From: Chris McDonald STEWS-IM-CM-S (12/21/93) To: orvis@icdc.llnl.gov Mail*Link¨ SMTP Information Systems Securit # 93-27 1. Federal Information Processing Publication 181, "Automated Password Generator (APG), is available. Although the FIPS has an issue date of October 5, 1993, I obtained an "advance" copy last week. The objectives of the FIPS are to: a. improve the administration of password systems that are used for authenticating the identity of individuals accessing computer resources or files; b. provide a standard automated method for producting pronounceable passwords that have no association with a particular user; c. produce passwords that are easily remembered, stored, and entered into computer systems, yet not readily susceptible to automated techniques that have been developed to search for and disclose passwords. The standard utilizes the electronic codebook (ECB) mode of the data encryption standard (DES) as the random number generator. This is rather an ironic touch given NSA's official opinion of DES and given that vendors who implement the FIPS generator must contact the Department of Commerce to determine whether an export license will be required. 2. OpenVision has acquired Demax Software. Consequently, the Demax "Security Management" publication has a new name: "Information Security Journal". I received the Fall edition of the publication which appears to be geared for corporate users. There was an interesting article on "Crisis Management - The Key to Business Survival" as well as a synopsis of a survey by Demax Software and S.A.F.E. Computing entitled "Unix Security in the Commercial Environment". What I like about the publication is that the articles are clear and to the point. While there is naturally references to OpenVision's product line, there are also opportunities to obtain additional information on several of the articles without apparent obligation. The publication provides both standard mail addresses as well as Internet addresses for such material. You might also qualify for a "free" subscription by writing OpenVision, 999 Baker Way, Suite 500, San Mateo, CA 94404. 3. The December 1993 edition of "Virus Bulletin" has an analysis by Fridrik Skulason of "Part_1.zip" which contained 266 files, the majority of which turned out to be new variants of known viruses. Mr. Skulason proposes that the viruses were modified to avoid detection by McAfee's Viruscan program since at the time the collection was received by the editor of "Virus Bulletin" Viruscan did not identify any of the variants. Mr. Skulason notes that version 109 of Viruscan addressed this fact. While both McAfee Associates and Central Point anti-viral programs have been targets before of viral authors, this appears to me the largest and perhaps the most clever attack yet against an anti-viral tool. In this case rather then release the variants the unknown author(s) chose to send the collection to a virus researcher. The question left unanswered: Is there a Part_2.zip? 4. "MacWeek", 12.13.93, in its ProductWatch section has an article by Bruce Schneier on anti-viral protection for the Macintosh. The article is very thin in my opinion. Even worse, the author has a sidebar in which he discusses why there are more viruses in the MS-DOS world. His discussion on polymorphic viruses with his conclusion that a polymorphic virus "cannot be found by a virus scanner" is simply incorrect. Virus scanners in the MS-DOS world have so far been extremely effective in identifying polymorphic strains. If Mr. Schneier meant to imply that viral scanning by specific signature is inappro- priate for polymorphic detection, then he should have stated that fact. But, since he later states that the "only way to catch it is with a preventive monitor", it would be hazardous to speculate on what he intended. 5. In apparent violation of the Eleventh Commandment (Thou shalt not criticize thy business competitor!), DataWatch is running an advertisement for Virex 5.0 in which it claims the program is "36 times faster" than SAM. The ad ends with the sentence: "Because once you put Virex to the test, it'll be time for SAM to hit the road". As a registered user of both SAM and Virex, I must note the advertisement does not tell you that registered users of SAM can obtain updates for both detection and disinfection free of charge. The DataWatch Virex policy is for registered users to obtain detection strings ONLY free of charge with all disinfection capabilities dependent upon a mandatory update fee. 6. The December 1993 edition of the IEEE "Computer" has a fantastic article by Roger Clarke, Australian National University, entitled: "Asiimov's Laws of Robotics: Implications for Information Technology". Part 1 is in the edition with Part 2 to follow. This will be a keeper! ------------------ RFC822 Header Follows ------------------ Received: by smtpqm.llnl.gov with SMTP;21 Dec 1993 13:53:40 -0800 Return-path: cmcdonal@wsmr-emh34.army.MIL Received: from icdc.llnl.gov by icdc.llnl.gov (PMDF #3384 ) id <01H6QSA1ZFJ496VUW0@icdc.llnl.gov>; Tue, 21 Dec 1993 13:52:49 PST Received: from pierce.llnl.gov by icdc.llnl.gov (PMDF #3384 ) id <01H6QS9KZQWG96VUVZ@icdc.llnl.gov>; Tue, 21 Dec 1993 13:52:29 PST Received: by pierce.llnl.gov (4.1/LLNL-1.18/llnl.gov-05.92) id AA16250; Tue, 21 Dec 93 13:53:27 PST Received: from wsmr-emh34.army.mil by pierce.llnl.gov (4.1/LLNL-1.18/llnl.gov-05.92) id AA16231; Tue, 21 Dec 93 13:53:21 PST Date: 21 Dec 1993 14:15:56 -0700 (MST) From: Chris McDonald STEWS-IM-CM-S Subject: Information Systems Security Update, # 93-27 Resent-to: BILL_ORVIS@QUICKMAIL.llnl.GOV To: orvis@icdc.llnl.gov Resent-message-id: <01H6QSA22WXE96VUW0@icdc.llnl.gov> Message-id: <9312212153.AA16231@pierce.llnl.gov> X-Envelope-to: BILL_ORVIS@QUICKMAIL.llnl.gov X-VMS-To: IN%"orvis@icdc.llnl.gov" Content-transfer-encoding: 7BIT [To]: cmcdonal@wsmr-emh34.army.mil [Cc]: krvw@agarne.ims.disa.mil Apparently-To: orvis@icdc.llnl.gov ======================================================================