Date: 01 May 1994 22:24:39 -0600 (MDT) From: Chris McDonald Subject: Information Systems Security Update, # 94-08 To: orvis@icdc.llnl.gov Content-transfer-encoding: 7BIT [To]: cmcdonal@wsmr-emh34.army.mil [Cc]: krvw@agarme.ims.disa.mil Apparently-To: orvis@icdc.llnl.gov # 94-08 Contents Sys Admin ViaCrypt PGP Raxco Publication Virus Bulletin Notes Computer Anti-Virus Film 1. If you are hungry for reading material, you might want to give "Sys Admin (The Journal for UNIX System Administrators)" a try. One can subscribe electronically for the six yearly editions by sending mail to sasub@rdpub.com. If you choose this option, you even receive an electronic acknowledgement. I found the first copy contained articles of interest to the novice and to the intermediate UNIX administrator/security person. Apparently the first edition hit the streets in May 92. Code listings for each issue are available on UUNET. 2. The "Wall Street Journal" had a front page article last week on the author of PGP and the current controversy. If you want to see a "legal" implementation, assuming for the moment that there might be illegal implementations of PGP on Netland, you should contact ViaCrypt, 2104 West Peoria Avenue, Phoenix, AZ or at 602- 944-0773. I requested and received a full description of their product line. Products are available for MS-DOS and UNIX platforms. The vendor also claims to be FIPS 140-1 compliant, although it is not claimed that NIST has certified compliance. 3. Raxco, Inc., sent me a flyer on one of their automated tools for UNIX. In answering it I received a Raxco document entitled "UNIX Standards and Guidelines". The first fifty-four pages present a concise summary of policy and security guidelines. Even if you are not interested in the Raxco Security Toolkit/UNIX, the document is worth your time. You can obtain a copy from an authorized Raxco distributor, or directly from Raxco at 371 East 800 South, Orem, UT 84058 or 801-224-5306. Be advised you might also be asked to try a forty-five day demonstration copy of the Toolkit/UNIX described in the remaining twenty-six pages. 4. The April 1994 edition of "Virus Bulletin" had two interesting notes. First, there is a report that a document has appeared in the hacker underground which gives details on "how to write code which does not raise an alert in packages employing heuristics". While the document appears to target TBAV, other scanner programs might be targeted. At this stage I am unaware of any specific virus written and identified to implement the information alleged to be contained in the document. Second, Neo-Nazis in Germany have their own network of BBSs called the "Thule Network". Security is apparently paramount. I wonder if DES or PGP might be in place? 5. If you need a video for anti-virus training, may I suggest Commonwealth Films' "Virus: Prevention, Detection, Recovery". Although the film has been around since 1992, it holds up well. I recently used the film in four anti-virus techniques classes to an audience of novice users. It was well-received. There are perhaps three or four minor points in the film which might be subject to debate. One can handle those with appropriate trailer comments. You can reach Commonwealth at 617-262-5634. Preview showings are available at reasonable rates. [Disclaimer: Information Systems Security Updates represent the opinions and views of the author, not his employer. Recipients are free to quote all/parts of the ISSU with credit/blame to the author.]