# 95-10


Contents


     TIS Subscription Offer
     COAST--More than a Shoreline
     Firewall WWW/FTP Site
     When is a Priority not a Priority
     Information Highwaypersons Beware


1.  The CIPHER Newsletter of the IEEE Computer Society's
Technical Committee on Security and Privacy in its Issue 8,
August 5, 1995 offered a discount to IEEE TC members on a
subscription to the Data Security Letter published by Trusted
Information Systems, Inc.  The reduced rate is $25.00 for eleven
editions.  If you qualify, contact Sharon Osuna at
sharon@tis.com.  

2.  I revisited the COAST WWW site yesterday after an absence of
several weeks.  WOW!  The site has in my opinion become the
security WWW par excellence.  The links are diverse and eclectic
and on the day I visited there were indications that the site is
extremely current.  For example, there were pointers to the
possible source of the recent Microsoft Macro Word virus as well
as a direct link to a security consultant's WWW site which had
additional macro viruses for downloading.  Put ww.cs.purdue.edu/
coast in your hotlist!

3.  Marcus Ranum has established both an ftp and WWW site for his
firewall summaries:  www.iwi.com/iw-pubs.html or ftp.wiw.com/iwi/
publications.  I have intermittently experienced problems in
connecting to the WWW site, but have confirmed it is there.

4.  GAO has issued a report "Federal Family Education Loan
Information System:  Weak Computer Controls Increase Risk of
Unauthorized Access to Sensitive Data" (GAO/AIMD-95-117, June
1995).  While the list of vulnerabilities is deja vu to other
reviews of Federal agencies, there was one unusual item which
amused me.  Apparently the Department of Education had agreed to
hire a "security administrator on a priority basis" in September
1993 after the position was vacant for a month.  "Priority" in
this instance translated into an additional 12 month delay.

5.  O'Reilly & Associates has available "Computer Crime:  A
Crimefighter's Handbook" (ISBN 1-56592-086-4).  There is really
little current material on the subject, although the authors do
refer to a manual written by Donn Parker under contract to the
Justice Department which years ago I found very dry reading.  The
chapters are easy to read with good Appendices for further
references, for "raiding the computer room", and for the
submission and examination of computer evidence.  There is even a
sample search warrant.  My only complaint was with the 140 pages
of computer crime law listings.  I already had such material in
other references, and kept thinking why not put this on a disk or
on O'Reilly's WWW site for authorized purchasers?      

[Disclaimer:  Information Systems Security Updates represent the
opinions and views of the author, not his employer.  Recipients
are free to quote all/parts of the ISSU with credit/blame to the
author.]