# 96-09 Mark Ludwig TOCTTOU NCSA NetKuang Java Good!? 1. Mark Ludwig has published his promised book, "Computer Virus Super-Technology 1996". The book has two major sections: (a) discussion of 32-bit viruses with emphasis on Windows 95; and (b) publication and examination of the Internet Worm code of 1988. Ludwig includes a disk along with the book, which includes viral code and technical papers published immediately after the 1988 incident. The inclusion of code continues what Ludwig began with his earlier books, quarterly publications, and CD-ROM entitled "Outlaws of the West". 2. The Spring 1996 edition of the USENIX quarterly journal "Computing Systems" includes a paper by Matt Bishop and Michael Dilger "Checking for Race Conditions in File Accesses". A number of intrusion attacks have successfully exploited time-of-check-to-time-of-use (TOCTTOU) flaws. Such a flaw occurs "when a program check for a particular characteristic of an object, and then takes some action that assumes the characteristic still holds when in fact it does not." The authors examine one type of this flaw in the Unix environment, describe a method for detecting possible instances of the flaw, and provide the results of a prototype race condition analyzer. Interesting to find that the authors reference a very seminal report from the late 1970s, "Security Analysis and Enhancements of Computer Operations", NBSIR 76-1041, Institute for Computer Sciences and Technology, National Bureau of Standards, April 1976. I attended a conference in that same year in which one of the authors, Shig Tokubo, presented preliminary results on the analysis. That conference convinced me that information systems security was a great line of work. 3. The National Computer Security Association (NCSA) continues to expand its enterprise. From its initial involvement with computer virus research, NCSA now addresses firewall standards and certification, secure WEB site standards and certification, and other related matters. NCSA has an excellent WEB site at www.ncsa.com. 4. Another security analysis tool is available. NetKuang, a tool for discovering configuration errors in a subnetwork that create security vulnerabilities, is available on the WEB at seclab.cs.ucdavis.edu/ ~zerkle/netkuang. 5. Marc Hamilton, a system engineering manager at Sun Microsystems, has a paper in the August 1996 edition of the IEEE "Computer" magazine "Java and the Shift to Net-Centric Computing". He addresses three major security issues which have generated a plethora of discussion. [Disclaimer: Information Systems Security Updates represent the opinions and views of the author, not his employer. Recipients are free to quote all/part of the ISSU with credit/blame to the author.]