Date: 18 May 1994 08:51:49 -0600 (MDT) From: Chris McDonald Subject: Information Systems Security Update, # 94-09 To: orvis@icdc.llnl.gov Content-transfer-encoding: 7BIT [To]: cmcdonal@wsmr-emh34.army.mil [Cc]: krvw@agarne.ims.disa.mil Apparently-To: orvis@icdc.llnl.gov # 94-09 Contents Discount CD-ROM Virus Collection Security Film--No Oscar in Sight Computer Crime Fighters Handbook Barlow in Cyberspace Where are you Richard Feynman? Electronic Mail Nightmare in the Future 1. In a previous update I mentioned that American Eagle Publications had placed an advertisement in "2600" for the sale of a CD-ROM with "thousands of MS-DOS viruses". I have now confirmed that subscribers to the Computer Virus Developments Quarterly may obtain a $20.00 discount on the CD. American Eagle is also offering other discounts to non- subscribers. Historically it is not at all clear to me what impact the distribution of malicious code has had on the number of reported viral infections. Ralph Burger's book of several years ago obviously contributed to the spread and modification of Vienna-based MS-DOS viral strains; but this example is somewhat ancient. The UK and other foreign countries continue to argue that distribution should be illegal, and have mounted rather successful raids on computer virus factories. Maybe some graduate student could consider a master's thesis on the subject? 2. Commonwealth Films Inc. has just released a new security film entitled "The Best Defense: Computer Security Today". I give it a "C" grade after two preview showings. The film addresses six major areas with the emphasis on personal computers and local network servers. Running time is 22 minutes. In comparison to other Commonwealth Films, such as "Invasion of the Data Snatchers" and "Virus Prevention, Detection and Recovery", this film seemed boring and dry. Large segments of the information presented repeated the message of previous films. Since I have purchased and utilized other Commonwealth Films in training programs over the last 10 years, I must admit my expectations may have been too high prior to the preview. 3. Buck Bloombecker, the Director of the National Center for Computer Crime Data, has a new book "Computer Crime Laws". The marketing literature suggests the book addresses the full spectrum of defining, investigating, prosecuting and defending computer crime. The publisher is Clark Boardman Callaghan, 1-800-221-9428. The price is $115.00 with a 30 day trial privilege. 4. The May 1994 "Communications of the ACM" contains yet another great article from John Barlow, "Dad's Invisible Guard-All Shield". Rather than ruining it by offering a synopsis, let me just encourage everyone to simply read it. After a day of "InfoWaring", Barlow's ideas will put it all in perspective. 5. "Science News", May 14, 1994 edition has an article "Opening a Quantum Door on Computing". The article describes how Peter Shor of AT&T Bell Laboratories has proven (im principle) that "quantum computation can provide the shortcut needed to convert the factoring of large numbers from a time-consuming chore into an amazingly quick operation". While one should not look for a "quantum computer" in the near term, there clearly are security implications for cryptographers. The article attributes the notion of quantum computation to Richard Feynman who was a legend in his own time. 6. While Netland has been active on the FBI's digital telephone proposal and NSA's Clipper Chip, little discussion on a recent Federal Register item in which the National Archivist proposed criteria for archiving electronic mail. Though specific retention periods are to be published at a later date, the implications for Federal agencies will be significant in my opinion. I would opine that those of us in government who utilize electronic mail will find it a necessity to more closely monitor what we transmit and to whom we transmit it. Freedom of Information requests will be the next paper avalanche upon adoption of the final criteria. [Disclaimer: Information Systems Security Updates represent the opinions and views of the author, not his employer. Recipients are free to quote all/parts of the ISSU with credit/blame to the author.]