Note: this is an OCR of a scan of a fax. so please excause the errors # 93-16 1. The ICSA has forwarded me an update disk for V-BASE. The diak came free of charge because IOSA personel had been unable to release an April update as promised in my original registration receipt. The update adds descriptionel of Ami$a, Atari and Maciatomb viruses. The total number of MS-DOS viruses described in now 1800. 2, The proceedings of the 15tb Department of Energy Computer Security Group Training Conference, May 3-6, 1993, are now available from the National Technical Information Service, U.S. Department of Commerce, 5285 Port Royal Road, Springfield, VA 22101. DOE and DOE contractors may obtain copies from Oak Ridge at (015) 070-8401. 'There are several interesting papers, in particular one entitled 'Still Stalking the Wily Hacker: A Case Study of Network Intrusions from Overaeaa'. 3. VEAUDIT/3000 continues to receive favorable evaluations for HP3000 automated analysis. The latest has appeared in the February 1993 edition of 'Interact'. The product from VESOFT can yield information on potential security vulnerabilities. VESOFT can be reached at (310) 282-0420. 4. The May 1093 edition of 'Virus Bulletin' contains an evaluation of MS-DOS 6. In asking the question was it 'worth the wait', the answer is an unqualified 'no' in the area of anti-viral detection. One can also refer to a recent Virus-L edition dedicated exclusively to an evaluation of MSAV by Y. Radai. 5. Security Dynamics continues to expand the range of platforms for its SecurID Card. Under the near term architecture proposed by DISA identifi- cation and authentioation machanism , such as the SecurID Card, will potentially have an expanded market. Bruce Crotts remains the primary marketing representative at Security Dynamics, Inc., (909) 272-3830. 6. I just received the latest Computer Virus Development Quarterly, Spring 1993, from Mark Ludwig. The edition has a technlcal evaluation of the MtE object module. Mark has also provided his own Visible Mutation Engine (VME) to address limitations of the MtE as well as another automated engine known as the Trident Polymorphic Engine (TPE). The disk included with the edition contains copies of the MtH. the VME, the TPE, and sample viruses created with each engine. Mark provided some test results against the MtE and TPE samples. My test results had only one variance. In ble tests Mark dould not detect the TPE sample with VIRUSCAN (version 101), with FPROT (version 2.06), with MSAV-DOS, and with MBAV-WIN. I tound that FPftOT (version 2.08a) did detect the nample reliably. In the lant two editions Mark has included tour different automated tools for viral creation. 7. 'MacWorld', July 1983, han several articles on privacy and the recent Clipper Chip announcement. 'Wiretapping the fast Lane' by Steven Levy in a must read for those interested in the FBI's digital telephony proposal. 8. NIST has forwarded me the revised standard for security Requirements for cryptographic Modules (FIPS 140-1). The FIPS in now in final review. Clearly one of the advantages in providing comments on draft FIPS is that one has the opportunity to get an advance view of the final product. The FIPS will replace Federal Standard 1027. 9. I am nendin out June's monthly updates somewhat early given that I will be in St. Louis next week.