From: NetSurfer <jdwilson@gold.chem.hawaii.edu>
To: cypherpunks@toad.com
Message Hash: c7dc829299380583be644207728e5e8afd5740231d8652387bf3c98a84592c13
Message ID: <199412231759.MAA13801@bb.hks.net>
Reply To: N/A
UTC Datetime: 1994-12-23 17:54:29 UTC
Raw Date: Fri, 23 Dec 94 09:54:29 PST
From: NetSurfer <jdwilson@gold.chem.hawaii.edu>
Date: Fri, 23 Dec 94 09:54:29 PST
To: cypherpunks@toad.com
Subject: CIAC Notes 94-05 (fwd)
Message-ID: <199412231759.MAA13801@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
I checked my mail and didn't find this posted to the list, so I'll send an
abbreviated snip w/pointers for you. Interesting info...
- -NetSurfer
#include <standard.disclaimer>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
== = = |James D. Wilson |V.PGP 2.7: 512/E12FCD 1994/03/17 >
" " o " |P. O. Box 15432 | finger for full PGP key >
" " / \ " |Honolulu, HI 96830 |====================================>
\" "/ G \" |Serendipitous Solutions| Also NetSurfer@sersol.com >
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
- ---------- Forwarded message ----------
Date: Thu, 22 Dec 1994 16:30:38 -0800
From: VANLEHN@margay.llnl.gov
To: jdwilson@gold.chem.hawaii.edu
Subject: CIAC Notes 94-05
U.S. DOE's Computer Incident Advisory Capability
___ __ __ _ ___ __ __ __ __ __
/ | /_\ / |\ | / \ | |_ /_
\___ __|__ / \ \___ | \| \__/ | |__ __/
Number 94-05 December 22, 1994
Welcome to the fifth issue of CIAC Notes, the United States Department of
Energy's (DOE) Computer Incident Advisory Capability (CIAC) electronic
publication for articles on relevant computer security topics. This "E-zine"
is a service requested by our DOE and DOE contractor customers, and is open
to subscription by anyone who can receive E-mail via the Internet.
Hopefully we are giving you a gift of information to close out 1994. If you
have topics you would like addressed or have feedback on this issue, please
contact the editor, Allan L. Van Lehn, CIAC, (510) 422-8193 or send E-mail to
ciac@llnl.gov.
$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$
$ Reference to any specific commercial product does not necessarily $
$ constitute or imply its endorsement, recommendation or favoring by $
$ CIAC, the University of California, or the United States Government.$
$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$
TABLE OF CONTENTS
Feature Articles How Trusting Can We Be?
Internet Firewalls - Part 2
More On The Good Times Virus Hoax
CIAC Plans To Have A Home Page In January
Security Information Servers
MAC / PC User PowerMAC Users Beware
Data Physician Plus! 4.0E Available
Novell Users
OS/2 Systems Processing CLASSIFIED DATA
CIAC Information Who Is CIAC?
CIAC Bulletins Issued Recently
Subscribing To CIAC Electronic Publications
Accessing CIAC's Electronic Information Servers
Publications Available From CIAC
Contacting CIAC
/snip/
>It is possible
>to create a file that remaps keys when displayed on a PC/MS-DOS machine with
>the ANSI.SYS driver loaded. However, this only works on PC/MS-DOS machines
>with the text displayed on the screen in text mode. It would not work in
>Windows or in most text editors or mailers. A key could be remapped to
>produce any command sequence when pressed, for example DEL or FORMAT.
>However, the command is not issued until the remapped key is pressed and the
>command issued by the remapped key would be visible on the screen. You could
>protect yourself by removing ANSI.SYS from the CONFIG.SYS file, but many DOS
>programs use the functionality of ANSI.SYS to control screen functions and
>colors. Windows programs are not effected by ANSI.SYS, though a DOS program
>running in Windows would be.
- ------------------------------
Security Information Servers
Novell:
http://www.novell.com/cgi-bin/ftpsearch.pl?QString=security
Microsoft Windows:
gopher://198.105.232.4:70/77%5Ckb%5Cperopsys%5Cwindows%5Cwindows.src?security
gopher://198.105.232.4:70/77%5Ckb%5Cperopsys%5Cwindows%5Cwindows.src?patches
FIRST's WWW server:
http://www.first.org/first/
NIST/CSRC
http://cs-www.ncsl.nist.gov
Purdue Computer Emergency Response Team (PCERT)
http://www.cs.purdue.edu/pcert/pcert.html
NASA Automated Systems Incident Response Capability (NASIRC)
(this is accessible to *.nasa.gov systems only, but it can be accessed though
the FIRST server or you can contact NASIRC to be added to their hosts.allow
file)
http://nasirc.nasa.gov/NASIRC_home.html
Naval Computer Incident Response Team (NAVCIRT)
http://infosec.nosc.mil/niseeast/navcirt.html
Australian Computer Emergency Response Team (AUSCERT)
http://www.auscert.org.au (Proposed to be up in a couple of weeks)
http://www.uq.oz.au/pcc/services/sert/home.html (Currently active)
DFN-CERT
German Home Page - http://www.cert.dfn.de/
English Home Page - http://www.cert.dfn.de/eng/
Computer Emergency Response Team (CERT)
http://www.sei.cmu.edu/SEI/programs/cert.html
Veterans Health Administration (VHA)
http://www.va.gov
Small Business Administration (SBA)
http://www.sbaonline.gov/
If you know of others, please send mail to ciac@llnl.gov.
/snip/
- ------------------------------
Data Physician Plus! 4.0E Available
All DOE sites should now have Data Physician Plus! 4.0E for use on IMBpc
compatable systems. Contact your site CPPM if you have not obtained an
update. This version does provide protection from the KAOS4 and One_half
viruses (see CIAC Bulletin E-32 for further information on KAOS4 and E-34 for
information on One_half).
- ------------------------------
Novell NetWare Users
CIAC is receiving more and more calls from our DOE clients asking for
information on minimizing the risks associated with installing NetWare and in
further connecting these LANs to the Internet. To supplement our own
experiences CIAC is interested in partnering with other experts to create a
comprehensive package of information that could be made available to all
sites. If you have Novell NetWare expertise and would like to be a CIAC
associate, please send a note to ciac@llnl.gov.
- ------------------------------
OS/2 Systems Processing CLASSIFIED DATA
by Rollo D. Rogers [rogers@cod.nosc.mil]
SECURITY SAFEGUARDS FOR PROCESSING CLASSIFIED INFO ON A COMPUTER RUNNING
OS/2 V2.1 [note: some sites may not allow internal hard disks for
classified systems. ed]
- ------------------------------
CIAC INFORMATION
- ------------------------------
Who is CIAC?
CIAC is the U.S. Department of Energy's Computer Incident Advisory
Capability. Established in 1989, shortly after the Internet Worm, CIAC
provides various computer security services free of charge to employees and
contractors of the DOE, such as:
o Incident Handling Consulting
o Computer Security Information
o On-site Workshops
CIAC is located at Lawrence Livermore National Laboratory in Livermore,
California, and is a part of its Computer Security Technology Center. CIAC
is also a founding member of FIRST, the Forum of Incident Response and
Security Teams, a global organization established to foster cooperation and
coordination among computer security teams worldwide. Further information can
be found at http://www.first.org/first/
- ------------------------------
CIAC Bulletins Issued recently
CIAC issues two categories of computer security announcements: the
information bulletin and the advisory notice. Information bulletins describe
security vulnerabilities and recommend countermeasures. Advisory notices are
more imperative, urging prompt action for actively exploited vulnerabilities.
Advisory notices are delivered as quickly as possible via E-mail and FAX.
F-01 Advisory
SGI IRIX serial_ports Vulnerability
Oct. 4, 1994, 1600 PDT
F-02 Bulletin
Summary of HP Security Bulletins
Nov. 17, 1994, 1300 PDT
F-03 Bulletin
Restricted Distribution
F-04 Bulletin
Security Vulnerabilities in DECnet/OSI for OpenVMS
Nov. 28, 1994, 0900 PDT
F-05 Bulletin
SCO Unix at, login, prwarn, sadc, and pt_chmod Patches Available
Dec. 06, 1994, 0800 PDT
F-06 Bulletin
Novell UnixWare sadc, urestore, and suic_exec Vulnerabilities
Dec. 14, 1994, 0800 PDT
- ------------------------------
Contacting CIAC
DOE and DOE contractor sites that require additional assistance or wish to
report a vulnerability: call CIAC at 510-422-8193, fax messages to
510-423-8002 or send E-mail to ciac@llnl.gov.
------------------- A - T - T - E - N - T - I - O - N ---------------------
| For emergencies and off-hour assistance, CIAC is available 24-hours a day |
| to DOE and DOE contractors via an integrated voicemail and SKYPAGE number.|
| To use this service, dial 1-510-422-8193 or 1-800-759-7243 (SKYPAGE). The |
| primary SKYPAGE PIN number, 8550070 is for the CIAC duty person. A second |
| PIN, 8550074 is for the CIAC Project Leader. Keep these numbers handy. |
---------------------------------------------------------------------------
- ------------------------------
CIAC's Electronic Publications
Previous CIAC Bulletins and other information are available via anonymous FTP
from ciac.llnl.gov.
CIAC has several self-subscribing mailing lists for electronic publications:
1. CIAC-BULLETIN for Advisories, highest priority -time critical information
and Bulletins, important computer security information;
2. CIAC-NOTES for Notes, a collection of computer security articles;
3. SPI-ANNOUNCE for official news about Security Profile Inspector (SPI)
software updates, new features, distribution and availability;
4. SPI-NOTES, for discussion of problems and solutions regarding the use of
SPI products.
Our mailing lists are managed by a public domain software package called
ListProcessor, which ignores E-mail header subject lines. To subscribe (add
yourself) to one of our mailing lists, send requests of the following form:
subscribe list-name LastName, FirstName PhoneNumber
as the E-mail message body, substituting CIAC-BULLETIN, CIAC-NOTES,
SPI-ANNOUNCE or SPI-NOTES for list-name and valid information for LastName
FirstName and PhoneNumber.
Send to: ciac-listproc@llnl.gov (not to: ciac@llnl.gov)
e.g.,
subscribe ciac-notes O'Hara, Scarlett W. 404-555-1212 x36
subscribe ciac-bulletin O'Hara, Scarlett W. 404-555-1212 x36
You will receive an acknowledgment containing address, initial PIN, and
information on how to change either of them, cancel your subscription, or get
help. To subscribe an address which is a distribution list, first subscribe
the person responsible for your distribution list. You will receive an
acknowledgment (as described above). Change the address to the distribution
list by sending a second E-mail request. As the body of this message, send
the following request, substituting valid information for list-name, PIN, and
address of the distribution list:. Send
E-mail to ciac-listproc@llnl.gov:
set list-name address PIN distribution_list_address
e.g., set ciac-notes address 001860 rE-mailer@tara.georgia.orb
To be removed from this mailing list, send the following request:
unsubscribe list-name
For more information, send the following request:
help
If you have any questions about this list, you may contact the list's owner:
listmanager@cheetah.llnl.gov.
- ------------------------------
Accessing CIAC's Electronic Information Servers
CIAC operates a security information server for anonymous FTP at
ciac.llnl.gov which contains all of the publicly available CIAC, CERT/cc,
NIST, and DDN bulletins, virus descriptions, the virus-l moderated virus
bulletin board, copies of public domain and shareware virus
detection/protection software, copies of useful public domain and shareware
utility programs, and patch files for some operating systems.
Use FTP to access it either by name or IP address (128.115.19.53). The
operation and prompt will depend on which vendor's FTP you are running.
Usually, you must first log in before you can list directory contents and
transfer files. Use "FTP" or "anonymous" for Name or Foreign username unless
given a general prompt such as ciac.llnl.gov> or FTP>. In that case, enter
the keyword "user" or "login" before "FTP" or "anonymous" (e.g., user FTP).
Use your Internet E-mail address for the Password.
Once logged in you may type a question mark to find out what key-words are
recognized. The file 0-index.txt (in the top level directory /FTP) is a
document explaining the directory structure for downloadable files. The file
whatsnew.txt (in directory /FTP/pub/ciac) contains a list of the new files
placed in the archive. Use the command get [for single files] or mget [for
multiple files] to download one or more files to your own machine.
- ------------------------------
Publications Available from CIAC
CIAC prepares publications on a variety of computer security related topics,
the CIAC 2300 series. Many of these will be updated as needed to keep the
information current. We welcome suggestions for topics that you feel would
be valuable. We also make available some documents from other sources. In
the table below, column E is for electronic documents available via CIAC's
servers (see above). Column P is for printed documents, for those who do not
have Internet or telephone-modem access. If neither column is checked, the
document is soon to be released. The electronic formats are: *.txt for
ASCII, *.ps for PostScript(tm), *.hqx for bin-hexed Microsoft Word, *.wp5 for
PC Word Perfect v5.0.
No. E P TITLE
2300 x x Abstracts of the CIAC-2300 Series Documents
2301 x x Computer Virus Information Update
2302 Accessing The CIAC Computer Security Archives
2303 x x The Console Password Feature for DEC Workstations
2304 Data Security Vulnerabilities of Facsimile Machines
and Digital Copiers
2305 Unix Incident Guide: How To Detect A Unix Intrusion
2308 Securing Internet Information Servers
CIAC x Incident Handling Guidelines
LLNL x User Accountability Statement, E. Eugene Schultz, Jr.
SRI x Improving the Security of your Unix System, David A. Curry
LLNL x Incident Handling Primer, Russell L. Brand
ORNL x Terminal Servers and Network Security, Curtis E. Bemis & Lynn Hyman
To obtain further information, contact Allan L. Van Lehn, CIAC, 510-422-8193
or send E-mail to ciac@llnl.gov.
- ------------------------------
This document was prepared as an account of work sponsored by an agency of
the United States Government. Neither the United States Government nor the
University of California nor any of their employees, makes any warranty,
express or implied, or assumes any legal liability or responsibility for the
accuracy, completeness, or usefulness of any information, apparatus, product,
or process disclosed, or represents that its use would not infringe privately
owned rights. Reference herein to any specific commercial products, process,
or service by trade name, trademark, manufacturer, or otherwise, does not
necessarily constitute or imply its endorsement, recommendation or favoring
by the United States Government or the University of California. The views
and opinions of authors expressed herein do not necessarily state or reflect
those of the United States Government or the University of California, and
shall not be used for advertising or product endorsement purposes.
- ------------------------------
End of CIAC Notes Number 94-05 94_12_22
****************************************
- ---
[This message has been signed by an auto-signing service. A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service
iQBFAwUBLvsP8CoZzwIn1bdtAQFmbgGAve2RmZmmVy+AtvHhLtdKBy/B5/7eyNDe
h+eaysT6l7JUIX1x18BwM574UH+ibzYB
=BnIF
-----END PGP SIGNATURE-----
Return to December 1994
Return to “NetSurfer <jdwilson@gold.chem.hawaii.edu>”
1994-12-23 (Fri, 23 Dec 94 09:54:29 PST) - CIAC Notes 94-05 (fwd) - NetSurfer <jdwilson@gold.chem.hawaii.edu>