-
Sub:     Information Systems Security Update, # 97-02
-
# 97-02


\011UnGame to AntiGame
\011The Sky is Still Not Falling
\011Gargantuan Numbers
\011PGP and Vaporware
\011JAVA Security


1.  Several months ago I commented on a program, UnGame, which could
detect approximately 3,500 game signatures.  The product has undergone
a name change to AntiGame.  Version 3.0 now detects 6,096 games, and
works under Windows, Windows 95, Windows NT, OS/2, and DOS.  Registered
users of UnGame had the opportunity to upgrade free of charge if their
purchase has been within 12 months.  Shareware versions are still
available on the DVD Software, Inc., BBS at (714) 757-1829, if you
would like to experiment with the program.

2.  The quality of www.kumite.com continues to remain high.  Bob
Rosenberger, the Webmaster, has added a number of interesting links.
If you missed the unbelievable saga of the FBI's Law Enforcement
Bulletin article by David L. Carter and Andra J. Katz, Ph.Ds from
Michigan State and Wichita State respectively, then connect and
learn that truth is indeed stranger than fiction.

3.  The February 1997 edition of "Scientific American" has an article
by Richard E. Crandall, chief scientist at NeXT Software, entitled
"The Challenge of Large Numbers".  Some intriguing asides on
cryptography in general and on the rise of network collaborations to
factor large numbers.

4.  If you ordered an upgrade to ViaCrypt's PGP product last year for
the Macintosh, you have received or will soon receive a letter from
Tom Steding, President & CEO of PGP, Inc.  The former has acquired
ViaCrypt and intends to deliver a new product, Macintosh PGPmail,
rather than port ViaCrypt's PGP 4.0 to the Macintosh.  PGP has
issued a refund to those who attempted an upgrade and has proposed 
PGPmail free of charge to those who did.  As one who attempted an
upgrade, I will comment when this nice piece of customer relations
actually occurs.  The PGP WEB site description for this offer is:
www.pgp.com/products/PGPmail-faq.cgi.

5.  If Java means more to you than a cup of coffee, then you might
want to acquire a copy of "Java Security:  Hostile Applets, Holes, and
Antidotes" by Gary McGraw and Edward Felten.  I just received my copy
from the IEEE Computer Society.  The ISBN is 0-471-17842-X.  The price
is $19.95 plus shipping.  IEEE members receive a $1.00 discount.  A
perusal of the Contents and a reading of the first three chapters
suggest that the authors have a logical and concise approach to the
subject.  There are descriptions of "malicious applets" with particular
attention on denial of service attacks.  The authors present six
guidelines for "safer" Java use.  The first guideline presents perhaps
the greatest difficulty:  "Know what web sites you are visiting".
The book even has a "companion" WEB site:  www.rstcorp.com/java-
security.html.


[Disclaimer:  Information Systems Security Updates represent the
opinions and views of the author (mcdonalc@wsmr.army.mil), not his
employer.  Recipients are free to quote all/parts of the ISSU with
credit/blame to the author.]