Table of Contents


STWA is now Accredited
Calendar of Events:
Garage Sale
Open House
The Ohio State Fair
Crew Finances
Up-an-Coming Crew Expenses
Up-an-Coming Member Expenses
Web Awards
http://www.venturingbsa.com
What you drive, is who you are: NOT!
Secure Computing
Introduction to Secure Computing
Secure Computing & Sun Microsystems
Computer parts? [cable modems]
The Spirit of the Eagle
The Adventure Logo!
Secure Computing!
PostScript Version

(C) Mon Jul 5 00:20:27 EDT 1999 Venturing Crew 369

Calendar of Events:


7/29-8/1 Lake Erie Trip $75.00
8/14/99 Trip to Kings Island
8/31/99 Open Waiting List for First Nighter
9/4/99 Wyandot Lake
9/6/99 First Nighter Letters are mailed out
9/7/99 First Nighter Rehersal
9/13/99 First Nighter RSVP
9/14/99 First Nighter
9/21/99 Second Nighter & Registration
10/1-2/99 Book-Making Sleep Over
10/2/99 Garage Sale
10/26/99 Pizza Party
11/2/99 Election Reporting
12/17/99 Silver Beaver Applications are due
12/21/99 Christmas Party
12/24/99 National Young American Applications due
12/28/99 Leave for Australia
2/5/00 Pot-Luck-Court-of-Honor
2/5/00 Sleepover
2/6/00 Scout Sunday
2/26/00 Maple Sugar Festival
3/4/00 Maple Sugar Festival
5/13-14/00 Flower Planing at Muirfield
5/20-21/00 Flower Planting at Muirfield
6/9/00 Sleepover
6/10/00 Garage Sale
7/2-8/00 Summer Camp
7/4/00 No Meeting
10/31/00 Pizza Party
12/15/00 Silver Beaver Apps Due
12/19/00 Christmas Party
12/26/00 No Meeting
12/28/00 Leave for New Zealand

Garage Sale

James D. Corder
Boy Scouts of America, Venturing Crew 369 will be having their second annual Garage Sale Saturday September 2nd 8:00am to 3:00pm. Please bring your stuff to donate to church, for the Garage Sale on Friday September 1st between 7:00pm and 11:00pm. Thank you!

Open House

James D. Corder
Tuesday September 14th 7:30 p.m. Boy Scouts of America, Venturing Crew 369 will be having an Open House to interview potential members. 369 has room for 25 new students in their UNIX for Programmers Class. Membership is open to young men and women between 14 [and in high school] and 20 years of age. Cost(1) is $25.00 a year. Interested members should send E-Mail to exp369@www.venturingbsa.com to request space for them and their parents.

The Ohio State Fair

James D. Corder
Boy Scouts of America, Venturing Crew 369 has been requested by The Ohio State Fair to put on a computer display during the Fair on Wednesday August 11. 369 will bring a home made, 4-RISC-CPU 128Mb Ram server [in a Sun 4/110 box] with two IPC work stations to set up a local area network to display their web page and electronic news letter.

Crew Finances


Topic Need On-Hand

The Adventure $95,000 $ 0.00
General Fund $ 3,000 $1,143.49
Floor Fund $ 2,500 $2,500.00
Electrical Fund $ 2,500 $2,500.00
Flag Fund $ 1,000 $ 0.00
Room Fund $ 3,800 $ 0.00
Grand Total $6,143.49
In the Bank $5,000.00
Cash on Hand $1,143.49

Up-an-Coming Crew Expenses


12/01/99 Crew Charter $30.00
12/01/99 Crew Insurance $175.00
12/31/99 Registration $335.00
Monthly The Adventure $75.00

Up-an-Coming Member Expenses


09/01/99 Registration $25.00
09/28/99 Book $25.00
06/01/00 Summer Camp $175.00

Web Awards

http://www.venturingbsa.com

James D. Corder
I am extremely proud of the hard work that the members of Venturing Crew 369 has put into their web page to be able to earn such prestigious awards!
Award of Excellence
1/07/1999
Hi JD,

I was very impressed by all the hard work you have put into the site and have to congratulate you on a wonderful achievement in web site design.

I would like to extend my congratulations on producing a very informative and resource site. An excellent addition to the web, one that you should be very proud of. It really is impressive work.

Sincerely, Ben

WGB Web Creations Award of Excellence
5/31/1999
Congratulations!!!! Your site has qualified for the WGB Web Creations Excellence award. You have a very nice site, good design, and presented well, and easy to navigate. I enjoyed my visit to your site!!
Webmaster Award
6/1/1999
Hi and Congratulations!

I am pleased to announce that your site has been bestowed the "Webmaster Award" and the "Badge of Excellence". Your site was reviewed for originality, usefulness of information, graphic design. Your site Job well done! :o)

TinyRay Grier

Badge of Excellence
6/1/1999
Wishing Well Award of Excellence
6/1/1999
Congratulations! Your site has won the Wishing Well Web Page Excellence award! Not all sites are deemed worthy of this prestigious award. It is presented only to those who have created a site that contains enjoyable content, is pleasant to view and is "family safe". Nice job! You are to be commended for your all your hard work.
Web Features Wonderful Site Award
6/1/1999
Congratulations! You have a wonderfully done site, rich with information! Your site has earned the Web Features Wonderful Site Award!

Keep up the great work! Dee-Dee

Just for Fun Award
Devotion Award
6/1/1999
Hello James,

The "Crew 369" site expresses excellent interaction, unique display and invaluable in-depth content. And, of course, let us not forget the "fun" aspect. We applaud the devotion and long hours in the development of this site. We are pleased to give you our "Just for Fun Award". Also, in special cases, we like to create an award relevant to site content and, specifically, devotion. Therefore, it is also our pleasure to give you our "Devotion Award". We wish you well in your adventures of life and well being.

Regards,

Lynne Miller
Nu-Horizons Design Studio

Golden Anvil Award
6/3/1999
Dear JD Corder,

Our judges have visited your web site. Congratulations! You have won our Golden Anvil Award. Your site design is excellent; navigation is simple, and content is superb. We were highly impressed with the effort and work that went into the layout and design of your web site. Your site is an asset to the world wide web.

Web Resources Site of Excellence Award!
6/3/1999
Hi JD Corder,

Congratulations!!!

You have won the Web Resources Site of Excellence Award!!! After reviewing your site, I was stunned! Super site! Your Web-Master should be praised! Keep up the good work!!!!

My ParenTime's Informed Site Award!
6/11/1999
Congratulations! After careful review, we have chosen your site a winner of My ParenTime's Informed Site Award!

We offer this award strictly to those sites that provide information that will help the public in some way. My ParenTime stresses the importance of providing sites that inform. This not only helps others, but it helps to make a better online community. Thank you for having an informed site!

TaFWeb Alternative Award
6/26/1999
Because of the quality of your site and the fact that it is undeniably a useful site, I am pleased to award your site the TaFWeb Commended Award. The TaFWeb Awards are aimed at sites which are helping beginners to create their first web pages.

What you drive, is who you are: NOT!

James D. Corder
As many of you are aware, there are several levels to our youth mentor program. White and Red levels are not invited to my home. It is not until one has earned their Blue Cord that they are invited to "shadow" one of the Advisors, and Green Cord before they are offered an internship. Of course there are always exceptions to the rule, but they are rare.

I have always driven little sports cars. However, when we sold the Automotive Distributorship I no longer had access to the fleet of trucks. Would you believe it, the new owners thought that browning their trucks was grand theft auto:-) It was at this time that I learned how useful a pick-up-truck was. I recall when I took 14 foot 4x4 posts home by hanging them out the sun roof. So I went out and purchased one. Ever since I have had trucks.

I recall the look on the face of a business associate when arriving to a business meeting in my Ford E350/351w. He expected me to be in my Olds. He thought that it was unacceptable for "my position!"

I recall, in high school, attending an American Builders and Contractors awards dinner. My snobbish date demanded that I get my fathers vehicle and a new suite, she didn't want to be seen in my Datsun 210. Ok, it was only a 210, but I was extremely proud of being able to pay cash for a brand new car. I knew that she meant the Olds-98 but I drove up in a Tilt-Back and a new corduroy 3-piece! Believe it or not, we kept dating for another 2 years. The astonishing thing was that the successful businessmen were more impressed with the Tilt-Back than would have been with the 98, even thought this was not my intensions.

Last month, while 369 was planting flowers for the Memorial Tournament, one of our youth asked me where my Lexus was. I informed him that I did not have one. He stated: "A man of your stature must have one!" I asked why. He got a funny lock on his face and walked away. I then heard him ask our Vice President: "I thought he was wealthy..." I walked away.

There have only been four times in my life that I was speechless:


    1. Pat Ross, founders of Rax Restaurant, gave a speech on success.
    2. Paul Dillon, founder of Boulevard Publications, when I met him.
    3. Bobbie Sestina, not enough worlds in the english language to praise her, when she challenged me to have a Christmas party.
    4. Upon receiving my Spurgeon Award.

When I met Mr. Dillon for the first time, I was at an Explorer Presidents Association [EPA] regional conference. I assumed he was one of the fathers and/or chaperones. He sat at my table and we had dinner together. This was my first regional EPA function. Somehow, he touched my hart. I was so afraid of saying something dumb, I excused myself from the table.

Over the next few years, we spent much time together working on the Exploring program. I recall, when I was on the National Exploring Protocol Committee and he was on the National Board of Boy Scouts of America, finding out that he was extremely wealthy. At that point I understood the difference between:

  • Having it, and not flaunting it. vs.
  • Flaunting it, and not having it.

    It has amazed me, how many people want to look like they are successful, that they give up on being successful.

    Don't let the elution of success stand in your way of being successful!

    Proverbs 16:18 Pride goeth before destruction, and an haughty spirit before a fall.

    Do not get me wrong, I have nothing against fancy cars [I want many of them] Simply, do not put the desire to look like you can afford such a car before you can afford such a car!

    Or, in-other-words, do now worry about what others think of you. Simply worry about what God thinks of you:-)

  • Secure Computing

    James D. Corder
    Understand that computer security is an impossible goal to obtain. The American Department of Defense [DOD] describes a secure computing environment as one with no outside connections. In-other-words, not only are modems and network connections insecure, but so are terminals in another room. Moreover, that the entire computer must be contain in a bomb proof, armed, and fortified bunker. By the DOD's own definition, NORAD is not a Secure Computing Environment.

    Ok, some of you say that this definion is over the top. It is not, your expectation of a Secure Computing Environment, is to low.

    Let us look at a standard burglary. One can not stop burglars, one can only make their house less desirable and/or accessible to the burglar. Thereby, sending the would be robber to their neighbor's home. Computer crimes are the same.

    One can not stop computer crimes. They can only make it more costly to break into their computer than the data contained on the system is worth. In short, how much is someone willing to pay for the acquisition of your check book, and/or customer base?

    No one is going to sit outside your house and read the radiation from your screen to get your access code, even thought the technology to do so has been around for years. Face it, who wants "YOUR" Visa number. No one is going to put a tap on your phone and/or cable line to get your data, even though it can be done without your knowledge. The would-be computer cracker is going to sit on a computer somewhere else in the world and get all of the transactions going into a larger server.

    The cracker is going to watch your bank for all of the credit card numbers that flow into it. Then assume that they are going to take $50.00 from each of the cards. Most uninformed citizens state that they would not have to pay that fee since they did not make the charge. That may be true, but do you know how long it takes to prove yourself innocent from such fraud? In the banking world you are not innocent until proven guilty. You are liable until proven innocent!

    The US government has made it illegal to provide an encryption method that they can not brake.

    In encryption the more keys one has the harder it is to break the code. Let us assume you can not get into a house without the keys. That you can not simply break a window and walk through. Your door, most likely, has two keys. One dead bolt and one knob. You feel secure. Now let us assume that I put two boxes containing 256 identical keys on your front stoup. The would-be-thief only has to go through each box once and try each key until they find the one that works. Therefore, if you use a product like Netscape or that awful Microsoft program you have 48 keys. So assume that you have 48 dead bolts on your front door. Now you have 48 boxes of 256 keys to try. So your chances are about 48 raised to the power of 256. [simplified numbers for example only]

    To break the DOD's DES Encryption it took about six months to set up the computers to break it. Once the computers and programs were designed it took about 15 minutes to break it.

    Everyone wants to believe that the web is secure. It is not! Therefore, the question is not is it secure, but is it secure enough?

    Everyone wants to think that the InterNet is private. It is not! All of your E-Mail can be read. If you are sending your E-Mail from work, chances are it is be stored permanently without your knowledge. Understand that this practice is perfectly legal! The Ohio State University maintains an electrotonic log of all data going through its network. If at a later date someone accuses a staff member or an employee of negligence, or some other legal term, they can go back and pull up their E-Mail, NetNews, FTP, telnet, etc... transactions for the past X-years. Now let us assume that you are sending an E-Mail from your house to a friend at UCLA. Chances are it will go through OSU without your knowledge. Therefore, it is stored in their archives.

    It is a federal crime to trap electronic traffic that passes your system. However, it is 100% legal to copy, read, keep, forward, or what ever you want to do with data that lands on your system, even if it is for a Millie second.

    Now, let us assume that criminals are willing to break the law! Let us also assume that the Information Super Highway is like a Highway for cars. If you are traveling from Columbus, Ohio to Dayton, Ohio you will pass by Springfield, Ohio. You don't stop at Springfield. However, someone is on the over pass with a video camera and tapes the day's traffic. You are on that film, unknowingly, if you like it or not! Let us also say that the criminal is looking for Ford Mustangs in Columbus, Ohio. Now she goes through the video tape looking for Mustangs. They have the License plate of the bumper. They then go to the garages with the cars they are looking for.

    The same is true for the Information Super Highway! [I have always hated that term, why not call it by its name? The InterNet.]

    You must understand that the Internet was created due to security problems within MillNet back in the 1960's.

    The would-be-computer cracker simply has to sit on the InterNet and save 100% of the traffic that flows by her system. With the cost of a 9Gb drive being around $300.00 this is extremely easy and cheap! No one on the InterNet can find someone doing this. Then at the end of the day, the cracker simply has to search their files for the type of transactions they are looking for. Say, all packets that went between system A and B. By-the-way, you can set up your system to only record all packets between A and B. Thereby making cracking cheaper!

    Understand that the difference between a cracker and a hacker [Security Auditor] is the Security Auditor has the permission of the owner of the equipment to do his/her hacking. While the thief does not have the permission of the owner to do their cracking.

    Now, you can't stop this and trying to regulate such actions with laws is ludicrous. You will waist taxpayers' money trying to enforce unenforceable laws. Moreover, trying to regulate the InterNet shows how unintelligent a person is when it comes to technology! Having the US pass laws about the InterNet is like Columbus, Ohio passing laws about the price of potatoes in Japan. You can pass all the laws you want, but Japan doesn't have to listen to you and won't!

    Therefore, the solution is not to make new laws but to make better technology. I run Secure-Shell [ssh] between my system and the remote systems that I utilize. All traffic between the two systems are encrypted. However, I use 1024 Keys, with a random cipher, and a 20 character password. So to break my code it would take 256 raised to the power of 1024 raised to the power of the random cipher attempts to break my code. Or in short, far to long for the average cracker to spend on an attempt to get my data when your's is only protected with 48 keys or even worse none! Moreover, I am using a public key - private key technology. In other words, the system that I am going to doesn't know my private key. Therefore, if it is compromised, the cracker only has access to my public key.

    When I "ssh" to the remote system. My system encrypts my TCP/IP [InterNet] packet with my private key. Now, only my public key can decrypt this packet. So, the data coming out of my system is 100% encrypted 100% of the time. Even before login. "ssh" has a different network port than "telnet", and therefore, the receiving systems knows that the data is encrypted and how to handle it. The data from the remote system back to my system is encrypted with my public key and only my private key on my system can decrypt it.

    We are not going to get into packet technology today, but understand that the from and to information in the packet is not encrypted. So, the receiving system knows where the packet is coming from and then attempts, after it has received the packet, to decrypt the packet with my public key. If the public key can decrypt the packet then the receiving system asks for a 20 character password. If you can supply it then the 1024 character keys are used. This is so you don't have to remember the 1024 keys. All of this is done in millie seconds and transparent from the user. From that time forward all data on my screen is in standard English but all data on the network is encrypted!

    If I was going to send banking data, and I don't, I would use at least 2056 keys. Most countries, other than America, uses 5120 keys. America uses about 56.

    The Scouting The Web Award is now Accredited

    FOCUS Associates AWARD SITES!\251 - Level 3.5 "Very Good Award Site!" This image is presented only to the higher rated award issuing sites and distinguishing their award as one of the best offered on the Internet! 369's "Scouting The Web Award" has been recognized as one of the better awards on the Internet!
    Select Member of AWARD SITES! "Only the Best" - the best of th e best!

    Introduction to Secure Computing

    Ho-Sheng Hsiao
    Secure computer today is really secure networked computing. We drop "network" since it is an integral part of contemporary computing. You can grab your servers, unplug them from the net, seal them in concreate, and bury them in the Atlantic. Don't forget to branwash everyone (including yourself) and destroy all burial coordinates. Make sure no one knows how to get to the computers. That's secure computing.

    That's useless computing.

    Computers have to talk to the world in some way. And this presents a problem. Like a wall, what keeps people out also keeps people in.

    If walls were so bad, why have them at all. Ideally we can respect the boundaries of ownership and control. Say we force all car locks dismantled. No should care about locking up our cars. No one will steal your car, right? So why do we still have armored cars?

    Armored cars transport important goods, just as your own car have locks. We want control of who and what these cars transport.

    Similarly, secure, networked computing processes information. We want to secure this information, and control how can get to them. The most common method of securing information is encryption software, or "crypto" technologies. Scramble the information so only the persons who has the key can unlock it.

    For example, take access control. A bank wants to restrict data entry personnel in payroll from accessing the accounting department's computers. A software company wants to make sure you have bought a software license. You want only you to read your private email. These are examples of access control. In order to open up certain doors, and close others off, the computer has to identify you as you. To identify you as you, the computer asks for a peice of information only you and the computer knows -- a sort of a shared secret (paradox, ha ha). We usually call this the password. To garuntee tha tthe secret remains a secret, we use crypto technologies.

    You can bypass some systems if you have physical access to it. Or at the very least, deny the use of the information from its owners by firebombing the computers and watching it melt. Or attempt to firebomb it. Pyrotechnics doesn't work very well against concrete walls and automatic climate control, as a lot of data centers tend to have. Computers have to exists somewhere, and physically securing them is just as important.

    These computers were created and used by humans. Our very strengths as flexible, feeling people makes us vulnerable to malicious intruders. Troy had walls and armies. Troy fell because people let in a supposed gift, and celebrated. The same with all those computers, holding billions and trillio= ns of dollars worth of buisiness. They're run by people too.

    It comes down to this. We want to jack into the global communications network. That's where the business and people are. We also want to make high and strong walls -- to keep people out and keep people in. Sometimes a policy, a technology will achieve both goals. OFten, there's a tradeoff. You can think of the Internet Troy, you can dream of cybernetic utopia, you can count the windfall of ecommerce. When all is said and done about secure computing, you just have to trust someone.

    Secure Computing & Sun Microsystems Team To Offer Extensive Network Security Sun Professional Services to Offer Secure Computing's SafeWordTM and SecureWireTM to Its Customers(2)

    http://www.sun.com

    May 5, 1998--SAN JOSE, CA -- Secure Computing Corporation (NASDAQ:SCUR) and Sun Microsystems Inc. today announced an agreement which will enable Sun customers to benefit from Secure Computing's SafeWordTM and SecureWireTM enterprise security solutions through Sun Professional Services. The agreement for Sun to resell SafeWord and SecureWire sets in motion the process for Sun Professional Services to assist companies in securing critical information on the Internet, their intranets, extranets and virtual private networks (VPN).

    Because of the quality of your site and the fact that it is undeniably a useful site, I am pleased to award your site the TaFWeb Commended Award. The TaFWeb Awards are aimed at sites which are helping beginners to create their first web pages.

    "In today's business climate of instant access to information, the integrity and confidentiality of corporate information has taken on the utmost importance," said Paul Rochester, vice president and general manager of Sun Professional Services. "If businesses are going to open their networks to outside partners and customers, they need to feel confident that they are doing so in a secure environment. With Secure Computing SecureWire and SafeWord, Sun Professional Services continues to deliver industry leading solutions to our customers."

    As part of the agreement, Sun Professional Services consultants will implement the Safeword strong authentication solution. The SafeWord Solution can provide users with secure remote access to and from their trusted networks, as well as secure access to mission critical applications or servers. Combining one-time encrypted password protection with standards-based interoperability, SafeWord provides the reliability and scalability that todayS networks demand. Sun Microsystems, having used SafeWord internally, is ideally positioned to offer this product as part of an overall security offering.

    As companies look for ways to leverage the wealth of information stored on corporate intranets to external users, Sun Professional Services will help customers implement SecureWire, the industry's premier tool for combining the power of intranets and extranets for secure business solutions. Using SecureWire, organizations are able to leverage their existing technology infrastructure, offering their partners and customers real-time, easy-to-access information they need to better drive their businesses.

    "This is a tremendous opportunity for Secure Computing to work with Sun, one of the leading technology drivers enabling network computing," said Jeff Waxman, chairman and CEO of Secure Computing. "Sun has used our products for several years, and by now including SafeWord and SecureWire as part of their overall security offering, they are able to provide their customers with an industry-leading solution, while demonstrating proof-of-concept to their customers."

    About Sun Microsystems

    Since its inception in 1982, a singular vision, "The Network Is The Computer TM," has propelled Sun Microsystems, Inc., (NASDAQ "SUNW"), to its position as a leading provider of high quality hardware, software, and services for establishing enterprise-wide intranets and expanding the power of the Internet. With more than $9 billion in annual revenues, Sun can be found in more than 150 countries and on the World Wide Web at www.sun.com.

    About Secure Computing

    Secure Computing Corporation provides a trusted, comprehensive offering of interoperable, standards-based products for end-to-end network solutions including firewalls, Web filtering, identification, authentication, authorization, encryption, extranet technologies and professional services. Secure Computing has a worldwide presence in financial services, telecom, aerospace, manufacturing, and hi-tech industries, ranging from Fortune 1000 companies to service providers and government agencies. More information is available over the Internet at www.securecomputing.com.

    Computer parts? [cable modems]

    Chris Steuart Smith

    Can you help me. One of myVenturers is trying to find out the cost of a cable modem for ISDN. Can you advise the price that you can get them for?

    He will be taking over our webpage in the near future. Look out for some magor changes and a possible change of host.

    Bill Schwanitz

    Depending on what ISP you choose, and what type of connection, Cable Modems are cheaper.

    What I have noticed, 64K isdn standard will run anywhere from 80-100 per month. 128k isdn will run roughly 150-500 per month, dependinh on the servive. (The above is simply off of memory, it's been a while since I price'd around...)

    Road Runner in Columbus OH costs $40 per month for subscribers and 50 per month for non-members. The speed of the cable modem is 5-megabit/second uphil, 30 megabit (possible) downstream. This is for the _Full Duplex_ version. The half duplex is using an isdn (64k I believe) for uphill, and something for downhil, I don't know.

    Since cable modems are really a DSL of some type (adsl?) you are fighting those on your hub for the connectivity. Simply put, Road Runner gives 4-megabit for an entire area, last I checked. If you note the speed capabilities I mentioned, 4 megabit is not much.. may the fight begin :->

    Cable modems are more cost effective in the long run. I would expect this list for prices, if in Columbus, OH for RR: $150 - install the hardware, get a network card (they provide a really bad card last I checked) $40/$50 per month: service, subscriber/non subscriber

    You get to ditch the second phone line with the cable modem. So you might be able to cut $20 per month from the above list.

    I have never done the full install of an isdn line, but I think the cost from ameritech is $30 per month just for the line, then you pay the ISP the cost of connectivity.

    Hope that helps,

    The Spirit of the Eagle

    R West. Simi Valley, CA

    You Folks are truly living up to the Spirit of the Eagle. Thank you for your wonderful site. Very useful for our own son's upcoming Eagle Court of Honor.

    Bless you.

    (1)
    Uniform, Events, and Books not included
    (2)
    Product and services named used within are trademarks, registered trademarks and service marks of their respective owners.
     



    This page has been accessed  $pagecount"; ?> times. Since Mon Jul 5 00:21:00 EDT 1999