Date: 03 Mar 1994 23:02:12 -0700 (MST) From: Chris McDonald Subject: Information Systems Security Update, # 94-04 To: orvis@icdc.llnl.gov Content-transfer-encoding: 7BIT [To]: cmcdonal@wsmr-emh34.army.mil [Cc]: krvw@agarne.ims.disa.mil Apparently-To: orvis@icdc.llnl.gov # 94-04 1. The March 1994 edition of the Product Test Index went out on March 1st. There were two product tests distributed in February: F-PROT (revised PT- 65) and ultraSECURE (PT-72). I added two additional items as "in process": reviews for COPS and for tcp_wrappers. As I finally catch up with putting into print the results of testing PC security-related programs, my intent will be to expand the product test review format to include other automated tools such as SPI and Tripwire. Since I already have operating experience with COPS and tcp_wrappers, my plan is to publish reports on these by the end of the month. If anyone has had some interesting experiences with either or both programs, you can send me the information for inclusion in the review. Full credit and personal citation will be given, as always. In the future I plan to make time for seriously looking at the latest versions of SPI and Tripwire. 2. There was one addition in the update to the March list of reported viral infections in commercial/government media/software. The virus reported was the Satan Bug in the MS-DOS environment. The infection occurred in a government activity. 3. The Winter 1993/4 edition of the Computer Virus Developments Quarterly has appeared in the mail. The discussion and the enclosed disk address the topic of viruses for the MS-DOS Windows environment. There is also an announcement for the Second International Virus Writing Contest, with the winner to be announced at the DEFCON conference in Las Vegas, July 22-24, 1994. The editor has updated a disk encryption program originally distributed last year: the Potassium Hydroxide, version 1.01. The documentation states that the "encryption algorithm used by KOH is the International Data Encryption Algorithm, developed in Europe and implemented outside the US". Finally, Mr. Ludwig has an article "Worse than Pornography!" in which he relates that "Computer Shopper" has refused to carry future advertisements for his magazine. He notes that, while his advertisements will no longer appear, the publication will continue to carry ads for adult CD-ROMs. The disk, which accompanied the hardcopy, contained the assembled code for the above mentioned programs as well as the following: a copy of the MS-DOS Tremor virus; a copy of a variant of the MS-DOS Green Caterpillar virus; a copy of an English language version of the German Virus Construction Set, V1.0; a copy of the PGP software; and an advertisement for the Hell Pit BBS. 4. Gene Spafford sent me an advance copy of a paper which he and Gene Kim will present at the SAN-III Conference, "Experiences with Tripwire: Using Integrity Checkers for Intrusion Detection". I found it a great overview of where Tripwire stands at this time. Tripwire source is available at ftp.cs.purdue.edu in the path pub/spaf/COAST/Tripwire. 5. OpenVision sent me a copy of "Integrating Security into Open Systems Environments" which I mentioned in # 94-03. The document is thin on substance and offers no originality--but then it was FREE. 6. Lassen Software, Inc., offers an interesting way to try out its access control software for MS-DOS systems. The product, Trusted Access (see PT-54), can now be rented rather than just purchased. The marketing gambit is effective till March 15, 1994. A single copy can be purchased for $139.95; rented per month for $8.11. At the far end 5,000 or more copies can be purchased for $17.75 per copy; or leased for $1.03 per month per copy. The business office number is 916-877-0408; the order number is 800-338-2126. As always, I must emphasize that I have no financial interest. 7. Richard Riehle has an article in the February 1994 edition of the "HP Professional" entitled "Killer Software". It's a very readable piece which begins with this tale: "You may not know it, but software can kill. Eugene Smith of Doylestown, PA. was declared 'dead' by software. A driver's licensing database insists he died in a traffic accident. He has spent nearly three years trying to get reinstated through the Pennslyvania state computer system. But, the software is designed so that once you are dead-- you stay dead". 8. Buck Bloombecker, the man behind the National Center for Computer Crime Data, recently sent me the latest update on his Computer Crime Law Reporter. Buck has compiled all of the US Federal and state laws which address computer crime, computer viruses, etc. The Reporter also includes reprints from the Computer/Law Journal and other legal reviews of interest. I thought the $40 for the update was worth the compilation and research effort. NCCCD can be reached at (408) 475-4457 or FAX (408) 475-5336 for additional information. Buck is the author of the book "Spectacular Computer Crimes" which is a collection of interviews with individuals who have been involved in computer crime adventures. 9. If you missed William Safire's "New York Times" column "Cash in clipper chips", I will be happy to fax you a copy if you send me your fax number. Since I will be in Huntsville, AL next week as part of a three person computer security training team, be patient until the 14th.