From: Chris McDonald STEWS-IM-CM-S (10/13/93) To: orvis@icdc.llnl.gov Mail*Link¨ SMTP Information Systems Securit # 93-23 1. The National Security Agency has published "A National Strategy for the Future" which identifies seven initiatives "to achieve development of the security infrastructure necessary to protect vital U.S. information systems processing classified and Warner Amendment information". If you have been a subscriber to the Rainbow Series of documents, the initiatives will be old news. I must note the document presents a marginal overview of threats to information systems by focusing exclusively on intentional, human attacks. The interior cover of the document has a date of August 1993. 2. The Summer 1993 edition of the "Computer Virus Developments Quarterly" listed the telephone numbers of four BBSs allegedly involved in the distribution of computer viruses: Caustic Contagion in Waco, TX; The Black Axis in Virginia Beach, VA; the Micro Information Systems Services in Santa Clarita, CA; and the Hell Pit in Wheeling, IL. The first two were off-line as of the 1st of the month; the remaining two were reachable. 3. The fall edition of "Information Systems Security" contains several excellent articles, in particular one by Peter Goldis entitled "Comparing MVS and UNIX Security: The View from the Glass House". Ray Kaplan and Joe Kovara have summarized several of their recent teleconferences in an update of a paper which they have presented in other forums. The article is entitled "Psychological Subversion of Information Systems". Harry DeMaio does his typical outstanding "directions in security" corner with thoughts on "A Situational Approach to Integrity". I would suggest one read Mr. DeMaio's article with close attention to Robert Courtney's definition of data integrity (i.e., "data not being any worse than we thought it was.") Finally, Donn Parker, the consulting editor, does his routine high dive into an empty pool. In commenting on the Clipper chip proposal, he offers this gem: "We should demand that all cryptographic products be designed to allow higher authorities the ability to override cryptographic controls." It is hard to believe Mr. Parker's corporate clients would embrace such a position. I find the proposal advanced by Mr. Parker and by Dr. Dorothy Denning in support of Clipper hopelessly flawed. What self-respecting drug dealer or international terrorist would use Clipper? Maybe I have been in the desert too long! 4. The ACM SIGSAC will sponsor the 1st ACM Conference on Computer and Communications Security, November 3-5, 1993 in Fairfax, Virginia. The advance technical program suggests the conference is for the academic and/or technocrat. One may obtain registration information from George Mason University at (703) 993-2090 or acmccs93@isse.gmu.edu. 5. There have been a number of upgrades to anti-viral tools in the last several weeks. a. CPAV updated to version 2.1. b. NAV updated to version 3.0. c. TBAV updated to version 6.07 d. Vi-SPY updated to version 12.0 ------------------ RFC822 Header Follows ------------------ Received: by internetqm.llnl.gov with SMTP;13 Oct 1993 15:32:28 -0800 Return-path: cmcdonal@wsmr-emh34.army.MIL Received: from icdc.llnl.gov by icdc.llnl.gov (PMDF #3384 ) id <01H42HJF9PAOAW6B8K@icdc.llnl.gov>; Wed, 13 Oct 1993 15:29:45 PDT Received: from pierce.llnl.gov by icdc.llnl.gov (PMDF #3384 ) id <01H42HI9LLMOAW6AJJ@icdc.llnl.gov>; Wed, 13 Oct 1993 15:29:05 PDT Received: by pierce.llnl.gov (4.1/LLNL-1.18/llnl.gov-05.92) id AA21117; Wed, 13 Oct 93 15:29:26 PDT Received: from wsmr-emh34.army.mil by pierce.llnl.gov (4.1/LLNL-1.18/llnl.gov-05.92) id AA21063; Wed, 13 Oct 93 15:29:01 PDT Date: 13 Oct 1993 16:13:39 -0600 (MDT) From: Chris McDonald STEWS-IM-CM-S Subject: Information Systems Security Update, # 93-23 Resent-to: BILL_ORVIS@QUICKMAIL.llnl.GOV To: orvis@icdc.llnl.gov Resent-message-id: <01H42HJFI0AQAW6B8K@icdc.llnl.gov> Message-id: <9310132229.AA21063@pierce.llnl.gov> X-Envelope-to: BILL_ORVIS@QUICKMAIL.llnl.gov X-VMS-To: IN%"orvis@icdc.llnl.gov" Content-transfer-encoding: 7BIT [To]: cmcdonal@wsmr-emh34.army.mil [Cc]: krvw@agarne.ims.disa.mil Apparently-To: orvis@icdc.llnl.gov ======================================================================