Return-Path: XPUM04@prime-a.central-services.umist.ac.uk Received: from G.SEI.CMU.EDU by ubu.cert.sei.cmu.edu (5.61/2.3) id AA26003; Tue, 12 Jun 90 07:16:12 -0400 Received: from SEI.CMU.EDU by g.sei.cmu.edu (5.61/2.5) id AA13102; Tue, 12 Jun 90 07:16:09 -0400 Received: from nsfnet-relay.ac.uk by sei.cmu.edu (5.61/2.3) id AA04495; Tue, 12 Jun 90 07:15:52 -0400 Received: from sun.nsfnet-relay.ac.uk by vax.NSFnet-Relay.AC.UK via Janet with NIFTP id aa10570; 12 Jun 90 11:32 BST From: Anthony Appleyard To: KRVW <@NSFnet-Relay.AC.UK:KRVW@sei.cmu.edu> Date: Tue, 12 Jun 90 11:12:08 BST Message-Id: <$TGVTCZHTCBXD at UMPA> Subject: Virus-L vol 0 issue #0831 Virus-L Digest Wed, 31 Aug 88, Volume 0 : Issue #0831 Today's Topics caution Re: Virus Conference Concerns Update CRCs and Published Keys Oops! Wrong Address John. RE: CRCs and Published Keys RE: CRC vs. encryption schemes ?$z" Pc-Lock University Standards Re: University Standards Flushot's Credibilty!!! Re: University Standards Re: Virus Arguements Hit Home Dup Mail ** no subject, date = Wed, 31 Aug 88 19:02:00 EDT ------------------------------ Date: Wed, 31 Aug 88 03:07:01 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: me! Jefferson Ogata Subject: caution Apologies to all for extending this debate any further; I merely desire to explain that my primary concern is not that Loren would embezzle funds. I am actually concerned that the conference might not happen. In that case, I will be out $50 for two months or so. This is signifi- cant to me, as I am a college student with not a lot of dough. Fifty bucks will buy me 1.5 textbooks on the average. Putting a conference together, with finding a location, hotel accomodations, arranging for printing and typesetting documents, reviewing papers for presentation, and a zillion other details is a HUGE amount of work. One person working alone and having no experience arranging conferences is likely to find it very difficult. And the semester is about to begin. With that, I drop the subject. - Jeff -------------------- Date: Wed, 31 Aug 88 07:31:24 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Ken van Wyk Subject: Re: Virus Conference Concerns Update In-Reply-To: Your message of Tue, 30 Aug 88 17:24:37 EDT > Other than that, we seem to have a great list of speakers, > panelists and others coming representing a wide variety > of computer security experts and amatuers. Perhaps you could give us all a (partial, at least) list of speakers and panelists? Ken Kenneth R. van Wyk Calvin: Where do we keep the chainsaws? User Services Senior Consultant Mom: We don't have any! Lehigh University Computing Center Calvin: None?! Mom: None at all! Internet: Calvin: Then how am I supposed to learn BITNET: how to juggle?! -------------------- Date: Wed, 31 Aug 88 10:12:00 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: EAE114@URIMVS Subject: CRCs and Published Keys I'm don't understand the theory behind publishing checksums for programs. In order for this to work, it seems as if you need a secure (un-spoofable) channel for transmitting the checksum. If you DONT do this, then whoever, substitutes infected code for yours can easily also substitute a checksum that matches it. If you HAVE such a secure channel, then why not just transmit the programs, and forget the encryption? EAE114@URIMVS (Eristic/PRose) Disclaimer: This message doesn't exist, objectively. -------------------- Date: Wed, 31 Aug 88 09:34:00 MDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: LYPOWY@UNCAMULT Subject: Oops! Wrong Address John. This message is to John Stewart, who requested the address for Dr. Ian Witten. I am posting this here because I deleted John's message and thus do not have his address. John, sorry about this, but Ian Witten's address is: calgary.UUCP instead of what I sent you previously. Thanx! Greg. P.S. Loren - I am still waiting on some info from you (I realize how many requests you must have received for such info, so just get it to me A.S.A.Y.C!) -------------------- Date: Wed, 31 Aug 88 13:24:00 EST Reply-To: Virus Discussion List Sender: Virus Discussion List From: "Jerry Leichter (LEICHTER-JERRY@CS.YALE.EDU)" Subject: RE: CRCs and Published Keys I'm don't understand the theory behind publishing checksums for programs. In order for this to work, it seems as if you need a secure (un-spoofable) channel for transmitting the checksum. If you DONT do this, then whoever, substitutes infected code for yours can easily also substitute a checksum that matches it. If you HAVE such a secure channel, then why not just transmit the programs, and forget the encryption? This is quite true. However, the checksums and the keys to generate them can be much smaller than the code being protected. Imagine a service of the following form: You pay some amount of money to join up. You are given a sealed box containing a checksummer: It accepts a file as a series of bytes on an ASCII line and displays a checksum. The device is built so as to be very hard to reverse-engineer. Anyone producing a piece of software provides a copy to the service. The service will NOT accept it until it has a verifiable identification of the person. The service then computes the checksum and saves it away for later. When you want to use a piece of registered code, you pick it up from any convenient source, call the registry, ask for the checksum, and compare to what your checksum box claims the checksum should be. Alternatively, the service prints the checksum on some hard-to-forge medium and sends copies to subscribers. (The technology for making hard-to-forge paper and such is long established.) This scheme requires that the checksum function be cryptographically strong: Every subscriber is in a position to calculate the checksum of any piece of text he wishes to. You need to be reasonably confident that this will not help him forge checksums. -- Jerry -------------------- Date: Wed, 31 Aug 88 13:13:50 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Ed Nilges Subject: RE: CRC vs. encryption schemes In-Reply-To: Your message of Tue, 30 Aug 88 15:06:00 EST In connection with the issue of just how hard it is, in general, to break encoding schemes, and the power of brute force in the form of computers, readers of this list should read the Science Times section of the New York Times for Tuesday, Aug 30th: here, the mathematician John Conway of Princeton (and creator of the game of LIFE) offered a reward to anyone who could determine the location of a certain key number in a series. Colin Mallows of AT&T Bell Labs came up with the solution, in part using a computer, in an astonishingly short time. Conway had offered a 10,000.00 reward, which Mallows agreed was a slip of the tongue, or at least the exponent. Mallows kept and framed the check for ten grand, and accepted an alternative reward of 1.0E3 for his grandchildren. -------------------- Date: Wed, 31 Aug 88 13:30:03 CDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Frank San Miguel Subject: ?$z" After asking a question about finding virus with ResEdit, I tooled around with this utility and came across something strange. Maybe someone has seen or heard of this... Upon opening the desktop, I found two questionable files -- one was simply blank while another had the crytic code: ?$z". I eliminated the blank one, but when I tried to open a Get Info box on ?$z" a bomb dropped. On rebooting, the Mac informed me that my hard disk was in need of repairs. It was repaired with the loss of SuperPaint and Word icons. Opening ResEdit again, I found the file blank. Any guesses? Frank -------------------- Date: Wed, 31 Aug 88 13:52:33 CST Reply-To: Virus Discussion List Sender: Virus Discussion List From: James Ford Subject: Pc-Lock >There is an interesting program called PC-LOCK which will effectively >isolate your hard disk (at least on an XT) from the system. Once >installed, if a user attempts a hard disk boot, he/she must supply the >proper password to gain access to the HD. If booted by a floppy in >the A drive, access is also blocked as the HD does not appear to >exist, and the user does not have access. This package is shareware. >I would be happy to make it available to all in the conference, but I >am not sure how to do so. >Steve Clancy, U.C. Irvine, Biomedical Library. Wellspring RBBS 714-856-7996 If I'm not mistaken, there are several versions of Pc-Lock. Version 1.0 is suppose to have some bugs in it that sometimes changes your partition table, thereby nuking most/all of your files. Version 1.1 corrects this problem. Version 3.0 (which is NOT shareware) allows you to have up to 5 passwords (1 administrator and 4 user). Based on which password you enter, you can have your AUTOEXEC.BAT branch to different routines. We have installed it on 31 IBM-PCs w/20M hd, EGA, 640K... and have had (almost) no problems. On 2 machines, we are unable to install it (I think that its a h-disk problem, not related to Pc-Lock). Only the tech people (with a user password 4 set just for them) and the lab supervisor in charge of updating software have access to the hard-drive itself. Since Pc-Lock will allow you to permantly "turn off" CNTL-BRK, your favorite menu program will see to it that students can not run files from drive A or B, thereby reducing the chance that the computer will pick up a nasty bug. James Ford -------------------- Date: Wed, 31 Aug 88 14:22:00 MDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: "David D. Grisham" Subject: University Standards As the "virus expert" (ha ha) I have been asked to establish Univ. standards for virus Protection-Detection. Would anyone who has set policies, procedures, etc. please share them? Most importantly, I need to evaluate & purchase Anti-Viral software, any recommendations or experiences on this subject would be greatly appreciated. Thanks in advance. I will post a synopsis of your mail and my findings. Dave ****************************************************************************** * * * Dave Grisham * * Senior Staff Consultant Phone (505) 277-8148 * * Information Resource Center * * Computer & Information Resources & Technology * * University of New Mexico USENET DAVE@UNMA.UNM.EDU * * Albuquerque, New Mexico 87131 BITNET DAVE@UNMB * * * ****************************************************************************** -------------------- Date: Wed, 31 Aug 88 15:34:59 CDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Frank San Miguel Subject: Re: University Standards In-Reply-To: Your message of Wed, 31 Aug 88 14:22:00 MDT Dave, On your letter asking about virus protection/detection/prevention -- what machines (i.e. IBMs Macs) are you looking at? Also, what kind of money are you planning on spending? As they say, the best is going to cost you big money. Frank -------------------- Date: Wed, 31 Aug 88 17:51:35 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: "David A. Bader" Subject: Flushot's Credibilty!!! >Hi gang, >I just read Ross's warning about flutxt4.com . >Somehow he sounds very scared, is it because Flushot 3+ (whatever n) >versio isn't good enough to cope with the beast ?? > >YG That Flushot4 warning is half a year old. In the meantime, Ross Greenberg has released FluShot Plus (The "Plus" is used so that people would not continue to use the corrupted FluShot that was spreading around) versions 1.0, 1.2, 1.4 (1.3 does not exists; Ross is superstitous). I think that before you start rehashing FluShot as you are doing right now, you should look at FluShot Plus 1.4. The only errors that I have heard about or encountered are with the CMOS memory reads while reading certain floppy disks, and the fact that certain editors (BRIEF?!?) can edit protected files without any type of TSR warning. David A. Bader DAB3@LEHIGH -------------------- Date: Wed, 31 Aug 88 16:59:02 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Deba Patnaik Subject: Re: University Standards In-Reply-To: Message received on Wed, 31 Aug 88 16:45:44 EDT PC WEEK reports two organizations providing information on combatting the spread of virus software. They are: Software Development Council, Box-61031, Palo Alto, CA 94306 (415) 854-7219 Computer Virus Industry Association, 4423 Cheeny St, Santa Clara, CA (408) 988-3832 Does anyone know, what these organizations provide ? Deba Patnaik Center of Marine Biotechnology/Maryland Biotechnology Institute -------------------- Date: Wed, 31 Aug 88 12:53:00 MDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: KEENAN@UNCAMULT Subject: Re: Virus Arguements Hit Home In-Reply-To: Message of 30 Aug 88 11:07 MDT from "Frank San Miguel" I believe there is a general principle in insurance that, except where otherwiseprovided (such as a prizefighters hands being damaged in a bar fight..) the insurance company will refuse to pay if someone else can be held at fault (i.e. sued.) This came up here in Calgary lately with regard to some flooding which was aggravated by cowboy bus_drivers causing tidal waves through the affected communities...insurance refused to pay for the damage since it wasn't a "natural event." -------------------- Date: Wed, 31 Aug 88 18:49:20 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Bill MacDonald Subject: Dup Mail I recieved the same mail twice from David A. Bader DAB3@lehigh -------------------- Date: Wed, 31 Aug 88 19:02:00 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Glen Matthews In-Reply-To: In reply to your message of TUE 30 AUG 1988 13:13:36 EDT Sorry about that. CACM stands for: Communications of the Assocation for Computing Machinery. The association's name belies its function; it's actually an association for PEOPLE who use computing machinery. (I never could figure out how someone could arrive at a name like that.) Glen Matthews -------------------- *** end of Virus-L issue ***