CIAC Notes 94-05 (fwd)
-----BEGIN PGP SIGNED MESSAGE----- I checked my mail and didn't find this posted to the list, so I'll send an abbreviated snip w/pointers for you. Interesting info... - -NetSurfer #include <standard.disclaimer>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> == = = |James D. Wilson |V.PGP 2.7: 512/E12FCD 1994/03/17 > " " o " |P. O. Box 15432 | finger for full PGP key > " " / \ " |Honolulu, HI 96830 |====================================> \" "/ G \" |Serendipitous Solutions| Also NetSurfer@sersol.com > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
- ---------- Forwarded message ---------- Date: Thu, 22 Dec 1994 16:30:38 -0800 From: VANLEHN@margay.llnl.gov To: jdwilson@gold.chem.hawaii.edu Subject: CIAC Notes 94-05 U.S. DOE's Computer Incident Advisory Capability ___ __ __ _ ___ __ __ __ __ __ / | /_\ / |\ | / \ | |_ /_ \___ __|__ / \ \___ | \| \__/ | |__ __/ Number 94-05 December 22, 1994 Welcome to the fifth issue of CIAC Notes, the United States Department of Energy's (DOE) Computer Incident Advisory Capability (CIAC) electronic publication for articles on relevant computer security topics. This "E-zine" is a service requested by our DOE and DOE contractor customers, and is open to subscription by anyone who can receive E-mail via the Internet. Hopefully we are giving you a gift of information to close out 1994. If you have topics you would like addressed or have feedback on this issue, please contact the editor, Allan L. Van Lehn, CIAC, (510) 422-8193 or send E-mail to ciac@llnl.gov. $-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$ $ Reference to any specific commercial product does not necessarily $ $ constitute or imply its endorsement, recommendation or favoring by $ $ CIAC, the University of California, or the United States Government.$ $-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$ TABLE OF CONTENTS Feature Articles How Trusting Can We Be? Internet Firewalls - Part 2 More On The Good Times Virus Hoax CIAC Plans To Have A Home Page In January Security Information Servers MAC / PC User PowerMAC Users Beware Data Physician Plus! 4.0E Available Novell Users OS/2 Systems Processing CLASSIFIED DATA CIAC Information Who Is CIAC? CIAC Bulletins Issued Recently Subscribing To CIAC Electronic Publications Accessing CIAC's Electronic Information Servers Publications Available From CIAC Contacting CIAC /snip/
It is possible to create a file that remaps keys when displayed on a PC/MS-DOS machine with the ANSI.SYS driver loaded. However, this only works on PC/MS-DOS machines with the text displayed on the screen in text mode. It would not work in Windows or in most text editors or mailers. A key could be remapped to produce any command sequence when pressed, for example DEL or FORMAT. However, the command is not issued until the remapped key is pressed and the command issued by the remapped key would be visible on the screen. You could protect yourself by removing ANSI.SYS from the CONFIG.SYS file, but many DOS programs use the functionality of ANSI.SYS to control screen functions and colors. Windows programs are not effected by ANSI.SYS, though a DOS program running in Windows would be.
- ------------------------------ Security Information Servers Novell: http://www.novell.com/cgi-bin/ftpsearch.pl?QString=security Microsoft Windows: gopher://198.105.232.4:70/77%5Ckb%5Cperopsys%5Cwindows%5Cwindows.src?security gopher://198.105.232.4:70/77%5Ckb%5Cperopsys%5Cwindows%5Cwindows.src?patches FIRST's WWW server: http://www.first.org/first/ NIST/CSRC http://cs-www.ncsl.nist.gov Purdue Computer Emergency Response Team (PCERT) http://www.cs.purdue.edu/pcert/pcert.html NASA Automated Systems Incident Response Capability (NASIRC) (this is accessible to *.nasa.gov systems only, but it can be accessed though the FIRST server or you can contact NASIRC to be added to their hosts.allow file) http://nasirc.nasa.gov/NASIRC_home.html Naval Computer Incident Response Team (NAVCIRT) http://infosec.nosc.mil/niseeast/navcirt.html Australian Computer Emergency Response Team (AUSCERT) http://www.auscert.org.au (Proposed to be up in a couple of weeks) http://www.uq.oz.au/pcc/services/sert/home.html (Currently active) DFN-CERT German Home Page - http://www.cert.dfn.de/ English Home Page - http://www.cert.dfn.de/eng/ Computer Emergency Response Team (CERT) http://www.sei.cmu.edu/SEI/programs/cert.html Veterans Health Administration (VHA) http://www.va.gov Small Business Administration (SBA) http://www.sbaonline.gov/ If you know of others, please send mail to ciac@llnl.gov. /snip/ - ------------------------------ Data Physician Plus! 4.0E Available All DOE sites should now have Data Physician Plus! 4.0E for use on IMBpc compatable systems. Contact your site CPPM if you have not obtained an update. This version does provide protection from the KAOS4 and One_half viruses (see CIAC Bulletin E-32 for further information on KAOS4 and E-34 for information on One_half). - ------------------------------ Novell NetWare Users CIAC is receiving more and more calls from our DOE clients asking for information on minimizing the risks associated with installing NetWare and in further connecting these LANs to the Internet. To supplement our own experiences CIAC is interested in partnering with other experts to create a comprehensive package of information that could be made available to all sites. If you have Novell NetWare expertise and would like to be a CIAC associate, please send a note to ciac@llnl.gov. - ------------------------------ OS/2 Systems Processing CLASSIFIED DATA by Rollo D. Rogers [rogers@cod.nosc.mil] SECURITY SAFEGUARDS FOR PROCESSING CLASSIFIED INFO ON A COMPUTER RUNNING OS/2 V2.1 [note: some sites may not allow internal hard disks for classified systems. ed] - ------------------------------ CIAC INFORMATION - ------------------------------ Who is CIAC? CIAC is the U.S. Department of Energy's Computer Incident Advisory Capability. Established in 1989, shortly after the Internet Worm, CIAC provides various computer security services free of charge to employees and contractors of the DOE, such as: o Incident Handling Consulting o Computer Security Information o On-site Workshops CIAC is located at Lawrence Livermore National Laboratory in Livermore, California, and is a part of its Computer Security Technology Center. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. Further information can be found at http://www.first.org/first/ - ------------------------------ CIAC Bulletins Issued recently CIAC issues two categories of computer security announcements: the information bulletin and the advisory notice. Information bulletins describe security vulnerabilities and recommend countermeasures. Advisory notices are more imperative, urging prompt action for actively exploited vulnerabilities. Advisory notices are delivered as quickly as possible via E-mail and FAX. F-01 Advisory SGI IRIX serial_ports Vulnerability Oct. 4, 1994, 1600 PDT F-02 Bulletin Summary of HP Security Bulletins Nov. 17, 1994, 1300 PDT F-03 Bulletin Restricted Distribution F-04 Bulletin Security Vulnerabilities in DECnet/OSI for OpenVMS Nov. 28, 1994, 0900 PDT F-05 Bulletin SCO Unix at, login, prwarn, sadc, and pt_chmod Patches Available Dec. 06, 1994, 0800 PDT F-06 Bulletin Novell UnixWare sadc, urestore, and suic_exec Vulnerabilities Dec. 14, 1994, 0800 PDT - ------------------------------ Contacting CIAC DOE and DOE contractor sites that require additional assistance or wish to report a vulnerability: call CIAC at 510-422-8193, fax messages to 510-423-8002 or send E-mail to ciac@llnl.gov. ------------------- A - T - T - E - N - T - I - O - N --------------------- | For emergencies and off-hour assistance, CIAC is available 24-hours a day | | to DOE and DOE contractors via an integrated voicemail and SKYPAGE number.| | To use this service, dial 1-510-422-8193 or 1-800-759-7243 (SKYPAGE). The | | primary SKYPAGE PIN number, 8550070 is for the CIAC duty person. A second | | PIN, 8550074 is for the CIAC Project Leader. Keep these numbers handy. | --------------------------------------------------------------------------- - ------------------------------ CIAC's Electronic Publications Previous CIAC Bulletins and other information are available via anonymous FTP from ciac.llnl.gov. CIAC has several self-subscribing mailing lists for electronic publications: 1. CIAC-BULLETIN for Advisories, highest priority -time critical information and Bulletins, important computer security information; 2. CIAC-NOTES for Notes, a collection of computer security articles; 3. SPI-ANNOUNCE for official news about Security Profile Inspector (SPI) software updates, new features, distribution and availability; 4. SPI-NOTES, for discussion of problems and solutions regarding the use of SPI products. Our mailing lists are managed by a public domain software package called ListProcessor, which ignores E-mail header subject lines. To subscribe (add yourself) to one of our mailing lists, send requests of the following form: subscribe list-name LastName, FirstName PhoneNumber as the E-mail message body, substituting CIAC-BULLETIN, CIAC-NOTES, SPI-ANNOUNCE or SPI-NOTES for list-name and valid information for LastName FirstName and PhoneNumber. Send to: ciac-listproc@llnl.gov (not to: ciac@llnl.gov) e.g., subscribe ciac-notes O'Hara, Scarlett W. 404-555-1212 x36 subscribe ciac-bulletin O'Hara, Scarlett W. 404-555-1212 x36 You will receive an acknowledgment containing address, initial PIN, and information on how to change either of them, cancel your subscription, or get help. To subscribe an address which is a distribution list, first subscribe the person responsible for your distribution list. You will receive an acknowledgment (as described above). Change the address to the distribution list by sending a second E-mail request. As the body of this message, send the following request, substituting valid information for list-name, PIN, and address of the distribution list:. Send E-mail to ciac-listproc@llnl.gov: set list-name address PIN distribution_list_address e.g., set ciac-notes address 001860 rE-mailer@tara.georgia.orb To be removed from this mailing list, send the following request: unsubscribe list-name For more information, send the following request: help If you have any questions about this list, you may contact the list's owner: listmanager@cheetah.llnl.gov. - ------------------------------ Accessing CIAC's Electronic Information Servers CIAC operates a security information server for anonymous FTP at ciac.llnl.gov which contains all of the publicly available CIAC, CERT/cc, NIST, and DDN bulletins, virus descriptions, the virus-l moderated virus bulletin board, copies of public domain and shareware virus detection/protection software, copies of useful public domain and shareware utility programs, and patch files for some operating systems. Use FTP to access it either by name or IP address (128.115.19.53). The operation and prompt will depend on which vendor's FTP you are running. Usually, you must first log in before you can list directory contents and transfer files. Use "FTP" or "anonymous" for Name or Foreign username unless given a general prompt such as ciac.llnl.gov> or FTP>. In that case, enter the keyword "user" or "login" before "FTP" or "anonymous" (e.g., user FTP). Use your Internet E-mail address for the Password. Once logged in you may type a question mark to find out what key-words are recognized. The file 0-index.txt (in the top level directory /FTP) is a document explaining the directory structure for downloadable files. The file whatsnew.txt (in directory /FTP/pub/ciac) contains a list of the new files placed in the archive. Use the command get [for single files] or mget [for multiple files] to download one or more files to your own machine. - ------------------------------ Publications Available from CIAC CIAC prepares publications on a variety of computer security related topics, the CIAC 2300 series. Many of these will be updated as needed to keep the information current. We welcome suggestions for topics that you feel would be valuable. We also make available some documents from other sources. In the table below, column E is for electronic documents available via CIAC's servers (see above). Column P is for printed documents, for those who do not have Internet or telephone-modem access. If neither column is checked, the document is soon to be released. The electronic formats are: *.txt for ASCII, *.ps for PostScript(tm), *.hqx for bin-hexed Microsoft Word, *.wp5 for PC Word Perfect v5.0. No. E P TITLE 2300 x x Abstracts of the CIAC-2300 Series Documents 2301 x x Computer Virus Information Update 2302 Accessing The CIAC Computer Security Archives 2303 x x The Console Password Feature for DEC Workstations 2304 Data Security Vulnerabilities of Facsimile Machines and Digital Copiers 2305 Unix Incident Guide: How To Detect A Unix Intrusion 2308 Securing Internet Information Servers CIAC x Incident Handling Guidelines LLNL x User Accountability Statement, E. Eugene Schultz, Jr. SRI x Improving the Security of your Unix System, David A. Curry LLNL x Incident Handling Primer, Russell L. Brand ORNL x Terminal Servers and Network Security, Curtis E. Bemis & Lynn Hyman To obtain further information, contact Allan L. Van Lehn, CIAC, 510-422-8193 or send E-mail to ciac@llnl.gov. - ------------------------------ This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. - ------------------------------ End of CIAC Notes Number 94-05 94_12_22 **************************************** - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLvsP8CoZzwIn1bdtAQFmbgGAve2RmZmmVy+AtvHhLtdKBy/B5/7eyNDe h+eaysT6l7JUIX1x18BwM574UH+ibzYB =BnIF -----END PGP SIGNATURE-----
participants (1)
-
NetSurfer