Future Information Warfare Study Available San Francisco, Sept. 6, 1995 -- Computer Security Institute's "Special Report on Information Warfare" describes how war might be fought in the 21st century. The report will appear in the fall issue of the Computer Security Journal, but is available now on request. Patrice Rapalus, director of Computer Security Institute (CSI), told Newsbytes, "In recent weeks, mass media organizations such as Time Magazine, the Washington Post, and National Public Radio have done stories on information warfare. This report is a timely, comprehensive and practical study on information warfare and its impact on our future." The report defines information warfare in contrast to simple computer crime, "A computer crime is an act that violates a law. It could be specifically targeted. It could be isolated, or it could be one element of an overall plan of attack. The conduct of information warfare, in contrast, is never random or isolated (and may not even violate a law). The term implies a concerted effort to utilize information as a weapon with which to wage war, whether on an actual battlefield or in economic, political, or social arenas." Four aspects of information warfare are listed in the report: the electronic battlefield; infrastructure attacks; industrial espionage; and personal privacy attacks. "It is important to understand that the term 'information warfare' originated in the military and in its purest sense refers to the grim and dangerous business of real...country shattering war," says the report. Computer Security Institute is located in San Francisco, California, and is a wholly owned subsidiary of Miller Freeman Publishing. Miller Freeman publishes over fifty trade magazines including Dr. Dobbs Journal, Unix Review, and LAN Magazine. Computer Security Institute publishes, along with random studies like the "Special Report on Information Warfare," a monthly newsletter, a semi-annual Journal, an annual Buyers Guide, and a on-line bulletin board. To obtain an advance copy of "Special Report on Information Warfare," call 415-905-2310. ------ "Snooper" Software Digs Into Computers San Francisco, Sept. 6, 1995 -- Vias & Associates Inc. said it has introduced a new version of its "Snooper" system information utility. The author of the software said it is called Snooper because the program "snoops" around the computer to report its configuration and operating characteristics. John Vias of Vias & Associates said his company's program goes farther than other system information programs, including Microsoft's MSD (Microsoft System Detection), which is included in higher versions of the company's DOS operating systems. "I think Snooper is about the most accurate system information utility you can get," he said. "People say it's easy to use. It takes just one keystroke to go from the main screen to any other screen. It also has a built-in editor for 'autoexec' and 'config' files." In all, Snooper can detect more than 150 details about a person's computer, including CMOS settings, hard drive type and capacity, any installed Micro Channel cards, fax-modems, memory types and amount available to the user, and video memory and type. Snooper is targeted to all markets, Vias officials said, including the average user, network administrators, consultants, and technicians. In the provided documentation is a wish list regarding new features for future versions of Snooper, including brand detection of additional non-Intel central processing units (CPUs), detection of local bus cards and tapes, and the ability to differentiate among different types of hard drives. Although Snooper can run in either DOS or Windows, Vias said the program works best in the DOS environment. In Windows, some of the software's reports must be disabled. In addition, some of the test results may be in error or unpredictable. Snooper requires an IBM PC or 100% compatible machine, with at least 256 kilobytes (KB) of RAM, a DOS with version 3.1 or higher, and some kind of video card. Snooper retails for around $39, and is available as both a full version and as shareware. Vias also said he is working hard on a Windows 95 version of Snooper. When tested the software on a Windows 95 machine running in DOS mode, no problems were experienced. But running it in Windows mode made the program very unpredictable. ------- UK - PCMCIA Encryption Card Introduced London, Sept. 5, 1995 -- PPCP, a PCMCIA (Personal Computer Memory Card International Association) specialist, has begun shipping the Session Key, a PCMCIA Type II card from SCI Canada. According to John Nolan, the company's managing director, the card allows users to encrypt data on their PC hard disk, as well as across serial port linked devices, such as modems, using the DES algorithm. DES stands for Data Encryption Standard, a US-originated high security encryption system that is virtually unbreakable. According to Nolan, the Session Key allows users to protect their data on a selective basis. "Many of the competing systems out there are only capable of encrypting the user's entire hard disk. That obviously protects the user's data, but if you forget your password, you have serious problems," he explained. "With the Session Key card, you create a new drive, the 'D' drive, to store the encrypted data. The card also allows data to be transmitted by modem in DES format. That allows a user maximum flexibility," he said. When used to encrypt data on a user's hard disk, once the Session Key is removed from the PCMCIA slot, all data on the disk that is encrypted is protected against unauthorized access. The encrypted data cannot be read or used without reinserting the UKP349 card. Nolan said that SCI has developed a second-generation version of the Session Key, which will be available later this year. "That version will use RSA encryption techniques, as well Triple DES and a whole host of other encryption systems," he said. One of the problems with encryption devices like the Session Key is the fact that the US Government currently bans the export of certain types of encryption technologies, as well as restricts the sale of many technologies to "known parties." According to Nolan, this approval system can cause the company a few administrative problems. "We need to find out who is the actual end-user and pass their details back to SCI. My understanding is that the vetting is then carried out at a government level in Canada or the US," he said. He added that, apart from a short delay, typically a week or so before the card can be shipped to the customer, there is usually no problem. Reader Contact: PPCP, tel +44-181-893-2277, fax +44-181-893-1182, Internet e-mail 100302.1470@compuserve.com/PPCP950905/PHOTO) ------