[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CIAC Notes 94-05 (fwd)



-----BEGIN PGP SIGNED MESSAGE-----


I checked my mail and didn't find this posted to the list, so I'll send an
abbreviated snip w/pointers for you.  Interesting info...

- -NetSurfer

#include <standard.disclaimer>

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
==  =     = |James D. Wilson        |V.PGP 2.7:   512/E12FCD 1994/03/17 >
 "  "  o  " |P. O. Box 15432        |     finger for full PGP key        >
 "  " / \ " |Honolulu, HI  96830    |====================================>
\"  "/ G \" |Serendipitous Solutions|    Also [email protected]      >
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

- ---------- Forwarded message ----------
Date: Thu, 22 Dec 1994 16:30:38 -0800
From: [email protected]
To: [email protected]
Subject: CIAC Notes 94-05

             U.S. DOE's Computer Incident Advisory Capability
           ___  __ __    _     ___           __  __ __   __   __
          /       |     /_\   /       |\ |  /  \   |    |_   /_
          \___  __|__  /   \  \___    | \|  \__/   |    |__  __/

Number 94-05                                               December 22, 1994

Welcome to the fifth issue of CIAC Notes, the United States Department of
Energy's (DOE) Computer Incident Advisory Capability (CIAC) electronic
publication for articles on relevant computer security topics.  This "E-zine"
is a service requested by our DOE and DOE contractor customers, and is open
to subscription by anyone who can receive E-mail via the Internet. 
Hopefully we are giving you a gift of information to close out 1994.  If you
have topics you would like addressed or have feedback on this issue, please
contact the editor, Allan L. Van Lehn, CIAC, (510) 422-8193 or send E-mail to
[email protected]. 

  $-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$
  $ Reference to any specific commercial product does not necessarily   $
  $ constitute or imply its endorsement, recommendation or favoring by  $
  $ CIAC, the University of California, or the United States Government.$
  $-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$

TABLE OF CONTENTS
Feature Articles	How Trusting Can We Be?
			Internet Firewalls - Part 2
			More On The Good Times Virus Hoax
			CIAC Plans To Have A Home Page In January
			Security Information Servers
MAC / PC User		PowerMAC Users Beware
			Data Physician Plus! 4.0E Available
			Novell Users
			OS/2 Systems Processing CLASSIFIED DATA
CIAC Information	Who Is CIAC?
			CIAC Bulletins Issued Recently
			Subscribing To CIAC Electronic Publications
			Accessing CIAC's Electronic Information Servers
			Publications Available From CIAC
			Contacting CIAC
/snip/

>It is possible
>to create a file that remaps keys when displayed on a PC/MS-DOS machine with
>the ANSI.SYS driver loaded. However, this only works on PC/MS-DOS machines
>with the text displayed on the screen in text mode.  It would not work in
>Windows or in most text editors or mailers.  A key could be remapped to
>produce any command sequence when pressed, for example DEL or FORMAT. 
>However, the command is not issued until the remapped key is pressed and the
>command issued by the remapped key would be visible on the screen.  You could
>protect yourself by removing ANSI.SYS from the CONFIG.SYS file, but many DOS
>programs use the functionality of ANSI.SYS to control screen functions and
>colors.  Windows programs are not effected by ANSI.SYS, though a DOS program
>running in Windows would be. 

- ------------------------------
Security Information Servers

Novell:  
http://www.novell.com/cgi-bin/ftpsearch.pl?QString=security

Microsoft Windows:  
gopher://198.105.232.4:70/77%5Ckb%5Cperopsys%5Cwindows%5Cwindows.src?security
gopher://198.105.232.4:70/77%5Ckb%5Cperopsys%5Cwindows%5Cwindows.src?patches

FIRST's WWW server:
http://www.first.org/first/

NIST/CSRC
http://cs-www.ncsl.nist.gov

Purdue Computer Emergency Response Team (PCERT)
http://www.cs.purdue.edu/pcert/pcert.html

NASA Automated Systems Incident Response Capability (NASIRC)
(this is accessible to *.nasa.gov systems only, but it can be accessed though
the FIRST server or you can contact NASIRC to be added to their hosts.allow
file) 
http://nasirc.nasa.gov/NASIRC_home.html

Naval Computer Incident Response Team (NAVCIRT)
http://infosec.nosc.mil/niseeast/navcirt.html

Australian Computer Emergency Response Team  (AUSCERT)
http://www.auscert.org.au  (Proposed to be up in a couple of weeks)
http://www.uq.oz.au/pcc/services/sert/home.html  (Currently active)

DFN-CERT
German Home Page - http://www.cert.dfn.de/
English Home Page - http://www.cert.dfn.de/eng/

Computer Emergency Response Team (CERT)
http://www.sei.cmu.edu/SEI/programs/cert.html

Veterans Health Administration  (VHA)
http://www.va.gov

Small Business Administration  (SBA)
http://www.sbaonline.gov/

If you know of others, please send mail to [email protected].


/snip/

- ------------------------------
Data Physician Plus! 4.0E Available
All DOE sites should now have Data Physician Plus! 4.0E for use on IMBpc
compatable systems.  Contact your site CPPM if you have not obtained an
update.  This version does provide protection from the KAOS4 and One_half
viruses (see CIAC Bulletin E-32 for further information on KAOS4 and E-34 for
information on One_half). 

- ------------------------------
Novell NetWare Users
CIAC is receiving more and more calls from our DOE clients asking for
information on minimizing the risks associated with installing NetWare and in
further connecting these LANs to the Internet.  To supplement our own
experiences CIAC is interested in partnering with other experts to create a
comprehensive package of information that could be made available to all
sites.  If you have Novell NetWare expertise and would like to be a CIAC
associate, please send a note to [email protected]. 

- ------------------------------
OS/2 Systems Processing CLASSIFIED DATA
by Rollo D. Rogers [[email protected]]

SECURITY SAFEGUARDS FOR PROCESSING CLASSIFIED INFO ON A COMPUTER RUNNING
OS/2 V2.1  [note: some sites may not allow internal hard disks for 
classified systems. ed]

- ------------------------------
CIAC INFORMATION
- ------------------------------
Who is CIAC?
CIAC is the U.S. Department of Energy's Computer Incident Advisory
Capability.  Established in 1989, shortly after the Internet Worm, CIAC
provides various computer security services free of charge to employees and
contractors of the DOE, such as: 

	o Incident Handling Consulting
	o Computer Security Information
	o On-site Workshops

CIAC is located at Lawrence Livermore National Laboratory in Livermore,
California, and is a part of its Computer Security Technology Center.  CIAC
is also a founding member of FIRST, the Forum of Incident Response and
Security Teams, a global organization established to foster cooperation and
coordination among computer security teams worldwide. Further information can
be found at http://www.first.org/first/ 

- ------------------------------
CIAC Bulletins Issued recently
CIAC issues two categories of computer security announcements: the
information bulletin and the advisory notice.  Information bulletins describe
security vulnerabilities and recommend countermeasures.  Advisory notices are
more imperative, urging prompt action for actively exploited vulnerabilities.
 Advisory notices are delivered as quickly as possible via E-mail and FAX. 

F-01    Advisory
	SGI IRIX serial_ports Vulnerability
	Oct. 4, 1994, 1600 PDT

F-02    Bulletin
	Summary of HP Security Bulletins
	Nov. 17, 1994, 1300 PDT

F-03    Bulletin
	Restricted Distribution	

F-04    Bulletin
	Security Vulnerabilities in DECnet/OSI for OpenVMS
	Nov. 28, 1994, 0900 PDT

F-05    Bulletin
	SCO Unix at, login, prwarn, sadc, and pt_chmod Patches Available
	Dec. 06, 1994, 0800 PDT

F-06    Bulletin
	Novell UnixWare sadc, urestore, and suic_exec Vulnerabilities
	Dec. 14, 1994, 0800 PDT

- ------------------------------
Contacting CIAC
DOE and DOE contractor sites that require additional assistance or wish to
report a vulnerability:  call CIAC at 510-422-8193, fax messages to
510-423-8002 or send E-mail to [email protected]. 

 ------------------- A - T - T - E - N - T - I - O - N ---------------------
| For emergencies and off-hour assistance, CIAC is available 24-hours a day |
| to DOE and DOE contractors via an integrated voicemail and SKYPAGE number.|
| To use this service, dial 1-510-422-8193 or 1-800-759-7243 (SKYPAGE). The |
| primary SKYPAGE PIN number, 8550070 is for the CIAC duty person. A second |
| PIN, 8550074 is for the CIAC Project Leader.  Keep these numbers handy.   |
 ---------------------------------------------------------------------------

- ------------------------------
CIAC's Electronic Publications
Previous CIAC Bulletins and other information are available via anonymous FTP
from ciac.llnl.gov. 

CIAC has several self-subscribing mailing lists for electronic publications: 
1. CIAC-BULLETIN for Advisories, highest priority -time critical information
and Bulletins, important computer security information; 
2. CIAC-NOTES for Notes, a collection of computer security articles; 
3. SPI-ANNOUNCE for official news about Security Profile Inspector (SPI)
software updates, new features, distribution and availability; 
4. SPI-NOTES, for discussion of problems and solutions regarding the use of
SPI products. 

Our mailing lists are managed by a public domain software package called
ListProcessor, which ignores E-mail header subject lines.  To subscribe (add
yourself) to one of our mailing lists, send requests of the following form: 

	subscribe list-name  LastName, FirstName PhoneNumber

as the E-mail message body, substituting CIAC-BULLETIN, CIAC-NOTES,
SPI-ANNOUNCE or SPI-NOTES for list-name and valid information for LastName
FirstName and PhoneNumber.
Send to: [email protected]   (not to: [email protected]) 

e.g.,
	subscribe ciac-notes O'Hara, Scarlett W. 404-555-1212 x36
	subscribe ciac-bulletin O'Hara, Scarlett W. 404-555-1212 x36

You will receive an acknowledgment containing address, initial PIN, and
information on how to change either of them, cancel your subscription, or get
help.  To subscribe an address which is a distribution list, first subscribe
the person responsible for your distribution list.  You will receive an
acknowledgment (as described above).  Change the address to the distribution
list by sending a second E-mail request.  As the body of this message, send
the following request, substituting valid information for list-name, PIN, and
address of the distribution list:.  Send 

E-mail to	[email protected]:
	set list-name  address  PIN   distribution_list_address
  e.g.,	set ciac-notes address 001860 [email protected]

To be removed from this mailing list, send the following request: 
unsubscribe  list-name

For more information, send the following request:
help

If you have any questions about this list, you may contact the list's owner:
[email protected]. 

- ------------------------------
Accessing CIAC's Electronic Information Servers
CIAC operates a security information server for anonymous FTP at
ciac.llnl.gov which contains all of the publicly available CIAC, CERT/cc,
NIST, and DDN bulletins, virus descriptions, the virus-l moderated virus
bulletin board, copies of public domain and shareware virus
detection/protection software, copies of useful public domain and shareware
utility programs, and patch files for some operating systems. 

Use FTP to access it either by name or IP address (128.115.19.53).  The
operation and prompt will depend on which vendor's FTP you are running. 
Usually, you must first log in before you can list directory contents and
transfer files.  Use "FTP" or "anonymous" for Name or Foreign username unless
given a general prompt such as ciac.llnl.gov> or FTP>. In that case, enter
the keyword "user" or "login" before "FTP" or "anonymous" (e.g., user FTP). 
Use your Internet E-mail address for the Password. 

Once logged in you may type a question mark to find out what key-words are
recognized.  The file 0-index.txt (in the top level directory /FTP) is a
document explaining the directory structure for downloadable files.  The file
whatsnew.txt (in directory /FTP/pub/ciac) contains a list of the new files
placed in the archive.  Use the command get [for single files] or mget [for
multiple files] to download one or more files to your own machine. 

- ------------------------------
Publications Available from CIAC
CIAC prepares publications on a variety of computer security related topics,
the CIAC 2300 series.  Many of these will be updated as needed to keep the
information current.  We welcome suggestions for topics that you feel would
be valuable.  We also make available some documents from other sources.  In
the table below, column E is for electronic documents available via CIAC's
servers (see above).  Column P is for printed documents, for those who do not
have Internet or telephone-modem access.  If neither column is checked, the
document is soon to be released.  The electronic formats are: *.txt for
ASCII, *.ps for PostScript(tm), *.hqx for bin-hexed Microsoft Word, *.wp5 for
PC Word Perfect v5.0. 

No.   E  P  TITLE
2300  x  x  Abstracts of the CIAC-2300 Series Documents
2301  x  x  Computer Virus Information Update
2302        Accessing The CIAC Computer Security Archives
2303  x  x  The Console Password Feature for DEC Workstations
2304        Data Security Vulnerabilities of Facsimile Machines
            and Digital Copiers
2305        Unix Incident Guide: How To Detect A Unix Intrusion
2308        Securing Internet Information Servers
CIAC  x     Incident Handling Guidelines
LLNL  x     User Accountability Statement, E. Eugene Schultz, Jr.
SRI   x     Improving the Security of your Unix System, David A. Curry
LLNL  x     Incident Handling Primer, Russell L. Brand
ORNL  x     Terminal Servers and Network Security, Curtis E. Bemis & Lynn Hyman

To obtain further information, contact Allan L. Van Lehn, CIAC, 510-422-8193
or send E-mail to [email protected]. 

- ------------------------------
This document was prepared as an account of work sponsored by an agency of
the United States Government.  Neither the United States Government nor the
University of California nor any of their employees, makes any warranty,
express or implied, or assumes any legal liability or responsibility for the
accuracy, completeness, or usefulness of any information, apparatus, product,
or process disclosed, or represents that its use would not infringe privately
owned rights.  Reference herein to any specific commercial products, process,
or service by trade name, trademark, manufacturer, or otherwise, does not
necessarily constitute or imply its endorsement, recommendation or favoring
by the United States Government or the University of California.  The views
and opinions of authors expressed herein do not necessarily state or reflect
those of the United States Government or the University of California, and
shall not be used for advertising or product endorsement purposes. 

- ------------------------------
End of CIAC Notes Number 94-05  94_12_22
****************************************


- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBLvsP8CoZzwIn1bdtAQFmbgGAve2RmZmmVy+AtvHhLtdKBy/B5/7eyNDe
h+eaysT6l7JUIX1x18BwM574UH+ibzYB
=BnIF
-----END PGP SIGNATURE-----