discover Randal's Apple Power Book busy on the phone line, Cower was able to confirm that it was executing a harmless and irrelevant download [25]. In the land of the blind, the one-eyed man is king [26].
Note 1: Pages 137-138, The Emigrant's Guide to Oregon and California, Applewood Book reprint of the 1845 edition.
Note 2: Pp. 46-47, Bernard De Voto, The Year of Decision: 1846, Book of the Month Club, 1984.
Note 3: Tr. 7-12-95, page 18, line 22 to page 19, line 10.
Note 4: Tr. 7-18-95, page 128, line 13 to page 129, line 5.
Note 5: Tr. 7-18-95, page 154, line 25 to page 155, line 16; and the first paragraph in Cower's Report.
Note 6: Tr. 7-24-95, page 30, line 17 to page 31, line 20. In this context it's more commonly called the search bit. Cower does not find this term but speaks of it allowing one to "statistic" the directory, which may refer to using the stat(2) call on it (in which case it is wrong), but more likely is doublespeak. The search bit controls the ability to "cd" to a directory, which Cower does know, and to use it as part of a path, which he does not mention.
Spafford and Garfinkel, Unix Security, the April 1992 printing, pp. 72-73, is very good on this topic. Still usually the best way to a precise idea of how things work in UNIX is study of the version 6 code, (Lions' Commentary on UNIX 6th Ed., 1996) and this is not an exception. From the cross reference listing, follow "IEXEC".
Note 7: Tr. 6-13-95, page 76, lines 14 to 18; Tr. 7-18-95, page 128, line 13 to page 129, line 5 and Tr. 7-24-95, page 48, lines 14 to 23.
Note 8: Firewalls and Internet Security, Repelling the Wily Hacker, William Cheswick and Steven Bellovin. See Cybersalem 8: "What Does Familiar Mean?".
Note 9: Tr. 6-13-95, page 110, line 22 to page 112, line 8.
Note 10: Tr. 7-18-95, page 155, lines 17 to 24 and page 156, lines 4 to 9.
Note 11: Tr. 7-18-95, page 144, line 12 to 18.
Note 12: Tr. 7-18-95, page 143, line 21 to page 144, line 11. Cower finds it suspicious that Randal did not use the option to have "Nastygrams" emailed. Knowing so little of crack, Cower was probably unaware that Alec Muffet, its author, deprecates Nastygrams as offering a false sense of security. Nastygrams, incidentally, are probably so called because the recipients are often irritated when told that they have weak passwords.
Note 13: Cybersalem 6: "Unlearn Perl in 41 Days!".
Note 14: Tr. 7-18-95, page 152, lines 13 to 20; and page 180, line 25 to page 181, line 14.
Note 15: Tr. 7-24-95, page 41, line 3 to page 43, line 1.
Note 16: Tr. 7-18-95, page 152, line 13 to page 153, line 5.
Note 17: Tr. 6-13-95, page 108, line 20 to page 109, line 9.
Note 18: Tr. 7-18-95, page 186, lines 6 to 10.
Note 19: Tr. 6-13-95, page 93, line 21 to page 94, line 7.
Note 20: Tr. 7-24-95, page 48, line 24 to page 49, line 7.
Note 21: Tr. 9-20-94 PM, page 98, line 14 to page 99, line 5 and Tr. 6-13-95, page 75, line 18 to page 76, line 9; page 76, line 19 to page 77, line 17; and page 100, line 15 to page 102, line 4.
Note 22: Tr. 6-13-95, page 84, line 19 to 23.
Note 23: Tr. 6-13-95, page 91, line 12 to page 92, line 10.
Note 24: Tr. 7-24-95, page 35, line 7 to 10.
Note 25: Tr. 7-18-95, page 135, line 24 to page 136, line 7.
Note 26: On the Web, you'll find this attributed to H.G. Wells and Tom Waits, and presented in Gaelic as a folk saying. According, however, to the The Concise Oxford Dictionary of Proverbs, it is from Erasmus's Adages of around 1500: "in regione caecorum rex est luscus".
Index
Previous
Next