From: Chris McDonald STEWS-IM-CM-S (9/17/93) To: orvis@icdc.llnl.gov Mail*Link¨ SMTP Information Systems Securit # 93-22 1. The September 1993 edition of the IEEE "Computer" has several articles on network resources and connectivity: (a) "Internet Resource Discovery Services"; (b) Internet Resource Discovery at the University of Colorado"; and (c) "Computer Networks in Estonia, Latvia, and Lithuania". 2. Datawatch Corporation has released version 4.0 of Virex, the anti-viral tool for Macintosh systems. As a registered user, one has the option to obtain either a System 6 or a System 7 startup disk as well as a revised User's Manual. The latter in particular is long overdue. 3. The September/October 1993 edition of "Infosecurity News" has an article by Michael Alexander entitled "Computing Infosecurity's Top 10 Events". While interesting in what specific events or developments made the Top 10, it is just as interesting to consider what did not qualify. For example, Mr. Alexander and "15 top infosecurity experts" did not select the "Wily Hacker" and Cliff Stoll. I find it difficult to fathom how this event escaped recognition. If you have the opportunity to read the article, and think of something you would have included, please send it to me. I may do an article on "Computing Infosecurity's Top 10 Events Which Were Missed". 4. The September 1993 "Communications of the ACM" has a concise Viewpoint article by Professor Lance Hoffman entitled "Clipping Clipper". If you have followed the Clipper Chip controversy in Risks-Forum and in the EFF Online, you will recognize that Professor Hoffman has done an excellent job in summarizing one half of the positions. In a lighter, but still serious vein, the "Inside Risks" article addresses members of the animal kingdom "as system crackers, mischief makers, and innocent victims." I will add one case which occurred at White Sands several years ago to the historical record. Two squirrels romping in a power transformer site managed to end their lives through electrocution at one of our main power distribution stations. In the process they caused a total power black out for several thousand employees which lasted over four hours. I have to confess that my formal risk assessment had overlooked the specific nature of this threat. 5. Some may remember that the "Computers at Risk . . ." study of several years ago recommended the reassessment of export controls for encryption technology. A recent GAO report, "Issues in Removing Militarily Sensitive Items from the Munitions List" (GAO/NSIAD-93-67), reports on the apparent lack of progress in this area. 6. The only product test report distributed since the last update was PT-53, Gatekeeper/Gatekeeper Aid, version 1.2.8. ------------------ RFC822 Header Follows ------------------ Received: by internetqm.llnl.gov with SMTP;17 Sep 1993 06:52:05 -0800 Return-path: cmcdonal@wsmr-emh34.army.MIL Received: from icdc.llnl.gov by icdc.llnl.gov (PMDF #3384 ) id <01H31NV7G2Y8AW589M@icdc.llnl.gov>; Fri, 17 Sep 1993 06:51:44 PDT Received: from pierce.llnl.gov by icdc.llnl.gov (PMDF #3384 ) id <01H31NUPN35CAW57Q1@icdc.llnl.gov>; Fri, 17 Sep 1993 06:51:23 PDT Received: by pierce.llnl.gov (4.1/LLNL-1.18/llnl.gov-05.92) id AA19796; Fri, 17 Sep 93 06:52:18 PDT Received: from wsmr-emh34.army.mil by pierce.llnl.gov (4.1/LLNL-1.18/llnl.gov-05.92) id AA19787; Fri, 17 Sep 93 06:52:12 PDT Date: 17 Sep 1993 07:37:51 -0600 (MDT) From: Chris McDonald STEWS-IM-CM-S Subject: Information Systems Security Update, # 93-12 Resent-to: BILL_ORVIS@QUICKMAIL.llnl.GOV To: orvis@icdc.llnl.gov Resent-message-id: <01H31NV7IHRMAW589M@icdc.llnl.gov> Message-id: <9309171352.AA19787@pierce.llnl.gov> X-Envelope-to: BILL_ORVIS@QUICKMAIL.llnl.gov X-VMS-To: IN%"orvis@icdc.llnl.gov" Content-transfer-encoding: 7BIT [To]: cmcdonal@wsmr-emh34.army.mil Apparently-To: orvis@icdc.llnl.gov ======================================================================