From: Chris McDonald STEWS-IM-CM-S (3/10/93) To: /usr/cmcdonal/maillist:@wsmr-em, CC: /usr/cmcdonal/reviewlist:@wsmr-, Mail*Link¨ SMTP Information Systems Securit #93-9 1. Sometime ago I recommended Dave Curry's book, "Unix System Security: A Guide for Users and System Administrators". I had occasion to refer back to Chapter 4 of the book in the reaccreditation of a wide area network recently. This chapter deals specifically with simple tests that one can use to determine a system's susceptibility to some well-publicized vulnerabilities. It was so well-done that I feel obliged to make yet another plug. Addison-Wesley is the publisher, ISBN 0-201-56327-4, $31.25. I of course make no commission! 2. SIMTEL20 is now an official Internet distribution source for the Hack Report. This monthly report addresses the investigation of trojan horses, copyright infringements, and a host of other issues. The March report is in the path pd1:hack9303.zip. The complete 1992 summary is also available in the same directory. The Hack Report may be freely distributed so long as you comply with the author's instructions. 3. MacWorld, Aprio 1993, has an article entitled "April Foolishness" which discusses so-called "joke" software for the Macintosh. Since the symptoms of some of these programs may cause users to panic, one might want to become familiar with them. In a similar vein an author posted to the Macintosh repository at sumex-aim a program called "IQ-TEST.HQX". When one uncompresses the file, and double clicks on the IQ-TEST icon, an error message window appears with a system bomb icon: Sorry, a system error occurred. "IQ-Test" unimplemented trap When one attempts to click on the Restart button which appears within the message window, the button jumps around the window as one moves the cursor to it. In frustration a user might then restart or power-down her or his system. The "correct solution" to the test is to enter "command-period" to close the window. All anti-viral programs scanned negative for any known malicious program. The effects are similar to a program "Sexplosion" discussed in the Macintosh article. 4. I have distributed revisions to PT-9 (Disinfectant) and to PT-41 (VIRx) this week. Both programs extremely well-done by talented individuals. ------------------ RFC822 Header Follows ------------------ Received: by internetqm.llnl.gov with SMTP;10 Mar 1993 07:13:35 -0800 Return-path: cmcdonal <@WSMR-SIMTEL20.ARMY.MIL:cmcdonal@wsmr-emh03.army.mil> Received: from icdc.llnl.gov by icdc.llnl.gov (PMDF #3384 ) id <01GVMUN0PL3K9BWFOH@icdc.llnl.gov>; Wed, 10 Mar 1993 07:03:43 PST Received: from pierce.llnl.gov by icdc.llnl.gov (PMDF #3384 ) id <01GVMUM57P9S9BWG80@icdc.llnl.gov>; Wed, 10 Mar 1993 07:03:05 PST Received: by pierce.llnl.gov (4.1/LLNL-1.18/llnl.gov-05.92) id AA00118; Wed, 10 Mar 93 07:03:32 PST Received: from WSMR-SIMTEL20.ARMY.MIL by pierce.llnl.gov (4.1/LLNL-1.18/llnl.gov-05.92) id AA00110; Wed, 10 Mar 93 07:03:25 PST Received: from wsmr-emh03.army.mil by WSMR-SIMTEL20.ARMY.MIL with TCP; Wed, 10 Mar 1993 08:02:03 -0700 (MST) Date: 10 Mar 1993 07:54:25 -0700 (MST) From: Chris McDonald STEWS-IM-CM-S Subject: Information Systems Security Update, #93-9 Resent-to: BILL_ORVIS@QUICKMAIL.llnl.GOV To: /usr/cmcdonal/maillist:@wsmr-emh03.army.mil Cc: /usr/cmcdonal/reviewlist:@wsmr-emh03.army.mil Resent-message-id: <01GVMUN1GDLU9BWFOH@icdc.llnl.gov> Message-id: <9303101503.AA00110@pierce.llnl.gov> X-Envelope-to: BILL_ORVIS@QUICKMAIL.llnl.gov X-VMS-To: IN%"/usr/cmcdonal/maillist:@wsmr-emh03.army.mil" X-VMS-Cc: IN%"/usr/cmcdonal/reviewlist:@wsmr-emh03.army.mil" Content-transfer-encoding: 7BIT ======================================================================