Notes for our discussion of "the Internet" vs. "the Darknet"

        Timberg's two articles, combined with a  scroll through Robert Zakon's Internet Timeline, should convince you that the Internet, the network upon which all of your digital devices increasingly depend for their access to digital text (and everything else!) is a patched-together mass of compromises and inventions rather than a single, coherently designed device.  The Internet's vulnerabilities to hacking are part of the way it grows new capacities, by permiting new code to "exploit" features or absences of features in old code.  Beneficial exploits are praised and make some people billionaires.  Malicious exploits are at least as numerous and can only be defended against with great difficulty.  One form of hacking danger from the Darknet is vulnerability of the Microsoft Windows and Apple iOS operating systems to "zero-day exploits."   For an explanation of the term and some examples from 2015, read:  http://www.pcworld.com/article/2982361/microsoft-patches-yet-another-hacking-team-zero-day-exploit.html The much more recent "ransomeware" attacks in Spring 2016 are explained in this Wired.com article: https://www.wired.com/2017/05/hacker-lexicon-guide-ransomware-scary-hack-thats-rise/ 

        In the murky world of Internet security hacking, the terms "white-hat" and "black-hat" are used with some imprecision to identify legal, defensive hackers who help defend systems and users from those who use exactly the same computer skills to create software programs with which to penetrate system and user security for various purposes: to play, to make political statements, to damage or destroy a perceived enemy, or to make a lot of illegal money.    The "hats" can change colors swiftly.  Kevin Mitnick, formerly on the FBI's "Most Wanted" list for illegally invading major corporations' computer systems for fun and profit, currently runs an allegedly "white-hat" Internet security company that offers, among other things, exclusive access to zero-day exploits so that their targets can write defensive "patch" code and distribute it before the exploits are announced.  https://www.mitnicksecurity.com/shopping/absolute-zero-day-exploit-exchange.  Mitnick's group makes money from the targets, and uses it to buy the exploits from freelance hackers who may be playing both sides of the game.  Their terms of service could easily allow them to sell exploits to criminals as well as to legitimate software engineers trying to protect their employers and customers (i.e., you).

        In addition to zero-day exploits, which are mainly unintentional security openings in an operating system or application program, software manufacturers actually intentionally build security access "backdoors" into operating systems so that their field engineers can enter them if some failure of the system operator ("sysop") access has been disabled.  For instance, if you cannot log on to your Goucher account using the ordinary login screen, IT can always access your account through their "backdoor" system, though at Goucher they are supposed to ask your permission to do so.  If IT's access has been disabled by some coding disaster, perhaps as a result of a botched software upgrade, the software maker's own backdoor accesss remains to allow them to recover your data.  Nevertheless, if hackers discover the backdoor, they can use it, too, as in this November 2010 announcement of an Android phone backdoor exploit: http://www.h-online.com/security/news/item/Back-door-exploit-for-Android-phones-1131858.html

Steve Crocker, RFC1 for Host Software, 1969.  The first Internet "Request for Comment"--note it has no section for "Security Concerns."

Jim Postel, RFC2000 for Internet Protocol Standards, 1997--the "Security Considerations" section has been added but is ignored.

Paul Nesser II, RFC2626 for The Internet and the Millenium Problem, 1999--identifying the "Millenium" or "Y2K Bug" and treating security rather more carefully.