Date: 27 Jun 1994 08:31:46 -0600 (MDT) From: Chris McDonald Subject: Information Systems Security Update, # 94-11 To: orvis@icdc.llnl.gov To: cmcdonal@wsmr-emh34.army.mil Cc: carmenda@wsmr-emh34.army.mil Apparently-To: orvis@icdc.llnl.gov # 94-11 Contents There is Life after an Earthquake NCSC Colors the Horizon CVDQ looks at Windows Potholes in the Superhighway NIDES Beta Release How do You Spell Espionage When is a New Virus an Old Virus 1. The May-June 1994 edition of "Disaster Recovery Journal" has several articles on the Los Angeles earthquake with emphasis on lessons learned by those in organizations who had recovery plans written before the incident. Free subscriptions are still available to "qualified personnel" by writing Disaster Recovery Journal, P.O. Box 510110, St. Louis, MO 63151. 2. The National Computer Security Center has issued two documents in its Rainbow series: (a) "Introduction to Certification and Accreditation, NCSC-TG-029, version 1; and (b) "A Guide to Procurement of Trusted Systems: Computer Security Contract Data Requirements List and Data Item Description Tutorial", NCSC-TG-024, volume 3/4, version 1. The first document is an overview of certification and accreditation with the most valuable data contained in my opinion in the Appendices. The second document continues an effort to assist Federal Agencies in defining "computer security deliverables required in the acquisition of trusted products". 3. The Spring 1994 edition of "Computer Virus Developments Quarterly" presents the "Virtual Anarchy" virus which Mr. Ludwig proposes to attack the protected mode features of Windows. The edition has a discussion on "armored code" to inhibit disassembly as well as detection of polymorphic viruses. As always, source code is available. 4. The July 1994 edition of "Macworld" has a "Wise Guy" article by Guy Kawasaki entitled "Potholes along the Information Superhighway". Mr. Kawasaki has an ability to combine thought with humor. The trailer below the article's title offers a great summary: "If this is the highway, I'd rather hitchhike along a country road." 5. SRI has announced an interesting offer for NIDES. A Beta release is now available at no cost to U.S. Government users. As discussed in previous updates, NIDES is an intrusion-detection system which performs real-time monitoring of user activity to detect unusual and/or suspicious activity. Teresa Lunt, Program Director, Secure Systems Research, is the POC at lunt@csl.sri.com. Consulting services are also available on a time and material basis. 6. Pony Express must have been on strike in 1992 because I just obtained a copy of a report issued in May 1992 by the Defense Personnel Security Research Center entitled "Amcericans Who Spied Against Their Country Since World War II". The Defense Technical Information Center (DTIC) number is AD-A276 043. The document uses open source material to categorize 117 individuals either convicted or prosecuted for espionage from 1945 to 1990. 7. I have done a cursory look at the New_Vir directory on the American Eagle CD-ROM Collection of viruses and virus-related material. Scanning with Thunderbyte Anti-Virus (TBAV), version 6.20, in full heuristic mode detected 310 viruses or suspicious files in 404 executable files. While it was evident that many of the executables were known to TBAV, and had actually been cataloged, the high percentage of detection suggests that these files should not present a significant problem for decent scanners. [Disclaimer: Information Systems Security Updates represent the opinions and views of the author, not his employer. Recipients are free to quote all/parts of the ISSU with credit/blame to the author.]