The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: Rutgers 'Security List' (incl. misc.security) - Archives (1987)
DOCUMENT: Rutgers 'Security List' for December 1987 (18 messages, 11928 bytes)
SOURCE: http://securitydigest.org/exec/display?f=rutgers/archive/1987/12.txt&t=text/plain
NOTICE: securitydigest.org recognises the rights of all third-party works.

START OF DOCUMENT

-----------[000000][next][prev][last][first]----------------------------------------------------
From:      *Hobbit* <awalker@red.rutgers.edu>   2-Dec-1987 10:20:40
To:        security
[This has been all over numerous other mailing lists; some of you may not
have seen it yet.   _H*]

                    Virus Invades Lehigh University
       
  Last week, some of our student consultants discovered a virus program
  that's been spreading rapidly throughout Lehigh University.  I thought
  I'd take a few minutes and warn as many of you as possible about this
  program since it has the chance of spreading much farther than just our
  University.  We have no idea where the virus started, but some users have
  told me that other universities have recently had similar problems.
       
  The virus: the virus itself is contained in the stack space of COMMAND.COM.
  When a pc is booted from an infected disk, all a user need do to spread
  the virus is to access another disk via TYPE, COPY, DIR, etc.  If the
  other disk contains COMMAND.COM, the virus code is copied to the other
  disk.  Then, a counter is incremented on the parent.  When this counter
  reaches a value of 4, any and every disk in the PC is erased thoroughly.
  The boot tracks are nulled, as are the FAT tables, etc.  All Norton's
  horses couldn't put it back together again...  :-)  This affects both floppy
  and hard disks.  Meanwhile, the four children that were created go on
  to tell four friends, and then they tell four friends, and so on, and so on.
       
  Detection: while this virus appears to be very well written, the author
  did leave behind a couple footprints.  First, the write date of the
  command.com changes.  Second, if there's a write protect tab on an
  uninfected disk, you will get a WRITE PROTECT ERROR...  So, boot up from
  a suspected virus'd disk and access a write protected disk - if an
  error comes up, then you're sure.  Note that the length of command.com
  does not get altered.
       
  I urge anyone who comes in contact with publicly accessible (sp?) disks
  to periodically check their own disks.  Also, exercise safe computing -
  always wear a write protect tab.  :-)
       
  This is not a joke.  A large percentage of our public site disks has
  been gonged by this virus in the last couple days.
       
  Kenneth R. van Wyk, User Services Senior Consultant, 
  Lehigh University Computing Center   (215)-758-4988
  <LUKEN@LEHIIBM1.BITNET>  <LUKEN@VAX1.CC.LEHIGH.EDU>
-----------[000001][next][prev][last][first]----------------------------------------------------
From:      "Louis S. Graham" (GC-CDSI) <lgraham@ardec.arpa>   2-Dec-1987 11:52:53
To:        security@RUTGERS.EDU
            To all interested parties,

    I have been assigned to give a computer security briefing on how
    essential computer security is needed here at this ARMY site.
    Any information anyone can provide me with in reference to computer
    crimes, what the out come of the event was, if possible, what kind
    of controls were put in place because of the incident. Also what ever
    material you may have relating to this subject will be greatly appreciated.

            Louis Graham, EDP Security Analyst
-----------[000002][next][prev][last][first]----------------------------------------------------
From:      uunet!kitty!larry@RUTGERS.EDU (Larry Lippman)   3-Dec-1987 00:20:20
To:        security@RUTGERS.EDU
> Does anyone know where to conveniently purchase some kind of device
> to place in a car to track where that car is going?

	If you have a minimum of $ 10K to spend, you can do it "the right
way"...
	There is a company called Ocean Applied Research (O.A.R.) in
San Diego which manufacturers sophisticated radio direction finders and
locating transmitters.  The direction finders are available in various
models which cover frequency ranges from LF (0.05 MHz) to UHF (520 MHz).
These direction finders provide an a polar oscillographic display of
bearing and relative signal strength.  These systems use stationary
antennas of the Adcock-type for fixed or marine installation, and of
a low-profile ferrite loop type for vehicular or aircraft installation.
The O.A.R. direction finding equipment is fairly compact, and is suitable
for permanent or temporary installation aboard ships, aircraft and
vehicles.
	O.A.R. direction finding equipment is extensively used for search
and rescue operations, animal tracking for natural sciences research,
location of unlawfully-operated radio transmitters, and for "other"
purposes.  O.A.R. is considered the "Cadillac" of non-milspec direction
finding apparatus (you don't even want to _know_ the cost of equivalent
military-grade apparatus).
	O.A.R. does manufacture transmitters for tracking purposes, although
most of their transmitters are intended for oceanographic studies.

<>  Larry Lippman @ Recognition Research Corp., Clarence, New York
<>  UUCP:  {allegra|ames|boulder|decvax|rutgers|watmath}!sunybcs!kitty!larry
<>  VOICE: 716/688-1231        {hplabs|ihnp4|mtune|utzoo|uunet}!/
<>  FAX:   716/741-9635 {G1,G2,G3 modes}   "Have you hugged your cat today?" 
-----------[000003][next][prev][last][first]----------------------------------------------------
From:      *Hobbit* <AWalker@RED.RUTGERS.EDU>   4-Dec-1987 05:35:47
To:        security@RED.RUTGERS.EDU
Note that since the control shell is only .0125 inch thick at the bottom of
the keyway where the holes are, and the proposed tool must exert *no* tension
between the plug and the control shell, you have a difficult machining
problem here.  Do such tools actually exist, and do they work at all well
given the relatively tight tolerances involved [which can probaby vary from
lock to lock within a certain amount]??  Obviously there will be one tool per
keyway, but even something with an exact keyway fit and a short little pin
on the bottom may still torque the normal shear line enough to confuse matters.

_H*
-----------[000004][next][prev][last][first]----------------------------------------------------
From:      <PERAINO@GMUVAX>   4-Dec-1987 07:25:08
To:        security@ubvm
Frankly, this computer security issue is the biggest load of bilge I've
ever heard. It seems so obvious that most computers should not be open,
the whole issue is a waste of bandwidth.
        Banks have safes. Houses and cars have locks. I doubt that the
proponents of "open-systems" leave their houses and cars unlocked. Our
society suffers the inconvenience of security not because the society
as a whole is bad, but rather because a select few are bad. And so we
must all suffer the inconvenience. Those who think systems should be open
must also believe that all people are good. Talk about a pipe|dream.
History has proven that computer security is necessary. Those who choose
to ignore this are either destined to repeat history, or should see
the reality of things.
        I don't want to really get into politics here, but consider this
example. Why do the soviets and the u.s. have such an arms buildup? Why
do we spend so much on security? Gracious, the soviet secretary general
has never even SEEN this country. The answer is simple. Because neither
country can ASSUME the other won't try something. That would be reckless,
and there is too much at stake. Computers (and any security for that matter)
must work on the same principles. One cannot ASSUME safety. One must
ensure it.
-----------[000005][next][prev][last][first]----------------------------------------------------
From:      David Millman <dsm@cunixc.columbia.edu>   4-Dec-1987 09:25:08
To:        SECURITY@red.rutgers.edu
I inherited an "Abloy" lock on my front door.  Was wondering if the
lock theory experts on this list have had any experience or comments
about this sort of lock.
   It's a bit conventional: metal-key-in-hole-in-cylinder.  But the
the key and the hole have very little orientation (much less than
Medeco) and, when turning the cylinder, there seems to be a very loose
fit.
   Locksmiths in the area (Manhattan, lots of lock stores) don't know
anything about it.  And the original owner said you have to send proof
of purchase to scandinavia to key a duplicate key.
   Is this lock of any theoretical interest?

-----------------------------------------------------------------------------
David Millman               arpa: dsm@cunixc.columbia.edu
Sr. Analyst/Programmer      bitnet: dsmus@cuvma
Columbia U Computer Center  uucp: ...rutgers!columbia!cunixc.columbia.edu!dsm
-----------[000006][next][prev][last][first]----------------------------------------------------
From:      Mike Linnig <LINNIG%eg.ti.com@RELAY.CS.NET>   4-Dec-1987 14:18:54
To:        security@RED.RUTGERS.EDU
I worked as a teleco lineman one fall (an engineering co-op job).  
As part of that work we had to go around and extract the cash
boxes from the payphones.

They gave us a large ring of keys (not a master key).  Incidentally,
we never really touch the coins, they fall into a coin box that gets
replaced when we open up the phone.

As for the phones being alarmed, I really don't believe it.  Except
for high crime areas maybe.  On one occasion we had a phone that
would not open at all.  The key mechinism was jammed (it came from
a high school -- I wonder who jammed it?).  I got to try and
break into the phone -- fun fun.

We tried drilling out the lock.  We trashed a drill bit or two
doing it but we managed to get a nice hole through the lock cylinder.
Well, that was fun, but it got us no where.  It still wouldn't open.

We decided to take the phone off of the wall.  The mounting bracket
was designed so that you only had access to the mounting screws if
the phone was unlocked.  I really don't remember how we did it, but
we got it off of the wall (probably by brute force -- I had a BIG partner).

By the way, no alarms went off.  No police arrived on the scene.  Remember
this was in a high school -- If they alarmed phones in general, I wouldn't
expect them to have the high school phone disabled.

Anyway, we managed to get the damn thing open by lots of prying with
large screwdrivers (used as crowbars) and some hammering.  The phone
was totally worthless -- but we got the money back to the telco
(the phone had to be replaced anyway, can't leave them until they
fill up with coins).

This was a small telco in southern indiana, Bell systems and
GTE may do things differently.

	Mike

ps.  Don't do this with your phones, someone MAY get annoyed (grin)
-----------[000007][next][prev][last][first]----------------------------------------------------
From:      bzs@bu-cs.bu.edu (Barry Shein)   4-Dec-1987 14:52:25
To:        psw@wolfgang.arpa
One would think the decision to re-key or not would be settled by a
conversation between the University's and their Insurance company's
lawyers. Unless they don't mind leaving the campus in a situation
where claims might be disallowed based on a lack of minimally
acceptable security practices. Most University's self-insure up to a
high deductible ($100K is not unusual) but something as global as this
can easily threaten that deductible.

	-B
-----------[000008][next][prev][last][first]----------------------------------------------------
From:      gwyn@brl-smoke.arpa (Doug Gwyn )   4-Dec-1987 15:58:40
To:        misc-security@uunet.uu.net
>might have an opinion (uh-oh! I'm asking for it) on the worth of the
>so called 'home locksmith' courses that one sees advertised in magazines.

The Belsaw locksmithing course is fairly good, and you end up with a
key machine that is adequate for most routine key cutting.  You also
have the opportunity to purchase supplies, and as I recall you can
start a subscription to the National Locksmith magazine, which gets
you bonded.  Most communities require practicing non-student locksmiths
to be registered; some have started to require certification tests.
It is a good idea to comply, since otherwise they might run you in
for possession of "burglar tools".  (This despite the fact that very
few actual burglars use locksmithing tools, except possibly for
automobile door opening tools.)

Once you have your student locksmith card and National Locksmith
subscription, it isn't too difficult to get locksmith supply
companies to deal with you.  You might consider investing in a
supply of professional business cards, saying something like
"Joseph M. Blow -- Security Consulting Services".  When I was at
Rice, a group of students set up a small firm "Richard E. Ingram
Associates" and had letterheads printed, etc.  It doesn't take
very much to gain some degree of credibility in the business world.

You can also perhaps get a limited amount of equipment and supplies
from a company like Curtis that supplies the corner 7-11 key shop.
They're mostly good for key blanks and of course key machines.  The
"Curtis code clipper" was a handy little portable device for making
keys by code; that and a Curtis Master padlock code book would get
you into a lot of places (because people often don't erase the code
number printed on the face of Master padlocks).  I even had a
favorable Dun & Bradstreet rating for a while as a result of
dealing with Curtis.

If you're going to get into the locksmith business, please make
sure you develop a good sense of professional ethics, not using
your skills to trespass or cause damage or loss to others.
-----------[000009][next][prev][last][first]----------------------------------------------------
From:      csi!csib!lgold@spam.istc.sri.com (Lynn Gold)   4-Dec-1987 16:30:58
To:        psw@wolfgang.arpa (Phil Wherry)
>I can say from more-or
>less first-hand experience that a college administration's reaction is to
>merely shrug their shoulders and cross their fingers in the wake of a fairly
>major breach of master key security.

Columbia University was the same way.  There were two or three sets of
master keys MISSING, yet they did not want to re-key the locks.  I guess
they figure that the amount in labor (union wages) isn't worth paying
when everything the school cares about is insured anyway....

--Lynn
-----------[000010][next][prev][last][first]----------------------------------------------------
From:      decvax!felix!chuck@ucbvax.berkeley.edu (Chuck Vertrees)   4-Dec-1987 20:42:41
To:        <ames!rutgers!security>
>What will the administration do if they find such a lock has
>been removed by brute force?

I once worked at a high school and they had just this problem.  Someone had
compromised the master and they were faced with finding a solution.  This
particular school was constructed in a campus type arrangement with ten
buildings, each with eight exterior doors.  Keying was in a master/submaster/
individual scheme, layered as appropriate.

The school system had their own internal locksmith department, doing all the
keying themselves.  Budgets being what they are, they took the cheap way out.
They designated two exterior doors in each building to be re-keyed and plugged
all the others with epoxy.

Chuck V.
-----------[000011][next][prev][last][first]----------------------------------------------------
From:      Bob Kusumoto <kus3@sphinx.uchicago.edu>   4-Dec-1987 21:19:09
To:        security@rutgers.edu
I don't know about these new phones that other companies other than MaBell are
putting out but the old standard pay phones are not alarmed. They have 8
tumbler locks on them so it is VERY difficult to pick these open. I have heard
stories about people hooking up a van to a pay phone to pull it out and the
axle was ripped out from the van. Another story from the north (Canada) was to
pour water into the coin slot, let it freeze over then hit the phone so it 
splits open. The reason why the phone company switch to these more secure pay
phone was that people were breaking into the older models and they needed to 
collect more money (by the way, the phone company spends aprox $1800 per pay
phone plus any other extras they want to add like a light or special set-up for
it).

Hope this information helps.

Bob Kusumoto
	Internet: kus3@sphinx.uchicago.edu
	BITNET:   kus3@sphinx.uchicago.bitnet
	UUCP:  ...{!inhp4!gargoyle,!oddjob}!sphinx!kus3
-----------[000012][next][prev][last][first]----------------------------------------------------
From:      uunet!kitty!larry@RUTGERS.EDU (Larry Lippman)   5-Dec-1987 09:37:44
To:        security@RUTGERS.EDU
>  He told me that they were alarmed, and that if you open
> one even with a key at the wrong time, telco will phone the police.

	If this is true, it only applies to newer electronic coin telephones,
and NOT the traditional single-slot coin telephones such as the WECO free
standing types (1A, 1C series) or the WECO "panel-mounting" types (2A, 2C
series).
	The only thing close to an "alarm" is that some coin telephones had
a coin "bank" [the proper term] with an electrical contact on the top.  When 
the bank gets full of coins, a ground is effectively placed on this contact.
This ground is placed in series with a resistor which places a high resistance
ground to one side of the telephone line.  This condition can be periodically
scanned by automatic equipment in the central office to ascertain if a coin
telephone bank is full.  Actually, I have only seen this done on some early
multi-slot coin telephones during the 1960's, and I don't believe this feature
was even provided on single-slot coin telephones.
	Coin telephone repairpersons usually have no keys for access to the
coin bank portion of a coin telephone.  There is actually no need for them
to have access, since all repairs can be made with the upper housing opened.
Opening the upper housing gives no access to the coin bank; you would need
something like string and chewing gum :-) to extract any coins from the bank.
Restricting coin bank keys to coin collection (and not repair) personnel
gives telephone companies a better sense of security.
	Coin banks have a sliding cover with an interesting lever mechanism;
the coin banks are intended to be provided with a wire seal.  With the seal
intact, the bank can be inserted and removed from a coin telephone ONLY ONCE.
There is no way to remove a full coin bank and open the cover to get access
to the coins without breaking this seal.
	Quite frankly, telephone company security personnel seem more paranoid
about employee theft from coin telephones than from theft committed by the
general public.  Occasionally, a malfunctioning coin collection mechanism
will cause a few coins to spill into the upper housing where a repairperson
might have access to them.  The proper procedure is to take the coins, place
them in a special envelope, label it and seal it right away; the envelope
is to be turned in to supervisory personnel as soon as possible.  Some BOC
security personnel seem to have nothing better to do than plant "marked"
coins in the upper housing of a coin telephone, and try to bait some
repairperson into not properly turning in the money.
	I also find amusing the following introductory paragraph as quoted 
from a BOC coin telephone service manual: "Social changes during the 1960s
made the multi-slot coin station a prime target for: vandalism, strong arm
robbery, fraud and theft of service.  This brought about the introduction
of the single slot coin station and a new environment for coin service."
Social changes?! :-)
	My knowledge of coin telephones ended with the single-slot series
mentioned above.  I have almost no idea what happens inside the new-fangled
coin telephones with CRT's and credit-card readers.

<>  Larry Lippman @ Recognition Research Corp., Clarence, New York
<>  UUCP:  {allegra|ames|boulder|decvax|rutgers|watmath}!sunybcs!kitty!larry
<>  VOICE: 716/688-1231        {hplabs|ihnp4|mtune|utzoo|uunet}!/
<>  FAX:   716/741-9635 {G1,G2,G3 modes}   "Have you hugged your cat today?" 
-----------[000013][next][prev][last][first]----------------------------------------------------
From:      sundc!netxcom!dgidez@seismo.css.gov (Daniel Gidez)   5-Dec-1987 13:17:47
To:        seismo!misc-security@seismo.css.gov
 A word of note, working part time as a reservationist for an airlines, 
I came across a call from a frantic person who was trying to trace a lost
bag, I asked him the contents and he explained about the virus... he told
me it was to be used in some systems going overseas... it could be some 
college student got hold of this....
-----------[000014][next][prev][last][first]----------------------------------------------------
From:      quintus!gregg@Sun.COM (W. Gregg Stefancik)   5-Dec-1987 21:22:16
To:        security@red.rutgers.edu
A list of locksmithing schools appeared in this months National Locksmith.
For those of you who can't obtain a copy I have retyped the list below:

Acme School
Locksmithing Divison
11350 S. Harlem
Worth, IL 60482
312 361 3750

Foley Belsaw Institute
6301 Equitable Rd.
Kansas City, MO 64120
800 328 7140

California Institute of Locksmithing
14721 Oxnard St.
Van Nuys, Ca 91411
818 994 7426

HPC Learning Center
PO Box 2093
Schiller Park, IL 60176
312 671 6445

Locksmithing Institute
1500 Cardinal Drive
Little Falls, NJ 07424
201 256 4512

NRI Schools
3939 Wisconsin Ave.
Washington, DC 20016
202 244 1600

NY School of Locksmithing
152 W. 42nd St.
New York, NY 10036

Security Education Plus
PO Box 497
Nicholasville, KY 40356
606 887 6027

Universal School of Master Locksmithing
3201 Fulton Ave.
Sacramento, CA 95821
916 482 4216

I have had some experience with two of the above schools.  I graduated from
the Foley Belsaw Institute course which does a reasonable job of covering
the basics, but the course is a bit dated.  You will not learn about
interchangeable cores, opening modern cars, or pushbutton locks.  Foley
Belsaw does provide you with the connections to obtain proper bonding and
subscriptions to the two popular trade magazines (National Locksmith and
Locksmith Ledger).  Foley Belsaw will also provide you with locksmithing
supplies at a reasonable cost, but once you make connections via the trade
publications the sky is the limit.  It is a wonderful way to increase your
locksmithing knowledge and be right with the law at the same time.  They
also provide you with an extremely useful key machine which can copy keys
and cut them by code w/o depth keys.

I sent away for the NRI course information and found that while the course
was a little better packaged than the Foley Belsaw course it cost roughly 3
times as much!  I would not recommend the NRI course unless you have big
bucks to burn.

Gregg Stefancik
Foley Belsaw Certified Locksmith
quintus!gregg
-----------[000015][next][prev][last][first]----------------------------------------------------
From:      brock@pnet01.cts.com (Brock Meeks)   6-Dec-1987 11:09:01
To:        crash!security@rutgers.arpa@bass.nosc.mil
Steve,

I have happened to get a copy of that article you read in the Blade re:
the guy with the special tools.  I asked at NATA, of the Medeco folks, if 
they had heard of our San Diego coin bandit, they had, he is the *same*
guy as in the blade; an industry legend.  

Seems the security folks have tracked him across the nation.  He used
to be a machinist.  He's never hit a Medeco lock, only "old telco" 
boxes (whatever those are).

As for the 20 minute time frame?  Forget it.  The guys I talked to said,
"He's just about as fast as a guy with a key."  The favorite story: the
time he cracked a box right before jumping on an airline, in broad daylight,
waiting to board a plane.
-----------[000016][next][prev][last][first]----------------------------------------------------
From:      brock@pnet01.cts.com (Brock Meeks)   6-Dec-1987 11:09:30
To:        crash!security@rutgers.arpa@bass.nosc.mil
> He told me that they were alarmed, and that if yo upoen one, even with a
> key at the wrong time, telco will phone the police.

This is wrong, according the pay phone specialits I interviewed for an 
article I wrote.  I was just at the North American Telecomm. Association
show in Dallas, and they had a big payphone pavillion there.

The only way these guys know a phone has been hit is when they come to
empty it.

I spoke with the folks at Medeco (they had a big display of their "virtually
pick proof lock) and they verified the problem with pay phone locks.

You see, it seems that with the influx of private pay phones, these guys were
starting to toss "crap on the market" (crap being locks) and they cared more
about profits than good security (a topic of conversation that only recently
began getting any kind of hearing in the pay phone industry).

BUT...cracking the lock box is not the BIG DEAL.  The *real* story is that
guys are ripping off the expense COMPUTER BOARDS and electronics in the
upper half of the phones.  These boards run some $300 or $400 a piece and
according to one security analyst, "There's a huge black market for these
boards."  Interestingly enough, the locks protecting the electronics
are far easier to pick than the coin box lock.

"These guys are more worried about protecting $20-$50 in coins rather than
$300-$400 in electronics," the rep from Medeco said.

You figure it.
-----------[000017][next][prev][last][first]----------------------------------------------------
From:      jb7m@andrew.cmu.edu (Jon C. R. Bennett)   6-Dec-1987 15:42:28
To:        security@RUTGERS.EDU
>I suspect that vandalism would still be rare (my basic optimism in humanity)
>but when it did occur it would be drastic 

I tend to agree with that statement. It seems to me that the basic problem is
that you are going to let all these people lose on the system and then for
fun one of them is going to delete the system. However you are forgeting one
thing in such a system if you kept track of deletetions and zero length over
writes and the like you could take real world action against such people i.e.
you can do what you want but if we catch you the results are going to be
messy. 

  Another soultion is to have a large elite, i.e. the number of people who
would have total access would larger then it is now and people would get to
such a postion simply by being trustable in the eyes of the current users. I
don't know if any of you know of MIT's ITS(incompatable timesharing system)
in which the users had free roam. When you login to ITS it tells you how many
users there are on the system
USERS : 5
but someone changed it to say
LOSERS: 5
it was changed back and forth a few times and finaly setteled on
LUSERS: 5
something that was acceptable to all.

An other complaint is that someone will eat up all of the CPU or disk space
but what you dont see is that if everyone is equal then if there are 5 people
on the system then if everyone is using CPU munching programs then the CPU
time will be split 5 ways and if someone does not need all of theirs it will
be split among the rest. As far a disk space split it evenly among the users
and if someone needs more they can have it by general consensus.

My basic point is that the users are responsible to someone, they are
responsible to the group and if that is not enough then they should not be
admitted to the group.  It may appear that I am contradicting my self by
saying there should be a group, but I bow to reality I that there will always
be people that can not be trusted but if there are allowed to use the system
they it should be as equals not as subordinates.

Jon Bennet
jb7m@andrew.cmu.edu

END OF DOCUMENT