From: Chris McDonald (3/15/93) To: securitylist:;@WSMR-SIMTEL20.AR, CC: cmcdonald@wsmr-simtel20.army.MI, Mail*Link¨ SMTP Information Systems Securit #93-10 1. The Spring 1993 edition of "Information Systems Security" is now available. Auerbach Publications is the publisher. Donn Parker is the consulting editor. The articles continue to provide a diverse overview of information systems security topics. The journal can be somewhat imposing for the non-security practitioner, but every now and then it does provide some comic relief. This edition, for example, has some character by the name of Mc Donald who has an article entitled "Computers at Risk: Does Anyone Remember" in the Public Policy Review section. If there is one shortfall in the publication, it is the so-called Product Highlights section which the consulting editor continues to insist "reviews" products. Actually the section is nothing more than an advertisement for hardware/software products. 2. Last month I did a synopsis of the Virus Creation Laboratory, version 1.00, created by Nowhere Man. I prepared the synopsis from actually running the program which I received as a subscriber to Computer Virus Developments Quarterly, Volume 1, Number 2 -- Winter, 1992/3. I used the readme files included with the program, comments by Mark Ludwig in his evaluation of the program, and my own original thoughts. I did not use any classified national defense information in the preparation of the synopsis, and was unaware at the time I prepared the synopsis that any government agency may have issued any reports, classified or unclassified, on the VCL. I find it necessary to ensure these points are made because I received a telephone call yesterday from a site which had received my analysis over the Internet and was comparing it with a classified summary prepared by a government agency. Since I do not have access to the agency's report, and since I do have all of the unclassified material used in my report, I see no reason to identify the agency. In the event anyone else should contact you regarding this matter, please refer them to me. If you are one of those classifiers, the March 1993 edition of "Virus Bulletin" has an analysis of an automated tool to write computer viruses, called G2, which from the review apparently results in better code than that produced by VCL. 3. If one is interested in significant "bug" reports for the Macintosh, let me recommend the MacInTouch column by Ric Ford in MacWeek. Mr. Ford has been very informative and entertaining over the last month. His byline indicates that there is a MacWeek Forum at location ZMC:MACWEEK on CompuServe or ZiffNet/Mac. You might also want to download Dave Camp's Disk Bug Checker for Mac's hierarchical file system. One Internet source is 36.44.0.6, sumex-aim, in the path info-mac/util/disk-bug.checker-11.hqx. This site supports anonymous ftp downloading. 4. The March 1993 edition of the Communications of the ACM has a fascinating point-counterpoint between Dr. Dorothy E. Denning and eight other individuals on the subject of the FBI's digital telephony proposal. The debate, entitled "To Tap or Not to Tap", is extremely interesting. If you have followed the Risks Forum discussion on the subject, you will have an advantage in analyzing the material. Unfortunately only a few of the participants provide their electronic mail address, but it seems worthwhile to participate in the debate. 5. The U.S. Army Research and Development Laboratory at Picatinny Arsenal will host its annual Computer Security Event on April 7-8, 1993, at Dover, NJ. If you might be interested in learning more about the conference, or in your participation on-site or via video teleconferencing, send a message to lgraham@ pica.army.mil. ------- ------------------ RFC822 Header Follows ------------------ Received: by internetqm.llnl.gov with SMTP;15 Mar 1993 20:31:20 -0800 Return-path: CMCDONALD@WSMR-SIMTEL20.ARMY.MIL Received: from icdc.llnl.gov by icdc.llnl.gov (PMDF #3384 ) id <01GVULXPM9LC9BWTXH@icdc.llnl.gov>; Mon, 15 Mar 1993 20:21:21 PST Received: from pierce.llnl.gov by icdc.llnl.gov (PMDF #3384 ) id <01GVULX62MRK9BWTDW@icdc.llnl.gov>; Mon, 15 Mar 1993 20:20:56 PST Received: by pierce.llnl.gov (4.1/LLNL-1.18/llnl.gov-05.92) id AA28402; Mon, 15 Mar 93 20:21:33 PST Received: from WSMR-SIMTEL20.ARMY.MIL by pierce.llnl.gov (4.1/LLNL-1.18/llnl.gov-05.92) id AA28395; Mon, 15 Mar 93 20:21:30 PST Date: 15 Mar 1993 21:10:24 -0700 (MST) From: Chris McDonald Subject: Information Systems Security Update, #93-10 Resent-to: BILL_ORVIS@QUICKMAIL.llnl.GOV To: securitylist:;@WSMR-SIMTEL20.ARMY.MIL Cc: cmcdonald@wsmr-simtel20.army.MIL Resent-message-id: <01GVULXQ1T029BWTXH@icdc.llnl.gov> Message-id: <12861354513.23.CMCDONALD@WSMR-SIMTEL20.ARMY.MIL> X-Envelope-to: BILL_ORVIS@QUICKMAIL.llnl.gov X-VMS-To: IN%"securitylist:;@WSMR-SIMTEL20.ARMY.MIL" X-VMS-Cc: IN%"cmcdonald@wsmr-simtel20.army.MIL" Content-transfer-encoding: 7BIT ======================================================================