The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: Rutgers 'Security List' (incl. misc.security) - Archives (1989)
DOCUMENT: Rutgers 'Security List' for October 1989 (97 messages, 71072 bytes)
SOURCE: http://securitydigest.org/exec/display?f=rutgers/archive/1989/10.txt&t=text/plain
NOTICE: securitydigest.org recognises the rights of all third-party works.

START OF DOCUMENT

-----------[000000][next][prev][last][first]----------------------------------------------------
Date:      2 Oct 89 06:06:00 GMT
From:      MISS026@ecncdc.BITNET (GREENY)
To:        misc.security
Subject:   re: Alarm systems

> IR Detectors...

What do these detect?

They detect infrared energy in the area....a fresnel lens directs any and
all infrared onto a pyrodetector, and some electronics determine whether or not
it should be classified as an alarm or not....usually this is done via "Pulse
counting" which is a method whereby the detector counts the number of pulses
of energy that it has detected within a certain period of time (usually a{
2-3 second period...)....At the security system which I consult for, we set
this to TWO...makes for a good trade off between preventing false alarms due to
air vents moving plants, and the ability to detect a person...NO they will
not detect through the glass....although a good shot of sunlight right
into the lens of the detector will trigger it....simple solution -- keep the
drapes drawn...

Glass breakage sensors -- what do these detect?

There are two types:  Ones which "listen" for the frequencies of breaking
glass (audio discrimination) and the usual ones which sense low-level
vibrations such as would be caused by someone attempting to pry open the
windows...

The Radio Shack ones work via mercury type switches that when shaken enough
close a contact and trigger the alarm....they are not tooo reliable...The ones
at the security company I consult for use Terminus sensors, and run them into
a "processor" that makes heads or tails out of the signals comming from the
detectors on the windows....Otherwise thunder and rumbling trucks would set
them off all the time...

My personal favorite is a sensor known as the "ShatterBox" by Sentrol which
is an audio discriminator....of course if you have these armed at night and
then break a glass, you will set off the alarm...

My personal recommendation is to go with a system from a professional
company because there is a lot of grunt work involved in fishing all the
wires for a hardwired system (wireless systems are good, but another topic
altogether..) and in choosing the best protection for your home.  Also, if
anything goes wrong, they get to fix it, and you wont have to listen to the
wife (if you're married) saying "I told you it should have been done by a
company! *whine*".  Furthermore, they can and should be able to hook you up
to a central monitoring station for a nominal fee (we charge $21.50/month)
which will provide you with some neat features.  1) Assuming your phone lines
dont get cut, then when the alarm goes off, it will send a packet of data
via digital communicator to the central station over your phone line (it
seizes the line even if someone is on the phone or it is off the hook) and
tells them what zone got triggered....2) they call you back unless it's a
panic zone and ask for a password....3) if you provide the correct one they
dont send the police/fire dept/paramedics....4) if not, then they do...
5) if you arent there, they call a list of valid "keyholders" and tell them
the alarm went off, and call the cops/fire dept/ambulance....6) you can have
other sensors such as high/low temperature sensors, sump pump failure
(flood) sensors, etc...wireless panic buttons (even with a hard wired
system) and a variety of other goodies...

Also, if the company you choose is up on things, then they will use recessed
magnetic contacts that you will never see on the doors/windows...about the
only thing you will see is the smoke detectors if you have fire coverage,
and the shock sensors on the doors/windows (although these are practically
invisible...), the control keypad(s) in the designated area, and the alarm
CPU in the basement/closet of your home....

The CPU should have a battery backup, and recharge automatically.  Stay
away from the Radio Shack system, it uses lots of C or D cells and they are
a pain...also, no digital communication is available, and they only offer
their tape dialer which many police stations hate...also the panel is not
zoned, which makes servicing a complete bear...

More questions?  Drop me some E-mail...I'm experiencing hard drive problems
right now so I'm not on every day like I used to be, but I am here about
3 times a week...

Bye for now but not for long...
Greeny

BITNET: MISS026@ECNCDC
Internet: MISS026%ECNCDC.BITNET@CUNYVM.CUNY.EDU
GEnie: GREENY
Macnet: GREENY

-----------[000001][next][prev][last][first]----------------------------------------------------
Date:      2 Oct 89 18:33:07 GMT
From:      CI60UCU@VM.TCS.TULANE.EDU (Charlene Charette)
To:        misc.security
Subject:   Re: Home Security Systems

I used to work for a security company (residental and commerical) and one of my
co-workers here at the University used to install residental and commerical
systems (he still does installations on a part-time basis).  The following
answers are a combination of our knowledge:

>What's a good book on do-it-yourself home security systems?
Guy did not know of any good, current books available.

>What are the trade-offs of do-it-yourself vs. a professional security
>company?
The main advantage is that the professionals are knowledgeable and experienced
(providing they are not one of the many fly-by-night alarm company that are
popping everywhere).  The secondary advantage involves monitoring; alarm
signals are sent to a central station who can then call the police, fire dept.,
your work number, etc. when your alarm goes off.

>How do I protect my home without overtly annoying the neighbors, police,
>etc. with false alarms.
Most of the newer alarms allow you to set a time limit on sirens with 15 mins
being the usual time limit.  Some cities have ordinances on siren time
durations and I would suggest that you check for these.  (Some cities require
that alarm systems be registered.  You should check this also.)

>Radio Shack sells "glass breakage detectors".  These are ~1" diameter
>"pucks" that stick to the glass and are wired to an alarm.
>* What do these sense?
These sense high-pitched sounds such as glass breaking.  Alarm technicians test
them by rattling keys.

>* If they are in the corner of a picture window, and the
>  other side of the window is broken but the glass under the puck remains
>  intact will they trigger?
Yes, it should; but it is dependant on the range of the detector.

>* If they are impact-sensitive, will a truck or plane rumbling by set
>  them off?
Yes, if they are too sensitive.  Some can be adjusted, others not.

>How about area detectors, infra-red or sonic?  We have no pets to set
>them off but:
You may not have any pets to set them off, but I have seen them set off by rats
and roaches (yes, we have *BIG* roaches here).  Guy says they are good, but
stay away from cheap detectors or you will be plagued with false alarms.

>* Can IR detectors see movement through windows?  Wouldn't want the
>paper boy setting them off by mistake.
No, the detectors don't sense "movement".  They sense changes in heat.  If you
were to hold a large piece of cardboard in front of you and move it slowly in
front of an IR detector, you could pass it undetected.

>* How about changes in ambient IR levels caused by the sun coming in
>through a window or the furnace going on or off?
Yes, temperature changes will trigger the detectors.  Don't point them at
windows, fireplaces, air ducts, furnaces, etc.

>* Are the sonic types sensitive to noises outside the house?
They should be.

>* Will, say, thunder shake the house enough to trigger a motion detector?
It shouldn't.

>I see both wired and wireless alarm systems for sale.  Since I have good
>attic and basement access, I am tending toward the wired sort.  The
>wireless types seem to need occasional battery replacement.  Aside from
>this are there reliability concerns wrt. either style?
Guy advises staying away from wireless systems as they are not as reliable.
Although he is not as familiar with the newer wireless sytems available, he
said the older systems had no low battery indicator.  A low battery can cause
false alarms; and of course, a dead battery is useless.

If you have any further questions, please feel free to ask.

PS:  Guy said if you pay his expenses he'd gladly come up and give you a hand.
      :-)

-----------[000002][next][prev][last][first]----------------------------------------------------
From:      Paul=Zonfrillo%SQA%Banyan@thing.banyan.com  4-OCT-1989 22:17:37
To:        SECURITY@vm.tcs.tulane.edu
Yes indeed, Dongles are alive and well!

My company, Banyan Systems Inc. makes PC-based WAN/LAN software and uses such a
device for copy protection as well as and upgrade.  Our "server key" is a
straight-thru  device that sits on the pralell port.  Users can also purchase
additional "option keys" to enable additional operating systems options such
as TCIP routing,  that can be loaded on/off the server via these option keys .
As far as reliability goes, in six years,  we have NEVER had one burn out.
(this is according to tech support).

Our software encodes to the key after it has been loaded on the
server.   The option is also attractive because it does not take up any
slots in the server.

In short:  Dongles seem to be an effective but unobtrusive form of copy
protection.

Paul Zonfrillo
SQA Engineer, Banyan Systems Inc.

Paul=Zonfrillo%SQA%BANYAN@thing.banyan.com
-----------[000003][next][prev][last][first]----------------------------------------------------
From:      barry@ads.com  4-OCT-1989 23:12:18
To:        security@ucbvax.berkeley.edu
There is a cracker on the loose in the internet.  This is the information
I have so far.  Traces of the cracker were found at the Institute for 
Advanced Studies in Princeton.  He also left traces at one of the Super
computer centers.  Both CERT and the FBI have been called.

The technique that is being used is as follows:

1) He has a modified telnet that tries a list passwords on accounts.  Username
   forwards and backwards, username + pw, etc.

2) He seems to have a program call "ret", that is breaking into root.

3) He seems to be getting a list of victim machines via people's
   .rhosts files.

4) He copies password files to the machines that he is currently
   working from.

5) He is good about cleaning up after himself.  He zeros out log files
   and other traces of himself.

6) The breakins are occurring bwtween 10pm Sunday night and 8am Monday
   morning. 

7) He seems to bring along a text file of security holes to the
   machines he breaks into.

8) Backtracing the network connections seem to point to the Boston
   area as a base of operations.

The sys admin at IAS found a directory with the name "..  " (dot dot
space space).  The files I mentioned above were found in this
directory.

Barry Lustig			barry@ads.com
Advanced Decision Systems
(415) 960-7300
-----------[000004][next][prev][last][first]----------------------------------------------------
Date:      3 Oct 89 20:04:00 GMT
From:      cc@sisl.co.uk (Chris Corbett)
To:        misc.security
Subject:   Unix security products, A survey

I am carrying out a survey of security products that are
available for Unix machines. The idea is to collect together a review of 
the available products. It will be a "snapshot" of the various ways in 
which security can be added to unix, together with a brief description
of the main features of each.

This review would then be posted onto the net, and hopefully updated
from time to time. 

I am focussing on the following areas:

  1. Single level security products for Unix machines. Products that
     give a C2 level of assurance or something like it. 

  2. Multilevel security for unix machines. Products that give
     higher levels of assurance (B1 and up).

  3. Products that support either of these levels of security over
     networks of machines.

I am *not* collecting information on encryption devices/smart cards etc.

In order to jolt your memory I am already aware of the following in 
each of these categories.

  1. BOKS

  2. The Addamax and Secureware kits for system V and BSD. (I would be 
     interested to know of any manufacturer that has announced machines
     running either of these two); AT&T's MLS Unix; Unix System 5.4.2 which
     is said to be going to include B1 security as part of the 
     standard product. 

  3. None (well its a much trickier problem).

Any information or pointers that anyone can send me would be very welcome.
Names of further people to talk to would also be useful. Thanks in advance.

I should also state for the record that I am not associated commercially
with any company that makes any products of this type. I am an interested third
party who would like to get an overview of the current situation.

-----------------------------------------------------------------------------
Chris Corbett      cc@sisl.uucp   +44 252 811818  Fax +44 252 811435
Secure Information Systems Ltd, Sentinel House, Harvest Crescent,
Ancells Park, Fleet, Hampshire GU13 8UZ. UK.
-----------------------------------------------------------------------------

-----------[000005][next][prev][last][first]----------------------------------------------------
Date:      Wed, 23 Aug 89 17:13:11 BST
From:      ORG5NMC@cms1.ucs.leeds.ac.uk   5-OCT-1989 16:05:31, ORG5NMC@cms1.ucs.leeds.ac.uk
To:        SECURITY@pyrite.rutgers.edu, SECURITY@pyrite.rutgers.edu
> Why is there so little awareness of the way many third-party software
> packages open vulnerabilities in even the perfectly managed C2
> commercial systems?

I don't think its just a matter of third party software being poor
security-wise. The vendor of the machines I work on (not IBM) seems
to have a very poor record (security-wise) when it comes to their
own "add on" s/w let alone third party. I see time after time
new features introducing old bugs.
   On another subject (slightly related) what do readers think
vendors should do to deter the writing of "home-grown" poorly
written privileged s/w that effectively opens up systems? Is
it just a matter of education or trying to make it difficult
for s/w to make mistakes?

                               Neill.
-----------[000006][next][prev][last][first]----------------------------------------------------
Date:      Wed, 23 Aug 89 16:27:45 EDT
From:      Gary Buhrmaster <TJF@CORNELLC>   5-OCT-1989 16:35:00, Gary Buhrmaster <TJF@CORNELLC>
To:        security@ubvm, security@ubvm
In the IBM world, a promise to run 15% faster than the competition
usually makes the sale to the DP manager.  That manager is rarely
concerned that the package happens to run faster because it runs the
users in privleged mode, and the saleman is unlikely to volunteer that
information.  His competitor might, but he probably has his own hooks
for some other function that he would prefer you not notice.

It is getting better.  While still a rare occurance, DP managers are
learning to ask what special facilities or privleged functions that
packages require, and then require that the package support the
underlying security facilities.  In the MVS world, that often means
some sort of statement of integrity, and interface to RACF or ACF2.
The driving force is often the EDP Auditor.  While they may not
understand computers (it is not their job,) they do exchange
information between themselves as to what packages are the biggest
abusers, and they do know the right questions to ask.  After all, their
interest is in understanding the risk of losing their companies assets,
and programs that allow access to those assets without authorization
are dangerous.
-----------[000007][next][prev][last][first]----------------------------------------------------
From:      Chess Ferrier <chess@ibmpcug.co.uk>  5-OCT-1989 16:50:03
To:        misc-security@ukc.ac.uk
HOW CAN A PS/2 PASSWORD BE REINITIALISED ?

You use the REFERENCE DISK to set a PS/2 PASSWORD for the first time.

You use OLDPW/NEWPW to change the current PASSWORD.

But how do you re-invoke the password facility for the following situation:

    1    The password had been set.
    2    The password was removed by entering a blank value as a new password.
         (OLDPW/ <Enter>)

You can no longer set the password via the REFERENCE DISK as it reports that
the password is already set.

You can not change the password from 'blank' to something else via the normal
'CHANGE PASSWORD' process as you are no longer required to enter a password
when the system is turned on.

The only way I know to over come this situation is to remove the PS/2's battery
for about 20 minutes, and then rerun the system automatic configuration, and
the REFERENCE DISK's SET PASSWORD facility.

The above method is a real pain. I'm hoping that there is another way.

Is there another way ?

P.S. - Is there a way to find out the current power-on password value.

Thanks in advance for any help.

----------------------------------------------------------------------------
Mr Chess Ferrier

ESSO ENGINEERING (EUROPE) LIMITED.
Apex Tower, High Street, New Malden, Surrey, KT3 4DJ.

01-949-8459
-----------------------------------------------------------------------------

-- 
Automatic Disclaimer:
The views expressed above are those of the author alone and may not
represent the views of the IBM PC User Group.
-----------[000008][next][prev][last][first]----------------------------------------------------
From:      feo@cbnewsl.ATT.COM (francis.e.o brien)  5-OCT-1989 22:20:16
To:        misc-security@att.att.com
I'm interested in installing my own home security system.  My
house is mostly pre-wired, which makes the installation of a
wired system relatively simple.  The only problem is finding
systems.  So far the choice is Radio Shack.  I haven't located
any other distributors of alarm systems who sell to the general
public.  Most places insist on installaing and of course providing
a monitoring service.  Can anyone provide me with the name of some
dealers that I can deal with directly?
Thanks.   
-----------[000009][next][prev][last][first]----------------------------------------------------
From:      jearly@lehi3b15.csee.lehigh.edu (John Early)  5-OCT-1989 22:52:42
To:        misc-security@rutgers.edu
>What's a good book on do-it-yourself home security systems?

If you find one, let me know, too.  

If you do-it-yourself, it is cheaper and more secure(only you know the
details of your system) but you might not think of everthing the pro's
might.  Personally, I don't let ANYBODY know the details of the systems
I install, and I would not trust ANY company that doesn't have a good rep.

>How do I protect my home without overtly annoying the neighbors, police,
>etc. with false alarms.

Don't have false alarms--seriously, they ARE annoying, and unless the
only function an alarm system does is call YOUR phone, you will annoy
someone.  Some police dept. don't mind having auto-dialers call them,
some do...check with the local and/or state police.

>Radio Shack sells "glass breakage detectors".  These are ~1" diameter
>"pucks" that stick to the glass and are wired to an alarm.  
>* What do these sense?  

They are mercury switches (can be set to be normal open or closed) and change
state when tilted more than a certain (preset) degree.  If someone can break
(or cut) just part of a window, they won't sense it.  They are most sensitive
to rotational motion around the center axis, so I did one installation where
the window loop is always active, but the windows can be opened or closed
without triggering the sensor...and trucks won't set them off.  Do your
best to hide them so that a potential intruder won't notice them and take
precationary steps.

>How about area detectors, infra-red or sonic?  We have no pets to set
>them off but:

Some IR detectors are sensitive enough to measure through glass...most aren't.
Sunlight WILL set them off...seen that happen more than once.
Ultrasonic motion detectors shouldn't detect noise, per se, but if the
thuder knocks a book off a shelf (had that happen to me once) it will.

>I see both wired and wireless alarm systems for sale.

I always use closed loop wired systems.  And redundant systems in special
areas.  Don't forget to check back-up batteries at least 1/month!
I think that any DIY can manage a good security system, if s/he thinks it
out ahead of time, and tries to think like an intruder.  Pay attention to
small details--e.g. don't install an auto-dialer then forget to protet your
phone wire entrance.  Radio shack has good stuff...probably enough for the
average home security needs.

Hope this helps.

John Early
jearly@lehi3b15.csee.lehigh.edu
JPE1@Lehigh.Bitnet
-----------[000010][next][prev][last][first]----------------------------------------------------
From:      letni!doug@texbell.swbt.com (Doug Davis)  5-OCT-1989 23:21:14
To:        misc-security@attctc.dallas.tx.us
>* What do these sense?  
These are mercury filled switches which you can set the "sensitivity"
by providing the inital tilt of the switch.  I use them in my car
for things like tee-tops.  (substatute velcro for the double stick tape)
and they work reall well.  For glass breakage they are only moderate
I would suggest them only if tape is to obnoxious and you can't affored
the "real ones" based off of piezo elements.

>* Can IR detectors see movement through windows?
No, not unless they were paper thin, Ultra sonics can't even see thru 
that.   

>* How about changes in ambient IR levels caused by the sun coming in
>through a window or the furnace going on or off?
Usually two slow in both cases,  I once walked across a room that was
protected via IR detectors, it took half an hour to cross 20 feet, but
I won the bet.   I suspect sonics are foolable in a similer fashion,
but *I* can't do it.

>* Are the sonic types sensitive to noises outside the house?
Not unless its very very loud and in their detection range.

>* Will, say, thunder shake the house enough to trigger a motion detector?
I use both and we have lots and lots of thunder storms, the shaking of
the house has never set them off.. Books falling from the shelf across
the room will though.

IR detectors love heating element furnaces, and steam radiators,
generally anything that changes temperature quickly will set them
off.

Ultrasonic detectors love ceiling fans, and air vents (if they are
set too sensitive) 

>I see both wired and wireless alarm systems for sale.
Yeas, most wireless "broadcast" somehow, and like any RF signal it
is subject to distortion caused by outside interference.   Also
someone else my have an alarm system using the same codes and/or
frequencys that could cause yours to appear to false alarm. While 
wired alarms are subject to "rodent abuse." Like when the squirrel
that has made your attic its home desides to "borrow" a chunk of alarm
wire for its nest.

Wired is by far more reliable, and more work ;-)

Think closed loop, that *IS* the way to go, also the more loops the
better, that way you can still have a partial alarm system when 
a loop goes out..   Thats not good, but it's thousands of times better
than not having an alarm.

Look real carefully at off the shelf "base units" most of them are
low grade trash, generally in this area you get what you pay for.

doug
--
Doug Davis/1030 Pleasant Valley Lane/Arlington/Texas/76015/817-467-3740
{sys1.tandy.com, motown!sys1, uiucuxc!sys1 lawnet, attctc, texbell} letni!doug
 "Everything in this article is a Jolt Cola hallucination and in no way
   exhibits any signs of being remotely connection to any reality."
-----------[000011][next][prev][last][first]----------------------------------------------------
From:      simsong@prose.cambridge.ma.us (Simson L. Garfinkel)  5-OCT-1989 23:48:32
To:        security@rutgers.edu
I am in the process of installing a rather sophisticated security and access 
control system in my home.  Deadbolts and strike reinforcement are a good first
step, but the reality is that if somebody kicks hard enough, they will 
probably just take the frame out of the wall, unless you have a steel frame
around a steel door.

It's really not worthwhile to go to that trouble, though, because people will
just come through the windows unless you have bars or security screens on 
them.  If your goal is to keep somebody out physically, you will probably
have to turn your house into a fortress.  

	What's a good book on do-it-yourself home security systems?

_The_Truth_About_Self_Defence_, available from the Police bookshelf,
603-224-6814, 800-624-9049.
	
	What are the trade-offs of do-it-yourself vs. a professional security
	company? 
	
Assuming you want central office monitoring, it is generally easier to get
hooked up with a professional system.  Most systems cost in the $1K-$2K price
range, and they do a very good job, so unless you have done this stuff a lot,
you are probably better off with something professional.

It's also a question of how much you value your time, how close what you want
is to what is available off-the-shelf, and wether or not you want to use a
radio-controlled system.

     How do I protect my home without overtly annoying the neighbors, police,
     etc. with false alarms.
	
Don't have false alarms.  They are typically caused by friends setting the 
system off, wind blowing doors open, auto-headlights setting off IR detectors,
and things like that.

	Radio Shack sells "glass breakage detectors".  These are ~1" diameter
	"pucks" that stick to the glass and are wired to an alarm.  
	* What do these sense?  
	
Vibration.  Other units can actually detect the sound of breaking glass.

	* If the other side of the window is broken but the glass under
	  the puck remains intact will they trigger?  

Yes.

	* If they are impact-sensitive, will a truck or plane rumbling by set 
	  them off?
	
Only if it breaks the glass.

	* Can IR detectors see movement through windows?  Wouldn't want the
	paper boy setting them off by mistake.
	
Not unless you have windows made out of NaCl.  Salt windows are typically
only found in laboratories, in circles of 1", for IR spectroscopy.

	* How about changes in ambient IR levels caused by the sun coming in
	through a window or the furnace going on or off?

Depends on the detector.  Some of the newer detectors will only trigger if
two or three beams are broken in succession, and these tend not to go off
with slow changes in temperature.
	
	* Are the sonic types sensitive to noises outside the house?
	
Ultrasonic detectors are generally not used anymore, since they are
very susceptable to background things that make ultrasonics (like pipes).

      * Will, say, thunder shake the house enough to trigger a motion detector?
	
Not of you have an IR detector, since they detect moving heat sources,
rather than just movement.

	I see both wired and wireless alarm systems for sale.
	
Wireless systems scare me, because of the potential for jamming.  With 
wireless systems, there is a version which is called supervised wireless, 
in which the central station constantly polls the remotes and asks them if
they are still working, and gives you an alarm when they fail.  The more
expensive ones will even send out messages when their batteries start
to go.

On the other hand, you can move a wireless system if you do.  And they 
are much cheaper to install.
-----------[000012][next][prev][last][first]----------------------------------------------------
From:      GREENY <MISS026@ecncdc.bitnet>  6-OCT-1989  0:20:11
To:        <security@pyrite.rutgers.edu>
> IR Detectors...

What do these detect?

They detect infrared energy in the area....a fresnel lens directs any and
all infrared onto a pyrodetector, and some electronics determine whether or not
it should be classified as an alarm or not....usually this is done via "Pulse
counting" which is a method whereby the detector counts the number of pulses
of energy that it has detected within a certain period of time (usually a{
2-3 second period...)....At the security system which I consult for, we set
this to TWO...makes for a good trade off between preventing false alarms due to
air vents moving plants, and the ability to detect a person...NO they will
not detect through the glass....although a good shot of sunlight right
into the lens of the detector will trigger it....simple solution -- keep the
drapes drawn...

Glass breakage sensors -- what do these detect?

There are two types:  Ones which "listen" for the frequencies of breaking
glass (audio discrimination) and the usual ones which sense low-level
vibrations such as would be caused by someone attempting to pry open the
windows...

The Radio Shack ones work via mercury type switches that when shaken enough
close a contact and trigger the alarm....they are not tooo reliable...The ones
at the security company I consult for use Terminus sensors, and run them into
a "processor" that makes heads or tails out of the signals comming from the
detectors on the windows....Otherwise thunder and rumbling trucks would set
them off all the time...

My personal favorite is a sensor known as the "ShatterBox" by Sentrol which
is an audio discriminator....of course if you have these armed at night and
then break a glass, you will set off the alarm...

My personal recommendation is to go with a system from a professional
company because there is a lot of grunt work involved in fishing all the
wires for a hardwired system (wireless systems are good, but another topic
altogether..) and in choosing the best protection for your home.  Also, if
anything goes wrong, they get to fix it, and you wont have to listen to the
wife (if you're married) saying "I told you it should have been done by a
company! *whine*".  Furthermore, they can and should be able to hook you up
to a central monitoring station for a nominal fee (we charge $21.50/month)
which will provide you with some neat features.  1) Assuming your phone lines
dont get cut, then when the alarm goes off, it will send a packet of data
via digital communicator to the central station over your phone line (it
seizes the line even if someone is on the phone or it is off the hook) and
tells them what zone got triggered....2) they call you back unless it's a
panic zone and ask for a password....3) if you provide the correct one they
dont send the police/fire dept/paramedics....4) if not, then they do...
5) if you arent there, they call a list of valid "keyholders" and tell them
the alarm went off, and call the cops/fire dept/ambulance....6) you can have
other sensors such as high/low temperature sensors, sump pump failure
(flood) sensors, etc...wireless panic buttons (even with a hard wired
system) and a variety of other goodies...

Also, if the company you choose is up on things, then they will use recessed
magnetic contacts that you will never see on the doors/windows...about the
only thing you will see is the smoke detectors if you have fire coverage,
and the shock sensors on the doors/windows (although these are practically
invisible...), the control keypad(s) in the designated area, and the alarm
CPU in the basement/closet of your home....

The CPU should have a battery backup, and recharge automatically.  Stay
away from the Radio Shack system, it uses lots of C or D cells and they are
a pain...also, no digital communication is available, and they only offer
their tape dialer which many police stations hate...also the panel is not
zoned, which makes servicing a complete bear...

More questions?  Drop me some E-mail...I'm experiencing hard drive problems
right now so I'm not on every day like I used to be, but I am here about
3 times a week...

Bye for now but not for long...
Greeny

BITNET: MISS026@ECNCDC
Internet: MISS026%ECNCDC.BITNET@CUNYVM.CUNY.EDU
GEnie: GREENY
Macnet: GREENY

-----------[000013][next][prev][last][first]----------------------------------------------------
Date:      4 Oct 89 16:58:50 GMT
From:      CTM@cornellc.BITNET (Homer)
To:        misc.security
Subject:   Re: Home Security Systems


     The radio shack motion sensors for windows are mercury
switchs.  They depend on the sensor being thorougly moved to
another postion to set the switch off.  In this sense it is
impossible to set them off with mild vibrations.  You have
to really destroy the glass where they are.  They can be
set to almost tripped.  This would make them more likely to trip,
but if they move the wrong way they wont go off.

     Its a circular tube with merc in it and a switch at one end.

-----------[000014][next][prev][last][first]----------------------------------------------------
From:      noam@neabbs.UUCP (NOAM KLOOS)  7-OCT-1989  2:51:08
To:        hp4nl!misc-security
                CATE'S CURE FOR DATA CRIME

On or after the 12th of October, an undetermined number of computer
'viruses' are scheduled to start erasing the data of their unsuspecting
hosts. One virus in particular, known as 'DATACRIME II', is an
especially nasty specimen, as it not only spreads very rapidly, but also
formats the hard disk of any computer it infests, permanently destroying
all of the contents.

DATACRIME was first detected in the Netherlands, and the leading
computer publication of that country, PERSONAL COMPUTER MAGAZINE,
commissioned computer expert Rikki Cate to write an 'antidote' program
for its readers.  Cate, an American who lives in the Netherlands, is a
programmer specialized in this kind of work.

Cate's Cure was an overnight sensation.  Featured on radio, television
and in Holland's leading newspapers, thousands of copies were
distributed within the first few days and it has already inspired a
number of hastily composed imitations. Even the Dutch police have begun
distributing a version of their own.  Cate's Cure, however, claims
superiority to all of these.  It is much faster, it actually removes the
virus, it repairs damaged programs, it automatically searches all the
directories on the hard disk, and it provides permanent protection
against formating of the hard disk or new infections by the virus.  None
of the other programs released have any of these features.  This is
believed to have been confirmed in an independent test carried out by
the Dutch Railways.

In view of the huge demand and the clear anxiety indicated by that, Cate
has decided, with the approval of PCM, to make the antidote more widely
available on disk.  Additional information can be
obtained from her directly by calling 31-20-981963 in Amsterdam.  Fax:
31-20-763706, telex 12969 neabs nl, Fido 2:280/2, electronic mail
31-20-717666, all marked to her attention.
-----------[000015][next][prev][last][first]----------------------------------------------------
Date:      6 Oct 89 03:56:00 GMT
From:      MASROB@UBVMSC.CC.BUFFALO.EDU (CNSM CCR - Rob Rothkopf)
To:        misc.security
Subject:   RE: Home Alarm Installations, R.S. Setups

I've installed a burglar alarms using all Radio Shack equipment; The whole deal
is fairly inexpensive ($120? for the main unit, $100 phone dialer, switches,
etc) and wiring is straightforward (well, as straightforward as wiring a system
can be :-).  However, if you have any pets, motion/heat/pressure mat sensors
are out of the picture. 

A note of caution... be careful not to pinch wires when running them and
stapling them to walls.. this can build resistance in the circuit and cause
false alarms (a closed system trips when the total circuit resistance exceeds a
certain level). 

The vibration sensing switches are prone to strong winds, airplanes, truck
horns triggering them; therefore, use on windows instead of foil tape (for
cosmetic reasons) would have to be more than one for a big pane to be effective
with all the switches having fairly low sensitivity.  Still, I encountered
something interesting with these switches wired in series: the alarm is being
triggered for no apparent reason, calm winds, everyone inside sitting around
the house.  When the resistance in the circuit was checked I found it to be
over 500 ohms more than what it should have been.. troubleshooting the circuit
I found the resistance in each switch to vary, one by over 100 ohms...  seconds
later the same switch read 7 ohms.?!  Hmm...

So far this problem hasn't been fixed *but* resistance in the circuit still
seems like something to look out for.. make sure not to staple through wires
inadvertently! 

RE: the mercury glass breakage switches - Usually for windows people
   have three options if they're using the closed circuits: either
   the mercury switch, vibration switch or foil tape.  In a previous
   posting it was said that the mercury switch is impractical and it
   should be hidden so a burglar doesn't see it.  I disagree.  Part
   of the effectiveness of the system is its visibility (it even comes
   with window stickers).  The foil tape most often used is ineffective
   on big windows (e.g. glass doors) if put around the perimeter.  While
   the tape *is* sensitive to breakage, if the middle is cut carefully,
   entrance can be obtained without the alarm being triggered.  The
   "glass breakage sensor" follows the same theory that the glass will
   be broken enough to cause a shift triggering the alarm.  5 of one, etc.
   It's more a matter of cosmetics at that point.

   Also, as silly as it might seem to put a vibration sensor on a wall or
   room, there *have* been cases where burglars have broken in that way..
   if you're running a wire already it might be worth an extra few dollars
   to drop a vibration sensor here and there on some wall areas..

Overall, the Radio Shack support staff was VERY helpful and cooperative when
exchanging parts, etc.  Prices are reasonable and there are enough accessories to
build virtually any setup you would want... 

Many loops make debugging/altering the system much easier (as someone already
pointed out [good suggestion!])... 

Hope this info. is helpful to someone..

-----------[000016][next][prev][last][first]----------------------------------------------------
Date:      6 Oct 89 16:54:00 GMT
From:      TIHOR@ACF6.NYU.EDU (Stephen Tihor)
To:        misc.security
Subject:   Grumann Breakin

Kid with a Wargames dialer popped in to a small Gruman engineering system.
Grumann seems to have been very sloppy since what the CBS newspeople who
interviewed me ("Indpendant Computer Expert") said was that he go into a
privileged maintenance account.  Presumably FIELD.  Of course Grumann does
their own maintenance so its propbably their fault not DEC's if its a guessable
password.  But they let the kid in, tracked him back, and had him arrested.

-----------[000017][next][prev][last][first]----------------------------------------------------
Date:      6 Oct 89 19:59:50 GMT
From:      JEFF@utcvm.BITNET (Jeffrey R Kell)
To:        misc.security
Subject:   Re: Home Alarms

Are their any alarm systems that will interface with a PC?  I've seen
plenty of 'switch controllers' but don't recall seeing anything that
resembled alarm sensors (though presumably if you can sense a switch
open/closed, the same logic applies to alarm sensors).

<Jeff>

-----------[000018][next][prev][last][first]----------------------------------------------------
Date:      8 Oct 89 07:46:00 GMT
From:      MISS026@ecncdc.BITNET (GREENY)
To:        misc.security
Subject:   re: wireless systems

> there is a version which is called supervised wireless, in which the central
> station constantly polls the remotes ...

Nope.....not the Central Monitoring Station, but rather the alarm CPU in your
basement/utility closet....every 10-15 seconds the sensor puts out an "I'm
here " signal to the CPU, and the CPU remembers it.....if it doesn't get a blip
then it waits another 15 seconds or so and sees if it gets one again...if it
doesnt, then it sends a signal to the Central Monitoring Station saying
"Supervisory on Zone ##" where ## is the number of the zone that died...
of course if someone is sophisticated to jam your xmitters (319.5 MHZ for
those of you wondering...) then they could also just cut your phone line
and unless you have a cellular dialer, or high security connection then
you are out of luck....

Also, the newer wireless systems (such as the ITI SX-V) has sensors that have
the brains to send a "Hey CPU, my battery is dying" signal to the CPU so
that the CPU can call the central monitoring station, and then they will
call either you and your dealer, just your dealer, or just you....then your
dealer can come out and replace the batteries for you -- or if you can find
the proper equivilent then you can do it yourself...

l8r...
bye for now but not for long
Greeny

BITNET: MISS026@ECNCDC
Internet: MISS026%ECNCDC.BITNET@CUNYVM.CUNY.EDU
GEnie: GREENY
MacNEt: GREENY

-----------[000019][next][prev][last][first]----------------------------------------------------
Date:      8 Oct 89 23:36:00 GMT
From:      XA3I@purccvm.BITNET (Robert Allinson)
To:        misc.security
Subject:   Personal Computer Viruses

I am puzzled by the statement made by certain individuals.  The
statement was made that a virus can be put on an un-formatted disk
and it can "virusize" your personal computer!!!

Is this true?  Is it possible to put a virus on an un-formatted disk?
 s this tru even transfer a virus
If so, HOW?  It does not make sense.  In my view you have to format the
disk in the first place to install data on it! correct?

Please reply to :                          Robert Allinson  XA3I@PURCCVM

[Moderator tack-on: Depends on the type of PC, of course.  Replies to him
only, please...   _H*]

-----------[000020][next][prev][last][first]----------------------------------------------------
From:      Homer <CTM@cornellc.bitnet>  10-OCT-1989  8:05:12
To:        "Security List." <security@pyrite.rutgers.edu>
     The radio shack motion sensors for windows are mercury
switchs.  They depend on the sensor being thorougly moved to
another postion to set the switch off.  In this sense it is
impossible to set them off with mild vibrations.  You have
to really destroy the glass where they are.  They can be
set to almost tripped.  This would make them more likely to trip,
but if they move the wrong way they wont go off.

     Its a circular tube with merc in it and a switch at one end.
-----------[000021][next][prev][last][first]----------------------------------------------------
From:      Bob Dixon <DIXON@ohstvma.bitnet>  10-OCT-1989  8:39:16
To:        security@pyrite.rutgers.edu
Some things to think about concerning RF security systems.

What frequency range do they use? Do they generate RFI? Are they susceptible
to interference from other transmitters located nearby (such as 1kw in the
house? Can the remote units be tested automatically from the central unit?
Are the remote units battery powered? If so, is battery failure detected?
Can the receiver be rendered ineffective by a local transmitter on the same
frequency?

                              Bob Dixon
                              Ohio State University
-----------[000022][next][prev][last][first]----------------------------------------------------
From:      <BHAYNES@auducvax.bitnet>  10-OCT-1989  9:09:50
To:        security@pyrite.rutgers.edu
        This may or may not be an appropriate topic.  If not, please
excuse the posting...

        I am about to make an attempt to find some 200 people.  The only
information I have to go on is their full name and an old (5-10 years)
address.

        My question is basically, how?  What types of information would be
helpful and available?  What types of information is public?  Are there any
on-line services which would be useful in locating people?  If so, what types
of information is readily available?

---------------------------------------------------------------------------
Brad Haynes                        |  Internet: bhaynes@ducvax.auburn.edu
c/o U.P.E.                         |  Bitnet:   BHAYNES@AUDUCVAX
106 Dunstan Hall                   |
Auburn University, Alabama 36849   |
(205) 826-0479                     |
-----------[000023][next][prev][last][first]----------------------------------------------------
From:      howard@hasse.ericsson.se (Howard Gayle)  10-OCT-1989  9:47:02
To:        misc-security@sunic.sunet.se
Several of my friends recently joined a medium-size Swedish
firm.  (Name withheld, but it is definitely *not* Ericsson.)
They all wanted to have their electronic (email) addresses on
their business cards, but the firm's security manager would not
allow this.  He claimed that the host names in the addresses
would, collectively, reveal sensitive information.  I am very
skeptical of this claim.  By collecting a reasonably large
sample of cards, one could probably estimate the number of file
servers at the firm, but I don't see how that could help a
cracker.  The firm does not do classified or military work, and
is not on the Internet (Nordunet).

Has anyone heard of similar policies at other firms?  Does
anyone see any real risks of email addresses on business cards?
As usual, please email to me; I'll summarize if response
warrants.
--
Howard Gayle
TN/ETX/T/BG
Ericsson Telecom AB
S-126 25 Stockholm
Sweden
howard@ericsson.se
uunet!ericsson.se!howard
Phone: +46 8 719 5565
FAX  : +46 8 719 9598
Telex: 14910 ERIC S
-----------[000024][next][prev][last][first]----------------------------------------------------
From:      Frank Tompkins <TOMPKINS@AKRONVM>  10-OCT-1989 10:17:09
To:        security@ohstvma
Greetings:
As a new subscriber to this list, please redirect me if the following
question(s) are better answered elsewhere.

We have a TCP/IP based campus network, growing rapidly for about a year
and a half, that has primarily been used by academic types (faculty &
students).  There is growing pressure to allow administrative users access
to MVS mainframe (via IBM's 5798-FAL product offering, dialing to VM VTAM).
The physical implementation includes thick and thin ethernet cabling,
a Proteon router, some fiber cable, IBM type 1?? cabling, a bridge here
and there, and a 56kb link to the rest of the Internet.

My two part question, the results of which I will refer to my management
to help them decide some policy issues, is as follows:

   1)  Other than the well known ease with which thick Ethernet cables
       can be tapped and passing data extracted, are there other weak
       spots (security wise) that we should be aware of regarding the
       physical links,
 and
   2)  What are the policies (briefly) that other campuses have regarding
       allowing confidential administrative data to flow over Internet
       links.

Please answer directly to me to avoid wasting network bandwidth with what
is probabily a thoroughly hacked over issue.  If there is enough interest,
I will post a summary.  Also, if there are any archived documents or
discussions regarding this issue, please direct me to them.

Thank you all.

Frank Tompkins      (TOMPKINS@AKROMVM) / (TOMPKINS@VM1.CC.UAKRON.EDU)
Systems Programmer
University of Akron
Akron, Ohio   44325-3501
-----------[000025][next][prev][last][first]----------------------------------------------------
From:      Charlene Charette <CI60UCU@vm.tcs.tulane.edu>  10-OCT-1989 10:43:41
To:        security@pyrite.rutgers.edu
I used to work for a security company (residental and commerical) and one of my
co-workers here at the University used to install residental and commerical
systems (he still does installations on a part-time basis).  The following
answers are a combination of our knowledge:

>What's a good book on do-it-yourself home security systems?
Guy did not know of any good, current books available.

>What are the trade-offs of do-it-yourself vs. a professional security
>company?
The main advantage is that the professionals are knowledgeable and experienced
(providing they are not one of the many fly-by-night alarm company that are
popping everywhere).  The secondary advantage involves monitoring; alarm
signals are sent to a central station who can then call the police, fire dept.,
your work number, etc. when your alarm goes off.

>How do I protect my home without overtly annoying the neighbors, police,
>etc. with false alarms.
Most of the newer alarms allow you to set a time limit on sirens with 15 mins
being the usual time limit.  Some cities have ordinances on siren time
durations and I would suggest that you check for these.  (Some cities require
that alarm systems be registered.  You should check this also.)

>Radio Shack sells "glass breakage detectors".  These are ~1" diameter
>"pucks" that stick to the glass and are wired to an alarm.
>* What do these sense?
These sense high-pitched sounds such as glass breaking.  Alarm technicians test
them by rattling keys.

>* If they are in the corner of a picture window, and the
>  other side of the window is broken but the glass under the puck remains
>  intact will they trigger?
Yes, it should; but it is dependant on the range of the detector.

>* If they are impact-sensitive, will a truck or plane rumbling by set
>  them off?
Yes, if they are too sensitive.  Some can be adjusted, others not.

>How about area detectors, infra-red or sonic?  We have no pets to set
>them off but:
You may not have any pets to set them off, but I have seen them set off by rats
and roaches (yes, we have *BIG* roaches here).  Guy says they are good, but
stay away from cheap detectors or you will be plagued with false alarms.

>* Can IR detectors see movement through windows?  Wouldn't want the
>paper boy setting them off by mistake.
No, the detectors don't sense "movement".  They sense changes in heat.  If you
were to hold a large piece of cardboard in front of you and move it slowly in
front of an IR detector, you could pass it undetected.

>* How about changes in ambient IR levels caused by the sun coming in
>through a window or the furnace going on or off?
Yes, temperature changes will trigger the detectors.  Don't point them at
windows, fireplaces, air ducts, furnaces, etc.

>* Are the sonic types sensitive to noises outside the house?
They should be.

>* Will, say, thunder shake the house enough to trigger a motion detector?
It shouldn't.

>I see both wired and wireless alarm systems for sale.  Since I have good
>attic and basement access, I am tending toward the wired sort.  The
>wireless types seem to need occasional battery replacement.  Aside from
>this are there reliability concerns wrt. either style?
Guy advises staying away from wireless systems as they are not as reliable.
Although he is not as familiar with the newer wireless sytems available, he
said the older systems had no low battery indicator.  A low battery can cause
false alarms; and of course, a dead battery is useless.

If you have any further questions, please feel free to ask.

PS:  Guy said if you pay his expenses he'd gladly come up and give you a hand.
      :-)
-----------[000026][next][prev][last][first]----------------------------------------------------
From:      (Marshall D. Abrams) <abrams%vlad@gateway.mitre.org>  10-OCT-1989 11:14:56
To:        security@pyrite.rutgers.edu
          Fifth Annual Computer Security Applications Conference

                               formerly the

            Aerospace Computer Security Applications Conference

                            December 4-8, 1989
                   Westward Look Hotel, Tucson, Arizona

                               Sponsored by
             IEEE Technical Committee on Privacy and Security
                 American Society for Industrial Security
                  Aerospace Computer Security Associates

      		      Conference  Highlights 
         Keynote  Speaker                       Luncheon  Speakers    
           -----------	         	     ----------------
    Senator  Dennis DeConcini                 Mr.  Charles. T. Force
         (D - Arizona)                                NASA     
					           Mr. Dave Fitzsimmons    
						Cartoonist, Arizona Daily Sun
      		       Distinguished Lecture            
        		        in Computer Security      
  		  	  "INFOSEC:  Where Are We  Going?"   
     			 --------------- 
    		      Mr.  Stephen  T. Walker   
 			    Trusted Information Systems

      			Tutorial Program 

      		    Monday, 4 December 1989

     	 "Secure  System  Design - An Introduction"
     		 Mr. Morrie Gasser, DEC

      		     "Database Security"   
      		     Ms.Teresa Lunt, SRI

   			   Tuesday, 5 December 1989

     	       "Secure System Design - Advanced"
        	  Dr. Virgil Gligor, University of Maryland

     	     "A New Approach to Network Security"
    	      Mr. Jerome Lobel, Lobel Consulting

     		     "Computer Crime" 
      Ms. Gail Thackeray, Arizona  Assistant  Attorney  General

                            Technical Program

                 Wednesday - Friday,     6-8 December 1989

        Technical Paper Sessions
            +  Architecture  for Trusted Systems
            +  Network Security
            +  Cryptographic Applications
            +  Architecture and Mechanisms
            +  Security Policy and Models
            +  Risk Management
            +  Software Development for Security
            +  Data Base Security I  &  II
            +  Security for Command and Control
            +  Audit Applications
            +  Trusted Distribution

        Panel  Sessions   
     	+  Computer Crime
            +  Data  Base  Design  for MLS
            +  TCB Subset Issues
            +  Human Issues
            +  Gemini Users
            +  International INFOSEC Standards
            +  Integrity
            +  Shoot Out at the OSI Security Corral
            +  Civil Sector Security
            +  Security Standards for Open Systems
            +  Space Station Information Security
            +  Data Integrity and Security for Computer Aided 
               Acquisition  and  Logistics Support  (CALS)

                           Special Events

        Biosphere II: a prototype of the Earth for the future
    Sonora Desert Museum: living animals and plants of the Sonoran 
                             Desert Region

                       Additional Information

    For a copy of the  advance  program,  which  includes  rates,
    schedule, registration form, and special activities, contact:
    Diana Akers, Publicity Chair, (703) 883-5907 
          akers%smiley@gateway.mitre.org
    Victoria Ashby, Co-Chair, (703) 883-6368 
          ashby%smiley@gateway.mitre.org
     The MITRE Corporation, 7525 Colshire Dr., McLean, VA  22102

    If your organization wishes to  consider  placing  a  related
    exhibit  at  the  conference,  a limited number of spaces are
    available  on  a  first  come  -  first  serve  basis.    For
    information, contact:
       Robert D. Kovach, Exhibits Chair, (202) 453-1182, 
                rkovach%nasamail@ames.arc.nasa.gov

    Advance Programs will be available early September.  Please
                 request one at that time.

    Conference proceedings and  videotape  of  the  Distinguished
    Lecture will be available.

    Program Subject To Change
-----------[000027][next][prev][last][first]----------------------------------------------------
From:      <JAHARITO@owucomcn.bitnet>  10-OCT-1989 20:08:40
To:        security@pyrite.rutgers.edu
Hello there,
        I would much appreciate it if U could send me the DES Unix
implementation. I am a freshman in Ohio Wesleyan University and I
have also implemented the DES in C, but I don't know how efficiently...
I would like 2 check it with mine...

Thank U in advance,

John Haritos, 1989

Bitnet%"JAHARITO@OWUCOMCN"
-----------[000028][next][prev][last][first]----------------------------------------------------
From:      nagle@well.sf.ca.us (John Nagle)  10-OCT-1989 20:52:43
To:        misc-security@uunet.uu.net
      Dongles are dead.  There are many ads for them in PC Tech Journal,
but no mainstream package uses them.  Market resistance to them is
severe.  The Software Publisher's Association dropped their scheme for
an industry-standard unit some several years ago.

      However, it's worth noting that the Nitendo Game System has a
hardware protection device that makes it extremely difficult to make
a third-party game cartridge.  Attempts to reverse-engineer this
system have been successfully made, but they require opening up chips
and using a scanning electron microscope.

					John Nagle
-----------[000029][next][prev][last][first]----------------------------------------------------
From:      ddefend@urbana.mcd.mot.com (Dan Defend)  10-OCT-1989 21:38:12
To:        misc-security@ncar.ucar.edu
I previously posted a query regarding security modems with dialback
capability.  Thanks to all who responded.  Listed below is a summary of 
responses that I received.

-----
Dan Defend
Motorola Microcomputer Division
ARPA: ddefend@urbana.mcd.mot.com
UUCP: uunet!uiucuxc!mcdurb!ddefend

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
				Dialback Modem Summary
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Check out Datagram DCE224.  Datagram Corp.  11 Main St. E. Greewich, R.I.
02818.  They have been bought by Memotech, of Canada, I believe.  My sales
rep is Rick Wester, in San Ramon, CA.  415-831-4838.

I have two of these units, they are cheap and work well.

-- 
...uw-beaver!pilchuck!phred!jeffp {Jeff Parke}
Genie  : JEFFP  | DELPHI : JEFFPARKE |  CIS : 71511,1512
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
 From hughes@hughes.network.com Sun Jul  2 17:43:05 1989

	Cermetek Security modem, Cermetek Microelectronics Inc,
	Sunnyvale, Ca, 800-862-6271

    * Note: This modem provides a separate (secret) dialback line but max.
    *       speed is 1200 baud.  Holds up to 25 passwords/callback numbers.

I have used this modem years ago.  It was great until you had a large
bank of phones.  We then used the "Defender".
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
 From security@pyrite.rutgers.edu Tue Jul  4 14:01:55 1989

"FINAL CLOSEOUT/SRICE SLASHED!

Lockheed-Getex modems now priced below our cost!
..300/1200-baud
..Choice of security levels including selective and nonselective
callback
..Non-hayes compatible and any computer...that has industry
standard RS-232C port " can use it
"... NOW $29 + $4 S/H

Item #  H-4206-7344-195

COMB
1-800-328-0609

I have got two of them.  I am using one of them right now, with a
Lear Siegler Terminal.   The other one is for my PC.
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
From: uiucuxc!uts.amdahl.com!kelly (Kelly Goen)

try NEC and Cermetek they both make callback models the NEC allows 
additionally modem adminstration from a remote site i.e. another 
NEC however... all phone line comm is essentially insecure BOA 
knows this but they still use the modems and my code for it!!grin!!
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
No modem which uses a simple dialin line for dialout is secure.  There
is no way for the modem to ensure that when it makes the phone line
offhook that the dial tone it hears is from the phone company rather
than from a spoofing intruder.

There are special phone lines (ie, "ground-start"), but they require
that the modem use circuitry which supports that ability.

The simplest way to handle the problem is to use one or several incoming
lines for callback requests, then use separate modems on separate phone
lines to place the outgoing calls.  Some phone companies also allow
phone lines which do not allow incoming calls, and these can be used
for the callback lines.

I think there may be security modems which do support exactly this,
but they are so expensive it may be simpler to roll your own ct/login.
---
Scot E. Wilcoxon  sewilco@DataPg.MN.ORG    {amdahl|hpda}!bungia!datapg!sewilco
Data Progress 	 UNIX masts & rigging  +1 612-825-2607    uunet!datapg!sewilco
	I'm just reversing entropy while waiting for the Big Crunch.
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
 From uiucuxc!uxc.cso.uiuc.edu!iuvax!ames!garp!/dev/null 
 Tue Jun 20 09:33:04 1989

Why do you want a dial-back modem?  Security?  Or simply to avoid 
long distance charges?

I suggest that you implement this with host software.  It's a lot 
cheaper.
-simson
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Two methods, 

1) A product called "Defender", a modem or rack or modems where each
person has an ID, and that ID relates to a telephone number.  After you
call in and give your phone number (fron the terminal), the Defender
calls you back.

There is another option that instead of typing your number in with a
terminal, you can put it in with a touch tone phone.  That option
eliminates hackers searching for a modem.

2) Another system involves an electronic card that puts out a 5 digit
password that changes every minute.  By having to put in your "PIN"
number and this 5 digit code, it ensures that the caller (from
wherever) 1) is you (because of the PIN) and is in possetion of the
electronic card (Because of the 5 digit password).

I forgot the name of the 2nd system.

The Defender is available in single modem prices. (I don't know 
how much).

Jim Hughes
Hughes@network.com
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
From: virchaux%CLSEPF51.BITNET@cunyvm.cuny.edu (Jacques Virchaux EPFL-SIC)

As we actually use this kind of modem without the dial-back capability,
it seems to be interesting for you : OSI8224A.

As there are a lot of possibilities and new series including speed up to
9600 bauds, I give you the address :

        Octocom Systems, Inc.
        255 Ballardvale Street
        Wilmington, MA 01887

    * Note: Octocom modem only calls back one number until you physically
    *       reset the modem to call another.

If you need more than this simple dial-back, maybe you want to know a
complete security system, which can be used with simplest modems :
DataLOCK 4000.

        MicroFrame, Inc.
        2551 Route 130
        Cranbury, New Jersey 08512
        (609) 395-7800
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
-----------[000030][next][prev][last][first]----------------------------------------------------
Date:      10 Oct 89 09:55:19 GMT
From:      datri@convex.UUCP ("Anthony A. Datri")
To:        misc.security
Subject:   re: email addr on business card

I can't see this at all.  For one, "file server" is kind of a loose thing.  The
cards we fill out for free subscriptions to trade rags routinely ask for the
numbers of machines at your site; I can't see how that could possibly be of any
use.

I introduced the idea of email addresses on  business cards at a previous
employer, but then, they were more backwards than I want to think about.  The
form here at Convex that you fill out to get cards has a blank on it for your
address.  If a company has a consistent namespace and nicely done mailers,
everyone's card should say foo@company.com anyway, which wouldn't tell anyone
more than the fact that you had one machine, which they could have figured out
anyway.

Even so, nothing's stopping them from scribbling their addresses on the back of
the card anyway.

-----------[000031][next][prev][last][first]----------------------------------------------------
Date:      10 Oct 89 18:05:00 GMT
From:      JWM%JHUDEV@jhuvms.BITNET (Joe Meister)
To:        misc.security
Subject:   RE: How to track people down?

You might want to try a credit bureau. You will not be able to get
credit information, but they often offer services that can trace
name and address changes. It might cost from $2-$4 per find. Avoid
services that charge just for looking. Also, some services will
look for you, and others provide on-line lookups. Finally, we
are an institutional user, I am not completely sure that individuals
can use the service. Also, it is incredibly easier to use social
security numbers. Good luck.

-----------[000032][next][prev][last][first]----------------------------------------------------
Date:      10 Oct 89 18:11:00 GMT
From:      A01MES1@niu.BITNET (Michael Stack)
To:        misc.security
Subject:   Re: How to track people down?

I know this isn't exactly a "high-tech" answer, but our high school reunion
committee made good use of city telephone directories they found at a local
library.  It means lots of phone calls, and it won't help with names changed
through marriage, but the results were impressive.  Only about five percent
of our graduating class was not found twenty-five years later, and we'd be
silly to believe that at least some of those didn't want to be found.

Michael Stack
Northern Illinois University

-----------[000033][next][prev][last][first]----------------------------------------------------
Date:      10 Oct 89 21:07:00 GMT
From:      JEWALSH@fordmurh.BITNET (Jeffrey Walsh)
To:        misc.security
Subject:   Re:  How to track people down...

As far as I know, and I'm not sure if this is a NY state law or a federal
law, but most information held by a college/university registrar concerning
name, address of record, phone number, etc., is not confidential, unless
the student/alumnus specifies so.  If these people have or have had a
relationship with an institution of higher learning, this might be one
avenue.

There's always the notion of posting something in the personals of a well-read
paper (eg - Village Voice) where people look for that type of thing.  If the
group has something in common, focus in on that -- they might be peeved if
last names are involved.  The key here is, of course, where do you think they
are geographically centered?

If anyone in the group has even a remote connection with the military, try
using the locators (usually free) in the branch publications:  Army Times,
Air Force Times, Navy Times...  Even if they've served in a unit five years ago
and aren't in anymore, there's the chance that someone who served with them
might still be and be able to relay you information on their whereabouts.

I'm not sure about the confidentiality laws that you queried about.  Sorry.

If you want the address for the locator service of the service papers, write
me at the address below.

Jeff Walsh
"JEWALSH@FORDMURH"
Fordham University

-----------[000034][next][prev][last][first]----------------------------------------------------
From:      <SYSCHIP@utoroci.bitnet>  12-OCT-1989  5:38:57
To:        SECURITY@pyrite.rutgers.edu
>  I seem to recall that Unix systems exported from the United States
>have a weaker form of crypt()

Weaker, yes, you could say that: SunOS shipped to Canada doesn't
have crypt at all.  The version is called "3.5EXPORT" (I haven't
opened my 4.x boxes yet :-).  Haven't noticed any other differences,
but of course I don't work with the native version.

Must be that immense border we share with you-know-who, although
it'd be a heck of a cold swim with a 1/4" cassette clenched in
your teeth.  And now that you mention it, the guy I work with
did take a vacation in Cuba a year ago...

Chip Campbell
VAX System Manager, Physics Division
Ontario Cancer Institute, Toronto
Bitnet:  syschip@utoroci
also bitnet:    @ociphy.oci.utoronto.ca
-----------[000035][next][prev][last][first]----------------------------------------------------
From:      jimkirk@outlaw.uwyo.edu (Jim Kirkpatrick)  12-OCT-1989  6:09:03
To:        security@pyrite.rutgers.edu
First, this may be more of a talk.politics item, but then there have been
previous discussions here about privacy vs Social Security number etc.

Earlier this year I remember reading articles about the government wanting
libraries to turn over records of who checked out what book, apparently so
they could find out if anybody has been reading subversive material.  Libraries
(via whatever library associations exist) told the government to piss off,
and they weren't going to hand over such records (or keep them) because it
violated freedom of privacy and freedom of information.  I applaud this.

Our University library recently joined a regional conglomerate to obtain
on-line library catalog access (CARL - Colorado Area Regional Library,
or something like that), which also includes things like an on-line
encyclopedia.  However, to use the encyclopedia, one must enter their
bar code from their library card.  I tend to object to this on the same
grounds as stated above, that they have no business keeping records of
who looks at which databases.  I can walk into the library and read the
bloody thing without presenting an ID, why should on-line use be made
more restrictive?

Any comments on the privacy issues here?
-----------[000036][next][prev][last][first]----------------------------------------------------
From:      Edward J. Rovera <EJR9006@UCSFVM.BITNET>  13-OCT-1989 18:25:42
To:        security@pyrite.rutgers.edu
   We are just now getting into running RACF on our MVS system and one
of the problems I (as the de facto Security Administrator) am
encountering is that the folks making requests to me for access to
protected resources invariably do not provide sufficient information.
This necessitates my responding with 'what do you mean?' and the
possibility of the requester doing the same thing means *really*
dragging the process out.

   What I'd like to find are some references to books or papers on how
to design the paper (or electronic) forms used by people (usually
resource owners or their agents) to submit requests to the RACF
Security Administrator.  I'd also like to know how other RACF sites
using centralized administration deal with the entire process of
granting and restricting access to protected resources.  References to
papers or books on this topic would also be welcomed.

   I would think that this might not be of general interest to list
readers so if you could respond directly to me, those on the SECURITY
list who are not RACF users would probably appreciate it.  Anyone who
*is* interested in whatever I learn is welcome to contact me for
copies.

   Thank you in advance for any assistance.

                                               - Ed Rovera

+-------------------------------------+
| Ed Rovera <ejr9006@ucsfvm.ucsf.edu> |
| UUCP: ...!ucbvax!ucsfcgl!cca!er9006 |
| BITNET: EJR9006@UCSFVM              |
| Voice: (415) 476-3119               |
| US Mail:                            |
|  University of California,          |
|   San Francisco                     |
|  Information Technology Services    |
|  San Francisco, Ca. 94143-0704      |
| SHARE Installation Code:  UCS       |
+-------------------------------------+
-----------[000037][next][prev][last][first]----------------------------------------------------
From:      cc@sisl.co.uk (Chris Corbett)  13-OCT-1989 19:07:04
To:        inset!ukc!misc-security
I am carrying out a survey of security products that are
available for Unix machines. The idea is to collect together a review of 
the available products. It will be a "snapshot" of the various ways in 
which security can be added to unix, together with a brief description
of the main features of each.

This review would then be posted onto the net, and hopefully updated
from time to time. 

I am focussing on the following areas:

  1. Single level security products for Unix machines. Products that
     give a C2 level of assurance or something like it. 

  2. Multilevel security for unix machines. Products that give
     higher levels of assurance (B1 and up).

  3. Products that support either of these levels of security over
     networks of machines.

I am *not* collecting information on encryption devices/smart cards etc.

In order to jolt your memory I am already aware of the following in 
each of these categories.

  1. BOKS

  2. The Addamax and Secureware kits for system V and BSD. (I would be 
     interested to know of any manufacturer that has announced machines
     running either of these two); AT&T's MLS Unix; Unix System 5.4.2 which
     is said to be going to include B1 security as part of the 
     standard product. 

  3. None (well its a much trickier problem).

Any information or pointers that anyone can send me would be very welcome.
Names of further people to talk to would also be useful. Thanks in advance.

I should also state for the record that I am not associated commercially
with any company that makes any products of this type. I am an interested third
party who would like to get an overview of the current situation.

-----------------------------------------------------------------------------
Chris Corbett      cc@sisl.uucp   +44 252 811818  Fax +44 252 811435
Secure Information Systems Ltd, Sentinel House, Harvest Crescent,
Ancells Park, Fleet, Hampshire GU13 8UZ. UK.
-----------------------------------------------------------------------------
-----------[000038][next][prev][last][first]----------------------------------------------------
Date:      12 Oct 89 14:38:10 GMT
From:      @cloud9.Stratus.COM (cme, Carl Ellison)
To:        misc.security
Subject:   Re: Privacy vs on-line library

> . . .  I can walk into the library and read the
> bloody thing without presenting an ID, why should on-line use be made
> more restrictive?

It sounds like an accounting measure to me.  Is your department charged for
database usage?

What I would push for is the same privacy which the census provides --
make sure no record is released (or, better, kept) of individual data,
releasing info only when no specifics about individuals can be deduced from it.
You might do that here by having a group ID card to be scanned -- one giving
just the department ID (or whatever the accounting entity is).

If you can trust the local programmers, you could depend on them to accumulate
no data about *what* you're accessing -- only about how long you use the
service.

If you can't trust the programmers you need a pay-phone type of facility.
That could be with a coin box or a time meter (like the little boxes you
used to walk around with for Xerox machines -- the ones with your own
odometer style copy counter).

-----------[000039][next][prev][last][first]----------------------------------------------------
Date:      12 Oct 89 15:38:03 GMT
From:      WRT@cornellc.BITNET ("Bill Turner, Cornell University Library")
To:        misc.security
Subject:   Re: Privacy vs on-line library

As the primary technical support person for a library system, I would like
to point out that there are not necessarily any privacy issues involved here.
The question is whether the system is storing the ID's when they are entered,
and if so, what happens to them. A good example - any library staff member
can certainly (and appropriately!) find out who has what books checked out,
and what books any given individual has checked out. A few programmers can
even construct the borrowing history of a given individual (a moment's thought
about how a library works will tell you this). The fact that something CAN
be done does not imply that it is being done.

A better question is whether your ID number can be, and is, correlated to
your Social Security number. There's probably no good reason why it should
be, although often systems are designed by people who are completely
insensitive to privacy issues.

Finally, however, I find your attitude that somebody owes you free online
use of whatever services are offered rather amusing. If you don't want to
identify yourself, walk down to the library and use the books. Presumably
there are billing issues involved, where somebody is subsidising your online
use of an encyclopedia, and asking you to identify yourself for that reason.
I'm sure that if you went to the source and offered to establish a fund to
pay for completely open use, they'd be happy to set it up.

Remember that the provider of the service (the encyclopedia) has something
to say about who uses it. I would guess that CARL has a site license that
says they may make it available to their own community, but not the world at
large. It may be that your ID is validated against a table and no information
stored about your access, except possibly a counter indicating the total
number of accesses for the encyclopedia. An encyclopedia company that did
NOT have such a licensing strategy would quickly go broke, because of selling
only one copy of each edition which somebody would put online.

-----------[000040][next][prev][last][first]----------------------------------------------------
Date:      12 Oct 89 16:37:39 GMT
From:      jonhaug@IFI.UIO.NO (Jon Haugsand)
To:        misc.security
Subject:   Re: Privacy vs on-line library

Ah, at last some interesting discussion...

I am currently doing my master thesis, and part of the work is
definition and classification of security and security policies. I
have some problems with 'privacy'

In a book discussing the Norwegian privacy act [Dj\o nne 1987:
"Personregisterloven, med kommentarer"], privacy is defined as: 'A
person has personal interest in 1) discretion, 2) information
correctness, 3) knowing what information processing that may cause
consequences for him/her, and 4) sanctity of private life. And
moreover: 5) the interface to the authorities should keep "a human
face", 6) the vulnerability of databases should be minimized, and 7)
people should be protected from unreasonable use of power by the
authorities.' (Abstracted and translated by me.)

The central point in the act itself is to 1) enable individuals to
determine data collected on him or her, to get incorrect information
corrected and to get irrelevant information deleted, and 2) regulate
who is allowed to collect, process and store what information in
electronic computers. (There are more, but this is what I myself find
'central'.)

If security is defined as "a system's ability to maintain
confidiality, integrety and availability of information", where does
privacy fit?

Another question: Do you agree with the above 'definition' of privacy?
Does your contry's privacy act (if you have one) agree?

--- --- ---
Jon Haugsand
  Ifi, Univ. of Oslo, Norway
  jonhaug@ifi.uio.no

-----------[000041][next][prev][last][first]----------------------------------------------------
Date:      12 Oct 89 16:40:46 GMT
From:      jimkirk@OUTLAW.UWYO.EDU (Jim Kirkpatrick)
To:        misc.security
Subject:   Re:  Privacy vs on-line library

Responding to my recent query on library systems, Michael Chinni asks --
   >Question, does your library card identify you as Jim Kirkpatrick, or
   >does it just identify you as being from your university?

To clarify, the library card is actually just a bar-code sticker slapped
on the back of my normal University ID card.  Thus the card itself
identifies ME, has my picture, and social security number (printed AND
embossed!).

Also, to clarify, to access either the on-line encyclopedia or a database
of newspaper/magazine articles, I must enter my bar code number AND my
last name (I found it only looks at the first 10 characters, but those
10 must be correct).  So it has a table of bar codes and who they were
assigned to (that's reasonable, when you check out a book and don't
return it they need to know who to send the goons after :-).

  >> they have no business keeping records of
  >> who looks at which databases.  
  >What makes you think that this is required because they are keeping
  >records of who looks at what?

I admit the above was an overstatement.  I don't know that they are keeping
records of who looks at what, or if they are simply authenticating and
counting usage.  But I don't know they AREN'T keeping track, either.

  > assumes that nobody NOT from the university
  >will use it (or at least the use will be minimal).

I would suggest that unauthorized use of the online encyclopedia is likely
to be minimal as well.

>	I agree with you that the keeping of a database of who looks at what is
>wrong, but I disagree with your assumption that this is the reason that the 
>bar code is required.

It was a wrong assumption from the view that I don't KNOW they are keeping
track, but I don't KNOW that they AREN'T.  Any such system CAN be abused
almost trivially and without notice to the users.  One example is the repeated
use over the past hundred years or so of gun registration lists to confiscate
guns, despite a government's insistence such lists would never be used that
way (WWII Germany was particularly brutal in this regard).  I do not mention
this to compare guns with books, but just to point out that governments will
and do abuse their power to gain access to information they want.  I would
rather it be impossible for the information to exist, than to be assured (by
people who don't even understand the system) that such records aren't being
kept.

"The price of freedom is eternal vigilance" or something like that.

-----------[000042][next][prev][last][first]----------------------------------------------------
Date:      14 Oct 89 06:12:00 GMT
From:      MISS026@ecncdc.BITNET (GREENY)
To:        misc.security
Subject:   re: RF security systems WAS: AT&T Alarms

> what frequency range do they use?

340 MHz or 319.5 MHz are the ones that I have seen...

> Do they generate RFI?

Doesn't everything nowdays? :-U Seriously though, they don't generate anything
too much...or believe me, we'd have heard about it from our clients...

> Are they suceptable to interferrence from other transmitters nearby...

Not really, the signals are coded with a "House Code" that each transmitter
has to be individually programmed to use, and there are about 10,000
possibilities for these....'course anything is possible...

> Are the remote units battery powered?  If so, is battery failure detected?

YES! Why else would you want to install a wireless system, if you had to
run wires to the individual sensors for power? Just add two more wires, and
presto! you have a hardwired alarm...

In reality, the sensors send a special signal to the CPU when their battery
starts to die (3-5 years on the lithium ones in there now...), and the CPU
calls the Central Station and tells them....then the Central station contacts
your dealer....Your CPU also informs you that the battery is dying when
you attempt to arm the alarm (you get a TROUBLE signal on Zone ##)....

Also, the zones are all supervised, and the sensors send a signal to the cpu
every 60 seconds or so saying "YO! I'm Here!"....if not, then a SUPERVISORY
signal shows up...

> Can a receiver be rendered inneffective by a transmitter on the same
> frequency?

Yes, but since all the xmitters are supervised, and since the transmissions
are coded, all the bogus transmitter would do would be to jam the signal, and
if the central station gets 47 Supervisory signals in 5 minutes from the
same alarm panel, then they will call the police...

Oh yeah, all the above is referencing ITI products....

bye for now but not for long
Greeny

BITNET: MISS026@ECNCDC
Internet: MISS026%ECNCDC.BITNET@CUNYVM.CUNY.EDU
GEnie: GREENY
MacNet: GREENY

Disclaimer: Nope, no way, it just couldn't be -- my fault..

-----------[000043][next][prev][last][first]----------------------------------------------------
Date:      14 Oct 89 23:23:31 GMT
From:      rogerc@sauron.columbia.ncr.com (Roger Collins)
To:        misc.security
Subject:   USA Today: "Hackers can tap into free trip"

A relative sent me this recent clipping from USA Today (sorry,
don't have the date).

----------------------------- snip-snip ------------------------------
Attention, hackers: Here's your chance to break into a computer system
and walk away with a grand prize.  The "hacker challenge" dares any
hacker to retrieve a secret message stored in a KPMG Peat Marwick
computer in Atlanta.

[... stuff deleted ...]

This challenge is being sponsored by LeeMah DataCom Security Corp., a
Hayward, Calif., consulting firm that helps companies boost computer
security.  The winner gets an all-expense paid trip for two to either
Tahiti or St. Moritz, Switzerland.

Hackers with modems - devices that connect PCs to phone lines - must
dial 1-404-827-9584.  Then they must type this password: 5336241.

>From there, the hacker is on his own to figure out the various access
codes and commands needed to retrieve the secret message.

The winner will be announced Oct. 24 at the Federal Computer Show in
Washington.
----------------------------- snip-snip ------------------------------

I tried to dial the number and got a sound I had never heard before.
My Hayes Smartmodem 2400 didn't recognize it either.

Does anyone else have more info. about this contest?

Got any ideas why I can't get connected?

What operating system is it?

--
	Roger Collins
	NCR - Engineering & Manufacturing Columbia
	Domain:	rogerc@ncrcae.Columbia.NCR.COM
	Uucp:	(ncrsd | ncrlnk)!ncrcae!rogerc

-----------[000044][next][prev][last][first]----------------------------------------------------
Date:      15 Oct 89 16:45:20 GMT
From:      tkoppel@ISIS.CS.DU.EDU (Ted Koppel)
To:        misc.security
Subject:   Re: Privacy vs on-line library

First, Jim, I'm writing as a person who values and respects the
privacy of user records.  When I became a librarian I signed off on
the idea that people's records are not to be shared, and so on.  What
I am writing is not necessarily the official policy of CARL.  Still,
I'll address your issues:

a. In the case of the encyclopedia and other databases that are made
available on Online Catalogs, we are required by the database
supplier's contract to limit the use of certain databases to the
primary user population of our members.  What that means is that, for
instance, a U Wyoming student/faculty/staff person has full access to
that database (the encyclopedia, for instance), but a citizen of the
state of Wyoming (not known to the University..) does not have access.
If we don't restrict access to only the primary user population, then the
database provider can accuse us of breach of contract, and ultimately
has the right to yank the database from us.

Sadly, the 'limit access on your online system' strategy is being em-
braced more and more by the database suppliers (see the discussion on
the Library PACS-L Bitnet mailing List).  I don't see it getting
better, either, because the databse suppliers are scared that too much
online use is going to transalate into fewer print subscriptions,
which is what really pays their bills.

By the way, the CARL privacy issue is not what you think.  When you
come into a password-controlled database, we set a switch to "1"; when
you exit, we turn it back to "0". (You can't use a password controlled
database on the same password at the same time).  CARL doesn't log who
used what database at what time - sure, we could, but no, we're not
doing so.  

Final note, Jim - if you're on one of the hardwired terminals at
Wyoming, you're not asked for a password at all.  (The hardwired
terminals are all located in the various libraries there).  Only the
remote dialups need passwords.

-- 
Ted Koppel       CARL - Colorado Alliance of Research Libraries =
BITNET: TKOPPEL@DUCAIR    UUCP: uunet!isis!tkoppel  or tkoppel@du.edu

-----------[000045][next][prev][last][first]----------------------------------------------------
From:      Jim.Thompson@central.sun.com (Jim Thompson  Sun Dallas IR)  17-OCT-1989 23:57:40
To:        hackers_guild@ucbvax.berkeley.edu
FYI: it seems the NASA DECnet network SPAN is under attack from a
DECnet virus. DCA, in its typical overreaction, has hit the explosive
bolts on the ARPA-Milnet mailbridges, effecting TCP/IP traffic on the
Internet.  It helps to keep in mind that the Internet is not the only
place where worms/viruses are a major problem.

Date: Mon, 16 Oct 1989 17:54:34 PDT
From: Vince Fuller <vaf@valinor.stanford.edu>
To: barrnet-people@argus.stanford.edu, barrnet-alert@argus.stanford.edu

FYI. The mailbridges are apparently still up and advertising routes, but are
refusing to forward any packets. What this means for us is that our default
route through Ames is useless and that automatic fall-over to SRI is not
possible (because BR8 is still generating default). As a temporary measure, I
have disabled EGP on BR8 so that we can follow the default through SRI (this
will allow us to get to ARPANET-connected sites, which are few but better
than nothing...)

	--Vince

P.S. Sorry for the duplicates, but this seemed like it needed maximum
     distribution.

Subject: Re: Mailbridges closed. 
Date: Mon, 16 Oct 89 16:22:51 -0700
From: "Milo S. Medin" [NASA ARC NSI Project Office] <medin@nsipo.nasa.gov>
cc: nsfnet-cert@merit.edu, vcerf@nri.reston.va.us

There is an active SPAN DECNET worm that is cracking poorly
configured systems at this time.  If this is why DCA closed the
MailBridges, there is some serious bogosity going on!  This virus
ONLY propagates via DECNET.

						Milo

Date: Mon, 16 Oct 89 18:19:12 EST
From: Hans-Werner Braun <hwb@merit.edu>
To: nsfnet-cert@merit.edu
Subject: Mailbridges closed.
Cc: vcerf@nri.reston.va.us

We got a call from Vint Cerf that DCA has closed the Mailbridges because of
some apparent attack of worms or martians or huns or something like that.
We do not have further information at this time, as far as I know.

        -- Hans-Werner
-----------[000046][next][prev][last][first]----------------------------------------------------
From:      ecd@sei.cmu.edu (Edward DeHart)  18-OCT-1989  1:05:04
To:        misc-security@rutgers.edu
			     CERT Advisory
			    October 17, 1989
			DEC/Ultrix 3.0 Systems

Recently, the CERT/CC has been working with several Unix sites that have
experienced breakins.  Running tftpd, accounts with guessable passwords
or no passwords, and known security holes not being patched have been the
bulk of the problems.

The intruder, once in, gains root access and replaces key programs
with ones that create log files which contain accounts and passwords in
clear text.  The intruder then returns and collects the file.  By using
accounts which are trusted on other systems the intruder then installs
replacement programs which start logging.

There have been many postings about the problem from several other net
users.  In addition to looking for setuid root programs in users' home
directories, hidden directories '..  ' (dot dot space space), and a modified
telnet program, we have received two reports from Ultrix 3.0 sites that
the intruders are replacing the /usr/bin/login program.  The Ultrix security
hole being used in these attacks is only found in Ultrix 3.0.

Suggested steps:
	1) Check for a bogus /usr/bin/login.  The sum program reports:
		27379    67	for VAX/Ultrix 3.0

	2) Check for a bogus /usr/etc/telnetd.  The sum program reports:
		23552    47	for VAX/Ultrix 3.0

	3) Look for .savacct in either /usr/etc or in users' directories.
	   This may be the file that the new login program creates.  It
	   could have a different name on your system.

	4) Upgrade to Ultrix 3.1 ASAP.

	5) Monitor accounts for users having passwords that can be found in
	   the /usr/dict/words file or have simple passwords like a persons
	   name or their account name.

	6) Search through the file system for programs that are setuid root.

	7) Disable or modify the tftpd program so that anonymous access to
	   the file system is prevented.

If you find that a system that has been broken into,  changing the password
on the compromised account is not sufficient.  The intruders do remove copies
of the /etc/passwd file in order to break the remaining passwords.  It is best
to change all of the passwords at one time.  This will prevent the intruders
from using another account.

Please alert CERT if you do find a problem.

Thank you,
Ed DeHart
Computer Emergency Response Team
Email: cert@sei.cmu.edu
Telephone: 412-268-7090 (answers 24 hours a day)
-----------[000047][next][prev][last][first]----------------------------------------------------
From:      jordan@morgan.com (Jordan Hayes)  18-OCT-1989 10:45:28
To:        misc-security@uunet.uu.net
A funny thing happened to my office-mate Doug and I the other day.

His phone rang, and he answered it ... after a few seconds, the following
transpired:

	Doug:	"Hey, Jordan -- what calls you up and beeps at you?"
	Jordan:	"Huh?"
	Doug:	"C'mere ..."

I was too late.  It had already hung up.  30 seconds later, his phone rang
again.

	Doug:	"Here it is again!  C'mere!"
	Jordan:	(listening for a second) "Hey, it's a FAX machine calling
		you ... let's forward it to our machine ..."

So we got an unintentional FAX.

It was pretty interesting.  It was from an Advertising Firm with some
Very Large Clients.  It was the monthly sales report.  We're happy to
report that they are doing quite well for themselves!

Needless to say, they were trying to send a FAX to somewhere in
Virginia, Area Code 703, and they neglected to dial ``1'' first.  In
New York City, we have so many telephones that we have prefixes that
are XnX where ``n'' is 0 or 1, so they look like area codes if you
don't dial 1.

Is there any work being done in the area of security or authentication
for FAXen?

/jordan
-----------[000048][next][prev][last][first]----------------------------------------------------
From:      rogerc@sauron.columbia.ncr.com (Roger Collins)  18-OCT-1989 11:25:35
To:        misc-security@backbone.usenix.org
A relative sent me this recent clipping from USA Today (sorry,
don't have the date).

----------------------------- snip-snip ------------------------------
Attention, hackers: Here's your chance to break into a computer system
and walk away with a grand prize.  The "hacker challenge" dares any
hacker to retrieve a secret message stored in a KPMG Peat Marwick
computer in Atlanta.

[... stuff deleted ...]

This challenge is being sponsored by LeeMah DataCom Security Corp., a
Hayward, Calif., consulting firm that helps companies boost computer
security.  The winner gets an all-expense paid trip for two to either
Tahiti or St. Moritz, Switzerland.

Hackers with modems - devices that connect PCs to phone lines - must
dial 1-404-827-9584.  Then they must type this password: 5336241.

>From there, the hacker is on his own to figure out the various access
codes and commands needed to retrieve the secret message.

The winner will be announced Oct. 24 at the Federal Computer Show in
Washington.
----------------------------- snip-snip ------------------------------

I tried to dial the number and got a sound I had never heard before.
My Hayes Smartmodem 2400 didn't recognize it either.

Does anyone else have more info. about this contest?

Got any ideas why I can't get connected?

What operating system is it?

--
	Roger Collins
	NCR - Engineering & Manufacturing Columbia
	Domain:	rogerc@ncrcae.Columbia.NCR.COM
	Uucp:	(ncrsd | ncrlnk)!ncrcae!rogerc
-----------[000049][next][prev][last][first]----------------------------------------------------
From:      Michael Van Norman 213_825_1206      <EGC4MV2@oac.ucla.edu>  19-OCT-1989  0:34:40
To:        security@pyrite.rutgers.edu
Next to the speaker on the earlier PS/2's is a pair of jumper pins.
If you short these while the machine is being powered up, the password
will be cleared from memory.  This is the easiest way I know of to do
it.
-----------[000050][next][prev][last][first]----------------------------------------------------
From:      Jeffrey R Kell <JEFF@utcvm.bitnet>  19-OCT-1989  1:18:47
To:        security@pyrite.rutgers.edu
Are their any alarm systems that will interface with a PC?  I've seen
plenty of 'switch controllers' but don't recall seeing anything that
resembled alarm sensors (though presumably if you can sense a switch
open/closed, the same logic applies to alarm sensors).

<Jeff>
-----------[000051][next][prev][last][first]----------------------------------------------------
From:      Marc Cygnus <cygnus@vax1.acs.udel.edu>  19-OCT-1989  2:08:04
To:        misc-security@uunet.uu.net
Glass usually absorbs a quantifiable amount of the IR energy passing through
it... could, then, a fair- to high-quality IR sensor be made to trip by
either focusing a 3'-4' spot of IR energy on an opposing wall or a finer
spot directly on the device itself? The IR source I've in mind would be from
a relatively low power IR laser (in the range of 10 - 100 mW).

This is a serious question. I've in mind risk assessment... in the case where
a company or institution might be victims of harassment (albeit of a very
technical nature).

Any ideas? If anyone could give me an idea of the (wavelength) sensitivity 
band of one or more detectors (if you _know_; please, no guesses or 
approximations based on the fact that the detector senses `infra-red'... I 
can do that, too :-), it would help.

					-marcus-

-- 
-----------------------------------------------------------------------------
"Opinions expressed above are not necessarily those of anyone in particular."
      `...but do YOU own a   |   ARPA: cygnus@vax1.acs.udel.edu
       homemade 6ft Tesla?'  |   UUCP: {yourpick}!cfg!udel!udccvax1!cygnus
-----------[000052][next][prev][last][first]----------------------------------------------------
From:      CNSM CCR _ Rob Rothkopf <MASROB@ubvmsc.cc.buffalo.edu>  19-OCT-1989  2:47:16
To:        security@pyrite.rutgers.edu
I've installed a burglar alarms using all Radio Shack equipment; The whole deal
is fairly inexpensive ($120? for the main unit, $100 phone dialer, switches,
etc) and wiring is straightforward (well, as straightforward as wiring a system
can be :-).  However, if you have any pets, motion/heat/pressure mat sensors
are out of the picture. 

A note of caution... be careful not to pinch wires when running them and
stapling them to walls.. this can build resistance in the circuit and cause
false alarms (a closed system trips when the total circuit resistance exceeds a
certain level). 

The vibration sensing switches are prone to strong winds, airplanes, truck
horns triggering them; therefore, use on windows instead of foil tape (for
cosmetic reasons) would have to be more than one for a big pane to be effective
with all the switches having fairly low sensitivity.  Still, I encountered
something interesting with these switches wired in series: the alarm is being
triggered for no apparent reason, calm winds, everyone inside sitting around
the house.  When the resistance in the circuit was checked I found it to be
over 500 ohms more than what it should have been.. troubleshooting the circuit
I found the resistance in each switch to vary, one by over 100 ohms...  seconds
later the same switch read 7 ohms.?!  Hmm...

So far this problem hasn't been fixed *but* resistance in the circuit still
seems like something to look out for.. make sure not to staple through wires
inadvertently! 

RE: the mercury glass breakage switches - Usually for windows people
   have three options if they're using the closed circuits: either
   the mercury switch, vibration switch or foil tape.  In a previous
   posting it was said that the mercury switch is impractical and it
   should be hidden so a burglar doesn't see it.  I disagree.  Part
   of the effectiveness of the system is its visibility (it even comes
   with window stickers).  The foil tape most often used is ineffective
   on big windows (e.g. glass doors) if put around the perimeter.  While
   the tape *is* sensitive to breakage, if the middle is cut carefully,
   entrance can be obtained without the alarm being triggered.  The
   "glass breakage sensor" follows the same theory that the glass will
   be broken enough to cause a shift triggering the alarm.  5 of one, etc.
   It's more a matter of cosmetics at that point.

   Also, as silly as it might seem to put a vibration sensor on a wall or
   room, there *have* been cases where burglars have broken in that way..
   if you're running a wire already it might be worth an extra few dollars
   to drop a vibration sensor here and there on some wall areas..

Overall, the Radio Shack support staff was VERY helpful and cooperative when
exchanging parts, etc.  Prices are reasonable and there are enough accessories to
build virtually any setup you would want... 

Many loops make debugging/altering the system much easier (as someone already
pointed out [good suggestion!])... 

Hope this info. is helpful to someone..
-----------[000053][next][prev][last][first]----------------------------------------------------
Date:      17 Oct 89 19:33:16 GMT
From:      ecd@SEI.CMU.EDU (Edward DeHart)
To:        misc.security
Subject:   Ultrix 3.0 breakins


			     CERT Advisory
			    October 17, 1989
			DEC/Ultrix 3.0 Systems

Recently, the CERT/CC has been working with several Unix sites that have
experienced breakins.  Running tftpd, accounts with guessable passwords
or no passwords, and known security holes not being patched have been the
bulk of the problems.

The intruder, once in, gains root access and replaces key programs
with ones that create log files which contain accounts and passwords in
clear text.  The intruder then returns and collects the file.  By using
accounts which are trusted on other systems the intruder then installs
replacement programs which start logging.

There have been many postings about the problem from several other net
users.  In addition to looking for setuid root programs in users' home
directories, hidden directories '..  ' (dot dot space space), and a modified
telnet program, we have received two reports from Ultrix 3.0 sites that
the intruders are replacing the /usr/bin/login program.  The Ultrix security
hole being used in these attacks is only found in Ultrix 3.0.

Suggested steps:
	1) Check for a bogus /usr/bin/login.  The sum program reports:
		27379    67	for VAX/Ultrix 3.0

	2) Check for a bogus /usr/etc/telnetd.  The sum program reports:
		23552    47	for VAX/Ultrix 3.0

	3) Look for .savacct in either /usr/etc or in users' directories.
	   This may be the file that the new login program creates.  It
	   could have a different name on your system.

	4) Upgrade to Ultrix 3.1 ASAP.

	5) Monitor accounts for users having passwords that can be found in
	   the /usr/dict/words file or have simple passwords like a persons
	   name or their account name.

	6) Search through the file system for programs that are setuid root.

	7) Disable or modify the tftpd program so that anonymous access to
	   the file system is prevented.

If you find that a system that has been broken into,  changing the password
on the compromised account is not sufficient.  The intruders do remove copies
of the /etc/passwd file in order to break the remaining passwords.  It is best
to change all of the passwords at one time.  This will prevent the intruders
from using another account.

Please alert CERT if you do find a problem.

Thank you,
Ed DeHart
Computer Emergency Response Team
Email: cert@sei.cmu.edu
Telephone: 412-268-7090 (answers 24 hours a day)

-----------[000054][next][prev][last][first]----------------------------------------------------
From:      "W. K. (Bill) Gorman" <34AEJ7D@cmuvm.bitnet>  20-OCT-1989 23:32:48
To:        Security Digest <SECURITY@OHSTVMA>
     We are considering the purchase of a vault for secure storage of such
items as tapes, etc. How secure are Sargent & Greenleaf combo locks?
What do we get for their "anti-manipulation" feature - just an extra key
lock that immobilizes the combination dial?
-----------[000055][next][prev][last][first]----------------------------------------------------
From:      (Stephen Tihor) <TIHOR@acf6.nyu.edu>  21-OCT-1989  0:06:26
To:        <SECURITY@pyrite.rutgers.edu>
Kid with a Wargames dialer popped in to a small Gruman engineering system.
Grumann seems to have been very sloppy since what the CBS newspeople who
interviewed me ("Indpendant Computer Expert") said was that he go into a
privileged maintenance account.  Presumably FIELD.  Of course Grumann does
their own maintenance so its propbably their fault not DEC's if its a guessable
password.  But they let the kid in, tracked him back, and had him arrested.
-----------[000056][next][prev][last][first]----------------------------------------------------
From:      GREENY <MISS026@ecncdc.bitnet>  21-OCT-1989  0:43:55
To:        <security@pyrite.rutgers.edu>
> I haven't located any other distributors of alarm systems who sell to the
> general public...

most can't according to the sales agreements that they have, or cant
according to some vague laws.  There are companies out there though that
do sell alarm equipment try the following company and ask for a catalog:

MCM Electronics
650 Congress Park Drive
Centerville, OH  45459-4072
(513) 434-0031
FAX: (513) 434-6959
1-800-543-4330

Hope this helps...
Bye for now but not for long...
Greeny

BITNET: MISS026@ECNCDC
Internet: MISS026%ECNCDC.BITNET@CUNYVM.CUNY.EDU
GEnie: GREENY
MacNet: GREENY

Disclaimer: I just picked the catalog out at random from my book rack...I'm
            not endorsing anything....or anyone...
-----------[000057][next][prev][last][first]----------------------------------------------------
From:      GREENY <MISS026@ecncdc.bitnet>  21-OCT-1989  1:11:47
To:        <security@pyrite.rutgers.edu>
> there is a version which is called supervised wireless, in which the central
> station constantly polls the remotes ...

Nope.....not the Central Monitoring Station, but rather the alarm CPU in your
basement/utility closet....every 10-15 seconds the sensor puts out an "I'm
here " signal to the CPU, and the CPU remembers it.....if it doesn't get a blip
then it waits another 15 seconds or so and sees if it gets one again...if it
doesnt, then it sends a signal to the Central Monitoring Station saying
"Supervisory on Zone ##" where ## is the number of the zone that died...
of course if someone is sophisticated to jam your xmitters (319.5 MHZ for
those of you wondering...) then they could also just cut your phone line
and unless you have a cellular dialer, or high security connection then
you are out of luck....

Also, the newer wireless systems (such as the ITI SX-V) has sensors that have
the brains to send a "Hey CPU, my battery is dying" signal to the CPU so
that the CPU can call the central monitoring station, and then they will
call either you and your dealer, just your dealer, or just you....then your
dealer can come out and replace the batteries for you -- or if you can find
the proper equivilent then you can do it yourself...

l8r...
bye for now but not for long
Greeny

BITNET: MISS026@ECNCDC
Internet: MISS026%ECNCDC.BITNET@CUNYVM.CUNY.EDU
GEnie: GREENY
MacNEt: GREENY
-----------[000058][next][prev][last][first]----------------------------------------------------
From:      Marcus <mjr@boingo.med.jhu.edu>  21-OCT-1989  1:53:47
To:        misc-security@uunet.uu.net
	Radio Shark is pretty expensive considering the quality and options
they sell. Try some place like Aritech. (1-800-432-3232 for a catalog and
make up a security company name for your mailing address) They carry much
more stuff, and have the advantage of *KNOWING* their merchandise. (Try going
to your local Radio Shark and asking them about how the controller *works*)
They have good technical support, too.

	As far as the other poster's remark that a do it yourselfer might
miss something the pros might not: That's true, but a do it yourselfer can
do a lot of things the pros won't think of, or recommend. Examples are:
wireless units with magnets between the VCR and the TV (move them and the
alarm goes off - I don't sit with my alarm on when I watch movies), wireless
units in the jewelry box (a fun one), wireless (or wired, at that) units
between stereo components and stereo cabinet, etc. When I worked for a 
burgular alarm company, we never did anything like that because we could
not rely on our customers not setting the darn things off constantly.

	Things that do it yourselfers *DO* forget: 
	Horns/sirens outside, but not wired into the loop so that they can
	be disabled safely.

	Bells outside in cabinets where they can be reached (even if the
	bell cabinet is alarmed,a bell can be totally silenced with a can
	of polyurethane spray insulation)

	Making perimeter alarm units hidden. If they can't see them, they
	can't be scared off by them. We used to use a mix of perimeter
	alarms and then at least 1/3 as many interior alarms - stuff like
	between the doors to the master bedroom, computer room, etc.

--mjr();
-----------[000059][next][prev][last][first]----------------------------------------------------
From:      GREENY <MISS026@ecncdc.bitnet>  21-OCT-1989  2:23:37
To:        <security@pyrite.rutgers.edu>
> what frequency range do they use?

340 MHz or 319.5 MHz are the ones that I have seen...

> Do they generate RFI?

Doesn't everything nowdays? :-U Seriously though, they don't generate anything
too much...or believe me, we'd have heard about it from our clients...

> Are they suceptable to interferrence from other transmitters nearby...

Not really, the signals are coded with a "House Code" that each transmitter
has to be individually programmed to use, and there are about 10,000
possibilities for these....'course anything is possible...

> Are the remote units battery powered?  If so, is battery failure detected?

YES! Why else would you want to install a wireless system, if you had to
run wires to the individual sensors for power? Just add two more wires, and
presto! you have a hardwired alarm...

In reality, the sensors send a special signal to the CPU when their battery
starts to die (3-5 years on the lithium ones in there now...), and the CPU
calls the Central Station and tells them....then the Central station contacts
your dealer....Your CPU also informs you that the battery is dying when
you attempt to arm the alarm (you get a TROUBLE signal on Zone ##)....

Also, the zones are all supervised, and the sensors send a signal to the cpu
every 60 seconds or so saying "YO! I'm Here!"....if not, then a SUPERVISORY
signal shows up...

> Can a receiver be rendered inneffective by a transmitter on the same
> frequency?

Yes, but since all the xmitters are supervised, and since the transmissions
are coded, all the bogus transmitter would do would be to jam the signal, and
if the central station gets 47 Supervisory signals in 5 minutes from the
same alarm panel, then they will call the police...

Oh yeah, all the above is referencing ITI products....

bye for now but not for long
Greeny

BITNET: MISS026@ECNCDC
Internet: MISS026%ECNCDC.BITNET@CUNYVM.CUNY.EDU
GEnie: GREENY
MacNet: GREENY

Disclaimer: Nope, no way, it just couldn't be -- my fault..
-----------[000060][next][prev][last][first]----------------------------------------------------
Date:      19 Oct 89 20:19:22 GMT
From:      OPER014@umuc.BITNET
To:        misc.security
Subject:   ps/2

I know that shorting the 2 pins by the speaker will
get you into a password protected ps/2, but I dont think
it actually reinitializes the password... Its my understanding
that that feature  is for repair persons, and they would not
necessarily be want to erase it. Please, somebody tell me if im
wrong...

Also a note to the more security conscious- As an occasional
practical joke I gain entrance to peoples PS/2s by shorting
those 2 pins with a paper clip through vent holes in the case.
(I have only tried this on Model 50s). So you may want to
place some kind of shield inside the box... locked, of course.
incidentally, this was 'fixed' on the 50z- you have to move a
jumper from one pair to the other in a group of three pins...
the jumper is large enough to cover the shorted pins completely.

---------------------------------------------------------------
oper014@umuc
       @umuc.umd.edu           Jim

Whats that red button do?

-----------[000061][next][prev][last][first]----------------------------------------------------
Date:      21 Oct 89 20:06:42 GMT
From:      deh@MORDOR.ENG.UMD.EDU (Douglas Humphrey)
To:        misc.security
Subject:   Re:  locks (again)

To a large extent, S&Gs are the best ( or one of the best).  We have 
them on a Mosler and and older Remington safe, both GSA certified
storage containers for classified materials, the Remington at Secret
and the Mosler higher than that.  The Mosler is a double safe, with
an S&G MP on the outside, and a special S&G on the inside (built to 
somebodies specifications).  Your local Mosler lock people will 
support the S&Gs with no problem, doing yearly maintenance, etc. and
getting you out of a jamb (pun intended) when you need it...

I am not sure what you mean by "anti-manipulation" feature;  ours are
MP locks, Manipulation Proof, but that really has to do with the 
internals on the lock, not an external locking pawl or anything 
like that. 

By the way, don't make the mistake that a lot of people do and fail
to get yearly maintenance done on the lock(s).  Sure, they most likely
won't need it, and you will be throwing around $100/year to the wind,
except for the day that the damned thing jams on you, and you discover
the extreme cost of having your safe/vault drilled...  Remember that 
these things are designed specifically to make it hard to do this.
The estimate to have one of our drilled by Mosler was many hundreds
of dollars, plus materials costs (14 diamond tipped bits, 2 drills
[they figure that they will burn out 2 doing this] and other assorted
things) plus the cost for them to weld in a plug of hardened steel
and then the possibility (if you are a cleared storage facility) that
the Government folks are not going to like the plug job and require
that you buy a new safe door and have it put on... Big Bucks...

Doug
Digital Express, Inc.

P.S.  We didn't have to have it drilled, we were just asking...

-----------[000062][next][prev][last][first]----------------------------------------------------
Date:      22 Oct 89 00:53:00 GMT
From:      JAHARITO@owucomcn.BITNET (JohnH)
To:        misc.security
Subject:   A big excuse from somebody I don't even know...

Sorry for bothering the list, but it's the only think I can do...

Somebody who his name I forget, wrote to me asking for my DES implementetion I
replied to him and said I would send you something which I didn't... The reason
is that after I replied your mail message, I deleted it and thus couldn't
remember your username and address to send you the files... I apologize for
that and ask you to send me your address again to send you the file.

Again, really sorry, I apologize
John Haritos.

-----------[000063][next][prev][last][first]----------------------------------------------------
From:      kent@wsl.dec.com  24-OCT-1989 10:54:48
To:        howard@hasse.ericsson.se (Howard Gayle)
Cc:        misc-security@sunic.sunet.se
DEC also won't let us put 'internal' hostnames on our business cards. 

We all think it's stupid, too, since everyone just writes the address on the
back.

chris
-----------[000064][next][prev][last][first]----------------------------------------------------
From:      Robert Allinson <XA3I@purccvm.bitnet>  24-OCT-1989 11:25:36
To:        <security@uga>
I am puzzled by the statement made by certain individuals.  The
statement was made that a virus can be put on an un-formatted disk
and it can "virusize" your personal computer!!!

Is this true?  Is it possible to put a virus on an un-formatted disk?
 s this tru even transfer a virus
If so, HOW?  It does not make sense.  In my view you have to format the
disk in the first place to install data on it! correct?

Please reply to :                          Robert Allinson  XA3I@PURCCVM

[Moderator tack-on: Depends on the type of PC, of course.  Replies to him
only, please...   _H*]
-----------[000065][next][prev][last][first]----------------------------------------------------
From:      Andrew Klossner <andrew@frip.wv.tek.com>  24-OCT-1989 12:01:38
To:        misc-security@tektronix.tek.com
	"In view of the huge demand and the clear anxiety indicated by
	that, Cate has decided, with the approval of PCM, to make the
	antidote more widely available on disk.  Additional information
	can be obtained from her directly ..."

I can't think of a better way to spread a virus than to launch a
separate virus, publicize its dangers, then release an antidote
containing the new virus.  And who can make a better antitode to the
first virus than its author?

This is all purely hypothetical, I know nothing of Rikki Cate and have
no reason to suspect her ... but you've got to be paranoid in this
field.

  -=- Andrew Klossner   (uunet!tektronix!frip.WV.TEK!andrew)    [UUCP]
                        (andrew%frip.wv.tek.com@relay.cs.net)   [ARPA]
-----------[000066][next][prev][last][first]----------------------------------------------------
From:      "Anthony A. Datri" <convex!datri@uxc.cso.uiuc.edu>  24-OCT-1989 12:37:03
To:        security@pyrite.rutgers.edu
I can't see this at all.  For one, "file server" is kind of a loose thing.  The
cards we fill out for free subscriptions to trade rags routinely ask for the
numbers of machines at your site; I can't see how that could possibly be of any
use.

I introduced the idea of email addresses on  business cards at a previous
employer, but then, they were more backwards than I want to think about.  The
form here at Convex that you fill out to get cards has a blank on it for your
address.  If a company has a consistent namespace and nicely done mailers,
everyone's card should say foo@company.com anyway, which wouldn't tell anyone
more than the fact that you had one machine, which they could have figured out
anyway.

Even so, nothing's stopping them from scribbling their addresses on the back of
the card anyway.
-----------[000067][next][prev][last][first]----------------------------------------------------
From:      stodol@diku.dk (David Stodolsky)  24-OCT-1989 13:10:32
To:        misc-security@dkuug.dk
>	Person then deletes this AIDS info. from their card. VOILA! No more
>		record of their AIDS infection.

Information is updated daily. If you can not show a current health 
certificate, encoded with a digital signature of a doctor, people give you 
plenty of room, unless they wish to take their chances.

I will send the complete proposal to those interested, or post it, if I get 
three or more requests. It is about ten pages.

--------------------------------------------
Secure Distributed Databases
for Epidemiological Control

Abstract

The project's objective is to develop a personal computer-based system for 
control of infectious agents. The overall goal is a better understanding of 
affects of enhanced social facilitation and health education on disease 
transmission. A new theory for real-time epidemiological control, based on 
contact tracing, is used to design a cryptographicly secure distributed-
database system providing situationally specific risk assessments that are 
based upon personal histories.

Personal computer systems negotiate exchanges of information that permit 
preselection of conversation partners. The techniques used yield unprecedented 
protection for user's identities and data. The systems permit self-
administration of questionnaires and distribution of health information, as 
well as communication with selected conversation partners. 

Information on changing health status and risk related behaviors are routinely 
gathered during system operation. In addition to giving users situationally 
specific risk assessments, these data permit new types of epidemiological 
analysis.

A pilot project devoted to design and development of a prototype system is 
specified in detail. The plan includes discussions with potential 
organizational participants in the proposed experiment and other interested 
parties.

-- 
David S. Stodolsky, PhD      Routing: <@uunet.uu.net:stodol@diku.dk>
Department of Psychology                  Internet: <stodol@diku.dk>
Copenhagen Univ., Njalsg. 88                  Voice + 45 31 58 48 86
DK-2300 Copenhagen S, Denmark                  Fax. + 45 31 54 32 11
-----------[000068][next][prev][last][first]----------------------------------------------------
Date:      23 Oct 89 16:03:46 GMT
From:      gwyn@BRL.MIL
To:        misc.security
Subject:   Re: locks (again)

>How secure are Sargent & Greenleaf combo locks?
>What do we get for their "anti-manipulation" feature - just an extra key
>lock that immobilizes the combination dial?

It depends on the model, but in general S&G makes pretty good combination
locks.  "Anti-manipulation" usually indicates just what it says, that the
lock design includes features especially aimed at making manipulation
(the art of opening a combination lock without knowing the combination a
priori) difficult.  One such feature would be additional (shallow) fake
notches around the periperhy of the wheels.  The best feature is one that
prevents using the actuator handle to apply drag to the wheel pack.

-----------[000069][next][prev][last][first]----------------------------------------------------
Date:      23 Oct 89 17:42:12 GMT
From:      nagle@well.sf.ca.us (John Nagle)
To:        misc.security
Subject:   Re: REINIALISING PS/2 PASSWORDS

>Next to the speaker on the earlier PS/2's is a pair of jumper pins.
>If you short these while the machine is being powered up, the password
>will be cleared from memory.

       How convenient.  Was this designed in, or is it a flaw?

					John Nagle

-----------[000070][next][prev][last][first]----------------------------------------------------
From:      hubcap@hubcap.clemson.edu (Mike Marshall)  25-OCT-1989  9:55:13
To:        misc-security@gatech.edu
 *  Any comments on the privacy issues here?

They gotta do it that way. Your organization is site licensed to have
access to that database. If Joe Blow walks off the street into the
campus library and uses the database, it would violate the license agreement.

-Mike       hubcap@clemson.edu
-----------[000071][next][prev][last][first]----------------------------------------------------
From:      jonhaug@ifi.uio.no (Jon Haugsand)  25-OCT-1989 10:20:52
To:        security@rutgers.edu
Ah, at last some interesting discussion...

I am currently doing my master thesis, and part of the work is
definition and classification of security and security policies. I
have some problems with 'privacy'

In a book discussing the Norwegian privacy act [Dj\o nne 1987:
"Personregisterloven, med kommentarer"], privacy is defined as: 'A
person has personal interest in 1) discretion, 2) information
correctness, 3) knowing what information processing that may cause
consequences for him/her, and 4) sanctity of private life. And
moreover: 5) the interface to the authorities should keep "a human
face", 6) the vulnerability of databases should be minimized, and 7)
people should be protected from unreasonable use of power by the
authorities.' (Abstracted and translated by me.)

The central point in the act itself is to 1) enable individuals to
determine data collected on him or her, to get incorrect information
corrected and to get irrelevant information deleted, and 2) regulate
who is allowed to collect, process and store what information in
electronic computers. (There are more, but this is what I myself find
'central'.)

If security is defined as "a system's ability to maintain
confidiality, integrety and availability of information", where does
privacy fit?

Another question: Do you agree with the above 'definition' of privacy?
Does your contry's privacy act (if you have one) agree?

--- --- ---
Jon Haugsand
  Ifi, Univ. of Oslo, Norway
  jonhaug@ifi.uio.no
-----------[000072][next][prev][last][first]----------------------------------------------------
From:      "Michael J. Chinni, SMCAR_CCS_E" <mchinni@pica.army.mil>  25-OCT-1989 11:10:24
To:        Jim Kirkpatrick <jimkirk@outlaw.uwyo.edu>
Cc:        security@pyrite.rutgers.edu
Jim,
	Question, does your library card identify you as Jim Kirkpatrick, or
does it just identify you as being from your university?

> that they have no business keeping records of  who looks at which databases.

What makes you think that this is required because they are keeping records of
who looks at what?

> I can walk into the library and read the
> bloody thing without presenting an ID, why should on-line use be made
> more restrictive?

	You can walk into the library and read the thing, because the library
is supported by the university and assumes that nobody NOT from the university
will use it (or at least the use will be minimal).

	I can think of a very good reason that some form of ID is required. I
assume (I may be wrong on this part) that your card identifies what library it
is for.  I also assume that your library pays a fee for access to this network
(or at least for access to the encyclopedias).  The network needs to prevent
unauthorized access by people from non-member libraries. To do this it requires
you to enter your library card bar code as a means to verify that you are
indeed from a member library and are therefore authorized to use that system.

	Another reason (variation on the above) is that the member libraries
are billed based on the usage by their people. This requires that the network
know what library you are from when using this system.

	I agree with you that the keeping of a database of who looks at what is
wrong, but I disagree with your assumption that this is the reason that the 
bar code is required.

/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
			    Michael J. Chinni
      Chief Scientist, Simulation Techniques and Workplace Automation Team
	 US Army Armament Research, Development, and Engineering Center
 User to skeleton sitting at cobweb   () Picatinny Arsenal, New Jersey  
    and dust covered workstation      () ARPA: mchinni@pica.army.mil
      "System been down long?"        () UUCP: ...!uunet!pica.army.mil!mchinni
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
-----------[000073][next][prev][last][first]----------------------------------------------------
From:      jimkirk@outlaw.uwyo.edu (Jim Kirkpatrick)  25-OCT-1989 11:51:01
To:        MCHINNI@pica.army.mil
Cc:        SECURITY@pyrite.rutgers.edu
Responding to my recent query on library systems, Michael Chinni asks --
   >Question, does your library card identify you as Jim Kirkpatrick, or
   >does it just identify you as being from your university?

To clarify, the library card is actually just a bar-code sticker slapped
on the back of my normal University ID card.  Thus the card itself
identifies ME, has my picture, and social security number (printed AND
embossed!).

Also, to clarify, to access either the on-line encyclopedia or a database
of newspaper/magazine articles, I must enter my bar code number AND my
last name (I found it only looks at the first 10 characters, but those
10 must be correct).  So it has a table of bar codes and who they were
assigned to (that's reasonable, when you check out a book and don't
return it they need to know who to send the goons after :-).

  >> they have no business keeping records of
  >> who looks at which databases.  
  >What makes you think that this is required because they are keeping
  >records of who looks at what?

I admit the above was an overstatement.  I don't know that they are keeping
records of who looks at what, or if they are simply authenticating and
counting usage.  But I don't know they AREN'T keeping track, either.

  > assumes that nobody NOT from the university
  >will use it (or at least the use will be minimal).

I would suggest that unauthorized use of the online encyclopedia is likely
to be minimal as well.

>	I agree with you that the keeping of a database of who looks at what is
>wrong, but I disagree with your assumption that this is the reason that the 
>bar code is required.

It was a wrong assumption from the view that I don't KNOW they are keeping
track, but I don't KNOW that they AREN'T.  Any such system CAN be abused
almost trivially and without notice to the users.  One example is the repeated
use over the past hundred years or so of gun registration lists to confiscate
guns, despite a government's insistence such lists would never be used that
way (WWII Germany was particularly brutal in this regard).  I do not mention
this to compare guns with books, but just to point out that governments will
and do abuse their power to gain access to information they want.  I would
rather it be impossible for the information to exist, than to be assured (by
people who don't even understand the system) that such records aren't being
kept.

"The price of freedom is eternal vigilance" or something like that.
-----------[000074][next][prev][last][first]----------------------------------------------------
Date:      24 Oct 89 13:33:00 GMT
From:      KAPLANB@iubacs.BITNET (Brian Kaplan)
To:        misc.security
Subject:   RE: Personal Computer Viruses

Doesn't make any sense.
As soon as one formats a disk, all the tracks and sectors become available
for data and if there was a virus written on the unformatted disk, it would
be overwritten.  One could always be safe and use one of the Norton
Utilities and erase the disk to government specs.
I would worry about it.
Bye for now.

-----------[000075][next][prev][last][first]----------------------------------------------------
From:      rlearn@relay.nswc.navy.mil  27-OCT-1989  0:09:51
To:        security@pyrite.rutgers.edu
I suspect the check is simply to verify that you are a legitimate  member
of the "conglomerate" and not just anyone with  a desire to use the
"encyclopedia" feature for which your library is paying.  Who says they
are going to keep score on all the users which would be a library unto
itself and cost some body some money?  Who would pay for that service?    
-----------[000076][next][prev][last][first]----------------------------------------------------
From:      cme<%cloud9.Stratus.COM@rutgers.edu> (Carl Ellison)  27-OCT-1989  0:47:54
To:        linus!misc-security<%encore.UUCP@rutgers.edu>
> . . .  I can walk into the library and read the
> bloody thing without presenting an ID, why should on-line use be made
> more restrictive?

It sounds like an accounting measure to me.  Is your department charged for
database usage?

What I would push for is the same privacy which the census provides --
make sure no record is released (or, better, kept) of individual data,
releasing info only when no specifics about individuals can be deduced from it.
You might do that here by having a group ID card to be scanned -- one giving
just the department ID (or whatever the accounting entity is).

If you can trust the local programmers, you could depend on them to accumulate
no data about *what* you're accessing -- only about how long you use the
service.

If you can't trust the programmers you need a pay-phone type of facility.
That could be with a coin box or a time meter (like the little boxes you
used to walk around with for Xerox machines -- the ones with your own
odometer style copy counter).
-----------[000077][next][prev][last][first]----------------------------------------------------
From:      johnw@watnext.waterloo.edu (John Wieczorek)  27-OCT-1989  1:20:17
To:        misc-security@watmath.waterloo.edu
   IMHO the issue here is the management of a finite, money consuming
resource in very much the same manner as your userid is on your system.

   The arguement can then be made that anyone can walk off the street
into your universities library and read the book manually. This is a 
valid point, but if a large group of non-students began to use the library
resources to the point that it impeded legitimate users (students) the
University would then have to do one of two things; increase their
expenditures to support the activities of people unrelated to them, or
cut them off.

   Your membership in your Universities library system is your ride ticket,
though it may just as easily be used to monitor the materials you read.
Life's a bitch, but it is unrealitic to expect that you can use shared
computing reasources without the possiblity of footprints. Ultimatley,
your previous options are and will remain open, 1) go there physically
have a seat and read or 2) buy a copy of the book.

						John Wieczorek
-----------[000078][next][prev][last][first]----------------------------------------------------
From:      "Bill Turner, Cornell University Library" <WRT@cornellc.bitnet>  27-OCT-1989  1:48:59
To:        Nick Gimbrone <NJG@CornellA>, security@pyrite.rutgers.edu
Cc:        John Rudan <JWR@CornellA>, Tom Boggess <TDB@CornellA>
As the primary technical support person for a library system, I would like
to point out that there are not necessarily any privacy issues involved here.
The question is whether the system is storing the ID's when they are entered,
and if so, what happens to them. A good example - any library staff member
can certainly (and appropriately!) find out who has what books checked out,
and what books any given individual has checked out. A few programmers can
even construct the borrowing history of a given individual (a moment's thought
about how a library works will tell you this). The fact that something CAN
be done does not imply that it is being done.

A better question is whether your ID number can be, and is, correlated to
your Social Security number. There's probably no good reason why it should
be, although often systems are designed by people who are completely
insensitive to privacy issues.

Finally, however, I find your attitude that somebody owes you free online
use of whatever services are offered rather amusing. If you don't want to
identify yourself, walk down to the library and use the books. Presumably
there are billing issues involved, where somebody is subsidising your online
use of an encyclopedia, and asking you to identify yourself for that reason.
I'm sure that if you went to the source and offered to establish a fund to
pay for completely open use, they'd be happy to set it up.

Remember that the provider of the service (the encyclopedia) has something
to say about who uses it. I would guess that CARL has a site license that
says they may make it available to their own community, but not the world at
large. It may be that your ID is validated against a table and no information
stored about your access, except possibly a counter indicating the total
number of accesses for the encyclopedia. An encyclopedia company that did
NOT have such a licensing strategy would quickly go broke, because of selling
only one copy of each edition which somebody would put online.
-----------[000079][next][prev][last][first]----------------------------------------------------
Date:      25 Oct 89 21:59:02 GMT
From:      davecb@nexus.yorku.ca (David Collier-Brown)
To:        misc.security
Subject:   Re: Privacy vs on-line library

>Another reason (variation on the above) is that the member libraries
>are billed based on the usage by their people. This requires that the network
>know what library you are from when using this system.

  The libraries are both charged by information providers and funded by
supporting organizations based on use and/or membership.  When working for a
supplier of some slight note, I was surprised at the conflicting needs to
keep track of usage information for funding purposes (and for
book-replacement estimates), and the need to **not** keep track of readership
information for particular books.

  And yes, both are legally mandated and prohibited in differing
justistictions (:-}).

--dave
-- 
David Collier-Brown,  | davecb@yunexus, ...!yunexus!davecb or
72 Abitibi Ave.,      | {toronto area...}lethe!dave 
Willowdale, Ontario,  | Joyce C-B:
CANADA. 416-223-8968  |    He's so smart he's dumb.

-----------[000080][next][prev][last][first]----------------------------------------------------
From:      royf%pwcs@uunet.uu.net (Roy Forsstrom)  27-OCT-1989  5:59:29
To:        misc-security@uunet.uu.net
>Earlier this year I remember reading articles about the government wanting
>libraries to turn over records of who checked out what book

It was the FBI hoping to find out if Soviet/East Block embassy employees
were requesting tech/engineering materials at Columbia University. I wrote
to my congressman about it and got a letter back from the FBI in DC. 

I helped install an on-line catalog/Library Information System called PALS
at a small college here in Minnesota. Our initial setup didn't require password
or barcode numbers to access the system although the feature was available.

The reason to use the access code is MONEY! It cost the college about 2.5 cents
per transaction. At the time, we weren't implementing circulation on the
system,so students and faculty didn't have barcodes. Since the town was allowed
to use the library also, we didn't want to restrict their access right off the 
bat.

Keeping tract of who requests what is possible, if you want to spend the time
and money. Most libraries don't have either.

[An interesting side note, Len Deighton's latest book "Spy Hook" tells of an
database that logs attempts to retrieve restricted data.]

>Any comments on the privacy issues here?

Remember when Bork was a candidate for the Supreme Court? A video store 
released a list of movies his family had rented over the past year. I think
some laws were passed rather quickly after that. 

Sweden and England have very strict laws about who can do what with computer
data. One English mailing list I'm on asked me to sign a release because
they keep the list on a computer. 

-----------------------------------+-------------------------------------------
Roy Forsstrom 612-298-5569         |  Traveling makes one modest. You see 
Public Works Computer Services     |  what tiny place you occupy in the world. 
pwcs!royf  royf@pwcs.StPaul.GOV    |         -Flaubert 
-----------------------------------+-------------------------------------------
-----------[000081][next][prev][last][first]----------------------------------------------------
From:      tkoppel@isis.cs.du.edu (Ted Koppel)  27-OCT-1989  6:29:44
To:        misc-security@ncar.ucar.edu
First, Jim, I'm writing as a person who values and respects the
privacy of user records.  When I became a librarian I signed off on
the idea that people's records are not to be shared, and so on.  What
I am writing is not necessarily the official policy of CARL.  Still,
I'll address your issues:

a. In the case of the encyclopedia and other databases that are made
available on Online Catalogs, we are required by the database
supplier's contract to limit the use of certain databases to the
primary user population of our members.  What that means is that, for
instance, a U Wyoming student/faculty/staff person has full access to
that database (the encyclopedia, for instance), but a citizen of the
state of Wyoming (not known to the University..) does not have access.
If we don't restrict access to only the primary user population, then the
database provider can accuse us of breach of contract, and ultimately
has the right to yank the database from us.

Sadly, the 'limit access on your online system' strategy is being em-
braced more and more by the database suppliers (see the discussion on
the Library PACS-L Bitnet mailing List).  I don't see it getting
better, either, because the databse suppliers are scared that too much
online use is going to transalate into fewer print subscriptions,
which is what really pays their bills.

By the way, the CARL privacy issue is not what you think.  When you
come into a password-controlled database, we set a switch to "1"; when
you exit, we turn it back to "0". (You can't use a password controlled
database on the same password at the same time).  CARL doesn't log who
used what database at what time - sure, we could, but no, we're not
doing so.  

Final note, Jim - if you're on one of the hardwired terminals at
Wyoming, you're not asked for a password at all.  (The hardwired
terminals are all located in the various libraries there).  Only the
remote dialups need passwords.

-- 
Ted Koppel       CARL - Colorado Alliance of Research Libraries =
BITNET: TKOPPEL@DUCAIR    UUCP: uunet!isis!tkoppel  or tkoppel@du.edu
-----------[000082][next][prev][last][first]----------------------------------------------------
Date:      26 Oct 89 03:02:28 GMT
From:      rjg@sialis.mn.org (Robert J. Granvin)
To:        misc.security
Subject:   Re:  Privacy vs on-line library

>	You can walk into the library and read the thing, because the library
>is supported by the university and assumes that nobody NOT from the university
>will use it (or at least the use will be minimal).

Universities are supported by tuitions, grants and public and state
funding.  Universities are centers of knowledge and learning.

The libraries of these universities are open and available to
everyone.  The information contained therein isn't restricted in any
form to only students "And others as long as the use is minimal".

-- 
________Robert J. Granvin________        INTERNET: rjg@sialis.mn.org
____National Computer Systems____          BITNET: rjg%sialis.mn.org@cs.umn.edu
__National Information Services__            UUCP: ...amdahl!bungia!sialis!rjg
 "Insured against Aircraft, including self-propelled missiles and spacecraft."

-----------[000083][next][prev][last][first]----------------------------------------------------
Date:      26 Oct 89 15:36:50 GMT
From:      davecb@nexus.yorku.ca (David Collier-Brown)
To:        misc.security
Subject:   Re: Privacy vs on-line library

> Any such system CAN be abused almost trivially and without notice 
> to the users.   [...]  the information to exist, than to be assured (by
>people who don't even understand the system) that such records aren't being
>kept.

  A specific, known example: a crossmatch between a library systems and
a pharmacy system running on the same timesharing service:

  from pharmacy, select females with perscriptions for birth
	controll pills
  crossmatch with library for address and age
  print where age < 30 and city = this one.

--dave c-b
-- 
David Collier-Brown,  | davecb@yunexus, ...!yunexus!davecb or
72 Abitibi Ave.,      | {toronto area...}lethe!dave 
Willowdale, Ontario,  | Joyce C-B:
CANADA. 416-223-8968  |    He's so smart he's dumb.

-----------[000084][next][prev][last][first]----------------------------------------------------
Date:      27 Oct 89 04:59:00 GMT
From:      MASROB@UBVMSC.CC.BUFFALO.EDU (CNSM CCR - Rob Rothkopf)
To:        misc.security
Subject:   Universal Card System

The University of Buffalo is considering the feasabilities/possibilities of 
establishing a "universal" card-access system for all areas of University 
activity.  This single card would be used by all faculties including:

	-- University Libraries: could be used with copiers
	-- Records/Admissions: could be used as positive student ID
	-- Could be used as "meal card"
	-- Keyless card-entry system into student dormitories
	-- Miscellaneous applications including single-vote verification,
	   purchasing, student accounts (perhaps mom and dad could "easily"
	   add money for students to later have access to for food, etc.)

We've received some literature on the "Smart Card" and how it might fill
our needs; since this is the beginning of this investigation we could use
any input others may have from previous experiences with card systems.

If anyone has experience with/knowledge of the "Smart Card" or *any* other
established card access system, I'd appreciate the advice and info.  Either
reply direct or through the net (some might find this info. useful)

Thanks in advance.

				--Rob Rothkopf

-----------[000085][next][prev][last][first]----------------------------------------------------
Date:      27 Oct 89 14:17:40 GMT
From:      TENCATI@NSSDCA.GSFC.NASA.GOV (SPAN SECURITY MGR. (301)286-5223)
To:        misc.security
Subject:   Re: Privacy vs on-line library

On a related note -

Did you know that the 976- , and 1-900 people also keep track of who
calls, and sells your phone numbers to advertisers in the same manner that
credit card companies sell your address?

I'm not sure if this is also true for 1-800 calls, since they are AT&T or
another carrier company, but apparently there are no rules against selling
your number.

Ron Tencati
NASA/Goddard Space Flight Center
Tencati@Nssdca.Gsfc.Nasa.Gov

-----------[000086][next][prev][last][first]----------------------------------------------------
Date:      27 Oct 89 14:44:45 GMT
From:      UKA051@ukcc.BITNET ("Jack L. Coffman")
To:        misc.security
Subject:   (none)

We at the University of Kentucky run an IDMS data base at the
central computing center.  Most batch updating is performed
at night by our central data control staff.

We do have programmers distributed in user offices who now
do some batch updating to the data base.  Most
user departments have people who execute reports using
COBOL, MARKIV, OLQ, CULPRIT, and SAS against the data base
and extract files.

We are at the point of deciding how to set up libraries to allow
user departments to update or execute reports from the data base or
extract files.

Does anyone have any exeprience or words of wisdom on how to approach
this decision. Are we unique in allowing user departments to update
the data base?

Thanks

Jack L. Coffman - UKA051@UKCC
Security and Contingency Planning Officer
128 McVey Hall
University of Kentucky
Lexington, Ky  40506-0045
(606)257-2273

-----------[000087][next][prev][last][first]----------------------------------------------------
Date:      27 Oct 89 23:23:10 GMT
From:      eravin@dasys1.UUCP (Ed Ravin)
To:        misc.security
Subject:   Re: Bike Locks

One thing the enlightened cyclists are doing in Manhattan is two always
lock the bike up with two different kinds of locks.  The average bike thief
is only prepared to break one kind of locking system.  The usual
combination is a U-lock and a flexible cable with padlock.  That means the
thief would have to carry two different sets of tools to get the bike.

Most streetwise bikers also take some old chain links and rivet a little
loop of chain between the bicycle seat and the frame, to discourage parts
theives from taking the seat.

Bike theft is disgusting in this city: even your 3-speed covered with rust
isn't safe.  The new unit of commerce is the crack vial: as long as your
bike is worth at least one vial to someone, it is a potential theft
target.
-- 
Ed Ravin                  | hombre!dasys1!eravin | "A mind is a terrible thing
(BigElectricCatPublicUNIX)| eravin@dasys1.UUCP   | to waste-- boycott TV!"
--------------------------+----------------------+-----------------------------
Reader bears responsibility for all opinions expressed in this article.

-----------[000088][next][prev][last][first]----------------------------------------------------
From:      Joe Meister <JWM%JHUDEV@jhuvms.bitnet>  31-OCT-1989  2:43:23
To:        security@pyrite.rutgers.edu
You might want to try a credit bureau. You will not be able to get
credit information, but they often offer services that can trace
name and address changes. It might cost from $2-$4 per find. Avoid
services that charge just for looking. Also, some services will
look for you, and others provide on-line lookups. Finally, we
are an institutional user, I am not completely sure that individuals
can use the service. Also, it is incredibly easier to use social
security numbers. Good luck.
-----------[000089][next][prev][last][first]----------------------------------------------------
From:      conch!steve@uunet.uu.net (Steve Froeschke)  31-OCT-1989  3:11:11
To:        misc-security@uunet.uu.net
We use several Sargent & Greenleaf locks where I work (U.S. Navy here in Key
West FL), and I've found them to one of the best.  They are well built, (read
HEAVY to hold :-) ), and easier than most to do combination changes on.  I
can highly recommend them from over 8 years of working with them.

    Steve
-----------[000090][next][prev][last][first]----------------------------------------------------
From:      Michael Stack                                    <A01MES1@niu.bitnet>  31-OCT-1989  3:36:37
To:        SECURITY Digest <SECURITY@UGA>
I know this isn't exactly a "high-tech" answer, but our high school reunion
committee made good use of city telephone directories they found at a local
library.  It means lots of phone calls, and it won't help with names changed
through marriage, but the results were impressive.  Only about five percent
of our graduating class was not found twenty-five years later, and we'd be
silly to believe that at least some of those didn't want to be found.

Michael Stack
Northern Illinois University
-----------[000091][next][prev][last][first]----------------------------------------------------
From:      jimkirk@outlaw.uwyo.edu (Jim Kirkpatrick)  31-OCT-1989  4:04:21
To:        SECURITY@pyrite.rutgers.edu
 (Curiously, the original question's headers did not indicate the originator
 thus I must reply to the list)

The Sargent & Greenleaf lock is the subject of a small book on
how to manipulate combination (safe & vault) locks.  A friend actually
bought one to play with, and it is in fact somewhat easy to open.  I have
an old Yale that's essentially impossible.  The book describes
anti-manipulation features as: tightened tolerances, added mechanical
features to prevent reading contact points, and added features to create
false sounds or feelings.  In the S&G manipulation-resistant type,
the design prevents reading contact points and would appear to be much
more difficult to open than the vanilla type.
-----------[000092][next][prev][last][first]----------------------------------------------------
Date:      29 Oct 89 20:27:52 GMT
From:      stodol@diku.dk (David Stodolsky)
To:        misc-security@dkuug.dk
Subject:   Secure Distributed Databases for Epidemiological Control
English update of: 
Stodolsky, D. S. (1989, August). 
Brugerforvaltet datakommunikationssystem til bekaempelse af seksuelt 
overfoerbare infektionssygdomme 
[Secure Distributed Databases for Epidemiological Control]. 
Research proposal submitted to the AIDS-Fund Secretariat, Danish Health 
Department. 
(Available from the author at the Psychology Department, University of 
Copenhagen )

==============================================================

Secure Distributed Databases for Epidemiological Control

Abstract

The project's objective is to develop a personal computer-based 
system for control of infectious agents. The overall goal is a 
better understanding of affects of enhanced social facilitation 
and health education on disease transmission. A theory of real-
time epidemiological control, based on contact tracing, specifies 
a cryptographicly-secure distributed-database system 
providing situationally specific risk assessments that are based 
upon personal histories.

Personal computer systems negotiate exchanges of information that 
permit preselection of conversation partners. The techniques used 
yield unprecedented protection for user's identities and data. 
Users communicate under the protection of pseudonyms. Data is 
kept private, but is releasable through exchange negotiations. 
The systems permit self-administration of questionnaires and 
distribution of health information, as well as 
communication with selected conversation partners. 

Information on changing health status and risk related 
behaviors are routinely gathered during system operation. In 
addition to giving users situationally specific risk assessments, 
these data permit new types of epidemiological analysis.

A pilot project devoted to design and development of a 
prototype system is specified in detail. The plan includes 
discussions with potential organizational participants in the 
proposed experiment and other interested parties.

=====================================================

30 August, 1989

"I don't want to know your name, 
I want your history."
(Painters and Dockers, 1988). 

Secure Distributed Databases for Epidemiological Control

(Controlling Sexually Transmitted Diseases with Informational Barriers)

1.	Objectives

Information technology offers new techniques for the control of 
infectious agents that can complement medical and public health 
measures. The techniques described here are most useful when medical 
measures are of limited value and where privacy concerns 
predominate. The discussion is focused on control of the Human 
Immunodeficiency Virus (HIV), even though the approach is of general 
applicability. For instance, HIV seropositive persons benefit even more 
from this approach than others, since it helps protect them from 
exposure to infectious agents that can activate the virus and cause 
other infections. The specific project objective is the development of 
information technology techniques for control of sexually transmitted 
diseases. The overall project objective is to investigate the impact of 
social facilitation and health education on disease transmission, that is 
achieved by using such techniques. 

Social facilitation has two roles. First, to enhance risk free contacts 
through preemptive detection of risky transactions. Second, to reduce 
the total number of transactions, and thereby risk, by stabilizing 
relationships through increasing the probability that continuing 
interactions results from mediated contacts. Both of these objectives 
require negotiations using significant amounts of sensitive information 
prior to actual contact. In the first case this information is of a medical 
nature, in the second it is of an ideological or social nature. The 
negotiation procedure can be highly restrictive, resulting in rejection of 
most potential contacts. Thus, if social support is to be maintained, the 
scope of potential contacts must be increased. This requirement is 
satisfied by using telematic systems and computer support in the 
negotiation process. Such automatic mediation also permits effective 
protection of sensitive personal information, thereby enhancing the 
likelihood that the data is complete and reliable.

1.1.	Detection of risk

Preemptive risk detection is facilitated by individualized real-time 
epidemiological modeling. Both the medical and behavioral history of 
each person is available during the negotiation process. Certain risky 
contacts are blocked by the mediating system. For instance, a 
HIV seropositive person would never be matched with a HIV 
seronegative person. In most cases, however, medical test results will 
not be available, thus behavioral information provide estimates of risk. 
Adequate data is maintained to permit contact tracing in real-time 
when a positive test result occurs. Thus, a single positive test result 
could propagate through a  chain of contacts, changing the risk status of 
a large number of persons rapidly. Persons at high risk would be 
rejected as social contacts, in most cases, until a negative test result was 
obtained. This would lead to voluntary compliance with a program of 
selective testing for persons at greatest risk. Thus, preemptive risk 
detection operates in two ways. First, risky contacts are rejected by 
presumably uninfected persons, thereby blocking transmission of 
infectious agents. Second, at-risk persons are motivating to seek 
medical assistance for a change of risk status.

1.2.	Stabilizing relationships

As long as infectious agents are prevalent, risk of infection is 
proportional to the number of (risky) contacts. In the case that persons 
are seeking a stable relationship, a prior knowledge of objective factors 
including behaviors, and subjective factors such as interests, desires, 
attitudes, and beliefs can play a role in predicting outcome of a contact 
and thereby minimizing the number of contacts needed to find a stable 
relationship. While guarantees of privacy can improve the reliability of 
data contributed by persons, it is likely that feedback from prior 
contacts can be used to improve data accuracy. It certainly can play a 
role in confirming that self reports are complete and honest.

1.3.	Security system development

The success of the strategy proposed requires the ability to use data 
without disclosing it except when absolutely required. The highly 
sensitive nature of the data needed for this study presumes 
development of improved security models. Security that is dependent 
on trusted third parties may be adequate for the initial phase of this 
study, but elimination of such intermediaries is an objective. Thus, in 
the limit, each person would exercise control over their sensitive data 
directly. This would, of course, require a personal computer or "smart 
card" for each user. Such systems have been proposed and will become 
economically feasible in the near future. Specification and feasibility 
analysis of various security enhancements will be examined as part of 
the project.

A first security enhancement step would be to provide the user with a 
card that in connection with a password or personal identification 
number (PIN)  could be used to activate remotely held sensitive data. 
This level of security is currently available with electronic funds 
transfer (EFT) terminals (automated teller machines). A next level of 
security is to provide each user with a "key loader" that provides a 
sequence of binary digits that is used to decode remotely held data files 
that normally remain enciphered. 

Optimal security is available when data is under the direct physical 
control of the user as well as being secured by password and 
cryptographic security mechanisms. Currently available personal 
computers have adequate capacity to perform these functions. Central 
data would list pseudonyms (public-keys) of persons using compatible 
systems and provide mail boxes for messages. All exchanges of 
information would be encrypted. 

2.	Significance

The AIDS epidemic has created a medical emergency of major 
proportions.  It also threatens to create a crisis of social control 
unprecedented in modern times.  The major reason for this is the lack 
of medical countermeasures against the virus.  A second reason is the 
effect of the HIV on the brain, AIDS dementia complex (ADC), that can 
result in irresponsible behavior (AIDS not, 1987; Smith, 1989).  A third 
reason is that some common institutions for social coordination may 
actually accelerate the spread of the disease.  This deficiency can be 
overcome by a strategy that simultaneously enhances personal 
integrity and social control.

Factors including changing population density, behavioral patterns, and 
infection pathways alter niches for pathogenic organisms which evolve 
under new conditions. AIDS is an example of a disease which has 
dramatized the availability of a new niche. Seale and Medvedev (1987) 
argue that the AIDS epidemic could not have started without the 
availability of multi-use hypodermics.  An important characteristic of 
this disease is inapparent infection that inhibits its control.  Effective 
control presumes the ability to visualize the infectious agent and take 
appropriate action to avoid further transmission. Cost effective medical 
testing alone cannot reliable visualize HIV, due to delayed 
seroconversion resulting from the virus remaining hidden inside cells, 
failures in seroconversion, and even loss of antibody response. 
Transmission can apparently not be reliably blocked by physical 
barriers. Related organisms pose an even greater threat prior to 
identification (Cancer virus, 1987). These limitations demand a new 
control strategy suitable to new conditions of disease transmission.

The control strategy suggested here permits an approach to disease 
management independent of medical capabilities. It has the potential of 
being both effective and economical. Infection risk is visualized entirely 
through information handling. Thus, the technique can be applied 
without detailed knowledge of the infectious agent. Avoidance of 
infection is an integrated function of the information handling strategy, 
as is the motivational structure needed to promote cooperation. A most 
important aspect of the strategy is that it is a preventative approach. 
Brecher (1975) concluded that the three major strategies for control of 
sexually transmitted diseases, treatment of symptomatic cases, contact 
tracing, and routine screening are ineffective compared to simple 
preventative measures. He argues for health education and effective 
prophylaxis as likely to lead to reduced incidence. In the case of HIV, 
prophylaxis is the only strategy currently available, and thus it is 
crucial that informational as well as physical barriers be used to inhibit 
the spread of the virus.

This is perhaps even more important when we consider the long term 
dynamics of disease. Often diseases evolve in the direction of reduced 
virulence, making them less apparent and often more prevalent (Seale 
& Medvedev, 1987). In the case of HIV, it is likely that the first 
successful medical countermeasures will consist of methods to extend 
the latent period of the disease. Thus, while currently, a person can 
remain symptom free for 5 to 7 years, a person receiving this first type 
of treatment for HIV may remain symptom free for 20 years or more. 
The key premise of this strategy asserts that HIV infection and AIDS 
are chronic, manageable conditions (Smith, 1989). During this time 
persons may pose a continuing infection risk. If these persons are to 
remain contributing members of society the informational barriers 
suggested here may be crucial.

A wide range of compulsory measures directed towards individuals 
have been suggested and in some cases implemented, even though their 
negative side effects have been recognized. However, voluntary ones 
which could be equally effective have not been exploited.  The potential 
of voluntary measures has been recognized by the public.  The news 
report, "Blodgivarnaal blir 'friskhetsintyg'?", was occasioned by a sharp 
increase in blood donors in Malmo and reports that blood donor pins 
were being used at a dance hall as health certificates (Fredriksson, 
1987).  A corresponding increase was noted to not have occurred in 
Goteborg.  In Malmo the pins are given out after the first blood 
donation, while in Goteborg they are given out after ten donations.  So 
the difference in public response is hardly surprising, it results from a 
natural experiment on the control of sexually transmissible diseases.

3.	Background

3.1.	Informational precursors in social medicine

The epidemiological approach taken here is similar to the highly 
effective public health measures taken in 18th and 19th century to 
control infectious diseases. Up until that time cities (e.g., Copenhagen 
and Stockholm) most often had no effective sewage or garbage disposal 
services. This led to a situation in many cities where maximum 
population levels were reached, with deaths due to infection balancing 
population inputs. Having recognized that many diseases were 
transmitted (by microorganisms) in wastes, public works programs 
were undertaken in order to segregate fluids carrying wastes from 
fluids used for consumption and for food preparation.  These measures 
were taken well before effective medical procedures for dealing with 
many diseases were developed, and in most cases before the actual 
causative agents were identified. A key point is that knowledge about 
transmission of infectious agents preceeded their control. This control 
was implemented by a physical restructuring of fluid management  
through sanitary engineering.

The fluids dealt with here are distinguished by the source individual. 
Due to higher population densities, changes in attitudes about sex, 
increases in uses of invasive procedures (use of blood and other bodily 
products in medicine, and use of injectable drugs) persons are now 
much "closer" in a physiological sense then in earlier times (Seale & 
Medvedev, 1987). It is not only recommended to avoid certain classes 
of fluids that are in general known to contain infectious agents, but to 
avoid contact with body fluids from classes of persons in risk groups 
(Prostitutes asked, 1987). The approach discussed here goes one step 
further in this line of development, it introduces measures permitting 
one to routinely avoid contact with fluids from specific individuals who 
are at risk or known to be carriers of an infectious agent. This requires 
the routine use of prior knowledge about these agents. That is,  the 
availability of informational precursors associated with these agents.

3.1.1.	Biological agents

A clear understanding of the approach requires distinction between 
biological agents, informational agents making demands upon attention, 
and informational agents that require only processing by machines. If 
each person was to inform a potential contact of all infectious agents 
carried by that person, then we could say that an informational 
precursor existed for each infectious agent. This would give persons the 
option of avoiding contact with fluids containing infectious agents. 

3.1.2.	Informational demands upon attention

Aside from the privacy problems and diagnostic uncertainties which 
would reduce the effectiveness of such a procedure, there are major 
informational demands upon attention associated with it. Particularly in 
the case where there is a reasonable prevalence of an infectious agent 
in a population, the simple communication of diagnostic information 
would be inadequate. With sexually transmitted diseases, in most cases, 
at least one new person has been infected by the time a given 
individual has been diagnosed as carrying the infectious agent. Thus, a 
person would have to communicate not only their own diagnostic 
information, but also the diagnostic information from previous contacts. 
Some of information concerning a given contact would only become 
available much after that contact had take place, thus inducing 
unrealistic informational demands upon communicators.

3.1.3.	Information processible by machine

A solution to this problem is to structure diagnostic data in 
standardized machine readable forms, thus permitting precursor 
information (both from direct diagnosis and from diagnostic 
information transmitted by contact tracing) to be exchanged by 
computers prior to an anticipated contact. This strategy also permits the 
introduction of an effective solution to the privacy problem. The idea is 
to make use of the information without revealing that information 
except when it is no longer sensitive (Stodolsky, in prep.). It also 
compensates to some degree for diagnostic uncertainties, since what is 
transmitted by automated contact tracing is information about risk, as 
opposed to direct diagnostic information. The automated contact tracing 
mechanism can also be implemented in a manner protecting personal 
integrity (Stodolsky, 1979a; 1979b; 1979c; 1983; 1986)

3.2.	Theory of operation

The system outlined here is most simply explained if we assume that 
each person has a personal computer capable of directly exchanging 
information with those of other persons. These computers can, in the 
simplest case,  generate random numbers that are used to label 
transactions. A transaction is defined as an interaction capable of 
transmitting the infectious agent. After each transaction, therefore, a 
person has a unique label or code for that transaction. 

In the event that a person becomes ill or is identified as carrying an 
infectious agent, the transaction codes which represent transactions 
during which that agent could have been transmitted are then 
broadcast to all other computers. If a receiver's computer has a 
matching code, then that person is alerted to the possibility of the 
agent's presence, and can report to a medical center for testing and 
treatment. This iterates the process, thus identifying all carriers 
eventually. The effect is to model the epidemiological process, thereby 
identifying all (potential) carriers through forward and backward 
contact tracing.

In order to clarify the procedure, consider a scenario in which there are 
two types of actors, persons (Pi) and doctors (Di) (Figure 1). Doctors 
operate only within a health center (HC). There are also two types of 
agents, biological and informational, that can be transmitted during a 
transaction. Informational agents are always transmitted with physical 
agents. Each actor has a computer that can exchange information with 
another actor's computer. A doctor's computer can also broadcast 
messages to all actors at once by sending them through a more 
powerful computer at the health center.  Contact tracing is illustrated 
by the sequence in Figure 2. At time T1 person A (Pa) and person B 
(Pb) engage in a transaction. Their computers label this transaction with 
a number N1 and store the number. Pb then physically moves into 
contact with person C (Pc), this transaction is labeled N2 and recorded 
at time T2.  At time T3, Pb becomes ill and reports to a doctor (Da). The 
doctor verifies the infectious nature of the illness and then reads the 
transaction codes, N1 and N2, out of Pb's computer. These are broadcast 
to all other computers at time T4. When Pa's computer receives the 
broadcast, the transaction code N1 matches the number stored in 
memory. This alerts Pa to the fact that s/he is in the chain of 
transmission of the infection ( in this case Pa was the initial carrier of 
the infectious agent). When Pc's computer receives the broadcast, the 
transaction code N2 matches the number stored in memory. This alerts 
Pc to the fact that s/he may have been infected (at T2). The alerting of 
Pa is an example of backward tracing from Pb. The alerting of Pc is an 
example of forward tracing. We assume in this simplest case, that when 
an alert is received, the affected person voluntarily reports to a doctor. 
In a more secure system, a person's computer would not be capable of 
generating new transaction codes if a matching code had been received. 
This would indicate to potential new contacts that contact with this 
person was risky. (Actually, the more secure procedure would require 
the exchange of updated health certificates.)

3.3.	Operational alternatives

An ideal system would ensure that all contacts were mediated by 
computer. Since the most appropriate technology, powerful wristwatch 
like computers with communication capabilities, is not available for the 
moment (though key components have become available [Ivey, Cox, , 
Harbridge, & Oldfield (1989)]), development will proceed on standard 
personal computers. While these machines are available in a hand held 
format, people can not be expected to carry them at all times. In many 
cases, people can organize their contacts using a personal computer 
from an office, public computer center, or their home, but clearly other 
options must be available. A voice-message system that duplicates all 
function of the personal computer, but with voice output and telephone 
key-pad input is an attractive option. It permits planned organization 
of contact opportunities with limited, but, for most persons, more than 
adequate security.

In the case of chance meetings, persons would be required to make an 
inquiry prior to proceeding with a contact. The common magnetic strip 
credit card offers an adequate level of security, but requires a readily 
accessible teller machine. Such a verification system assumes 
cooperation of appropriate financial institutions. A telephone-based 
verification system used in a manner similar to credit card verification 
is another option. The various options will be considered during the 
first year of the project.

4.	Research plan

The overall research plan is based on a 2 factor design with repeated 
measures. One factor is risk group and the second is availability of an 
experimental health conferencing system. Dependent measures include 
health status and health related behaviors. The plan is designed to 
permit rigorous evaluation of results without interfering with effective 
service to the subject populations, and to permit rapid scaling up to a 
larger population if justified by the initial results. If the security needs 
are met, it is expected that demand for service will exceed supply. The 
waiting list management strategy will generate the control groups.

The effect of the health conferencing system on infection and risk 
behaviors is of major interest, thus this effect is measured as a within 
subject factor. Each group will be compared to itself at a later time. 
Comparison to cross sectionally matched individuals controls for time 
effects. The differential effectiveness the experimental intervention on 
different risk groups is studied as a between subject factor in order to 
enhance the generalizability of the results. A nested multi-variate 
analysis of co-variance with repeated measures using matched controls 
is used for overall data evaluation. 

4.1.	Method

A secure conferencing system permitting automated interviewing and 
selection of conversation partners, as well as mail delivery functions 
will be developed.  The software will be installed on two identical 
systems. One system will be made available to the Organization of Gays and 
Lesbians in Denmark, the other to the (HIV) Positive Group in Denmark. 

Each person expressing interest in participating receives information 
describing the study and a preliminary self-administered interview. 
Person applying to the Positive Group must present evidence of 
seropositivity to be considered further. Persons applying to the 
Organization of Gays and Lesbians in Denmark must present results of a 
Polymerase Chain Reaction (PCR) investigation to be considered further. 
Upon presentation of appropriate medical evidence, the registrar 
assigns them a pseudonym and password. A comprehensive interview 
covering health history and health behaviors is then self-administered. 
Each person receives health education materials and is placed on the 
waiting list.

When 500 persons are available from each organization they will be 
formed into matched groups and randomly assigned to either treatment 
or control conditions. The treatment groups receive a questionnaire for 
guiding the selection of conversation partners. Controls remain on the 
waiting list for six months at which time they are integrated into the 
treatment condition. Depending upon results of a risk assessment 
interview, serological testing may again be required. Participants are 
required to give feedback interviews after meeting conversation 
partners. This serves as a check on self-reported data and as a source of 
information on opportunities for transmission of infectious agents. Data 
on interactions with other persons and degree of risk associated with 
them is also collected routinely. Sexual transmitted infections and other 
conditions requiring medical intervention are reported routinely. Health 
behavior interviews are readministered on six month intervals just 
prior to integration of a new persons into the treatment groups.

4.2.	Time frame

The first year is devoted to preparations including software 
development, finalizing arrangements with participating organizations, 
and pilot testing (See "Specific tasks for preparation phase (First year)" 
below). The first six month period of the second year is reserved for 
training of registrars , and accumulating and interviewing of 
participants. The second six month period is for comprehensive testing 
of operational procedures as the first set of participants begins using 
the experimental system. Cross sectional data analysis techniques will 
be applied during this period.

The third half-year of the operational phase of the project will be 
devoted to the integration of the first set of control groups into the 
treatment condition. After this, all procedures and software will have 
been finalized. Longitudinal data analysis procedures will be integrated 
with those already in use. At two additional six month intervals, half of 
those on the waiting list will be added to the experimental groups using 
the health conferencing system. 

4.3. Specific tasks for preparation phase (First year)

4.3.1.	Contact and discussions with organizations. 

The wide range of sensitive and important questions raised by the 
proposed study make it imperative that affected and concerned 
organizations and persons (Dansk Epidemiologisk Institut, Statens 
Serum Institut, Registertilsynet, Sundhedsstyrelsen, Landsforeningen 
for Boesser og Lesbiske, Positivgruppen, Frivillige Bloddonorer, selected 
journalists and politicians, etc.) have the opportunity to review and 
comment upon the proposal. This will include, but not be limited to 
those collaborating in the experiment proper. Invitations to a workshop 
series will be issued to those selected. The workshops will include 
lectures, demonstrations (both manual and computer), and discussions. 
Feedback from participants will be used as input to the experiment 
design.

4.3.2.	Design of experimental trials

The specifics of the design including control procedures will be 
structured to insure both scientific validity of collected data and 
acceptability of procedures to participants and their organizations. It is 
expected there will be conflicts between these two demands and the 
workshops will be used to anticipate and facilitate their resolution. A 
specific question to be addressed will be the potential conflict between 
demands for participation and capacity of organizations to respond to 
them without sacrificing rigor of the trials. While previously developed 
questionnaires will serve a base for data collection, specific concerns 
and interests of different organizations and interests groups will 
influence the actual data requested from participants.

4.3.3.	Design of secure registration procedures

Protection of the participants identity will be in part dependent upon 
the security of the registration and pseudonym assignment procedures. 
Abuse of the system that could result from persons obtaining multiple 
names will also be controlled by the registration system. Both 
administrative and cryptographic mechanisms will require careful 
specification. After a description of the cryptographic mechanisms for 
registration, organizational placement for administrative procedures 
will be determined.

4.3.4.	Software development

The most important factor in protection of the participants is the 
security of their own computer systems. Both privacy and protection of 
identity depends upon the integrity of the cryptographic software. The 
software is also plays an essential role  of demonstrating the system so 
better understanding can be achieved by both users and 
representatives of organizations considering the adoption of the system. 
Certain components of the proposed system perform functions that 
have never been implemented on computer systems or that have not 
been implemented to perform the functions needed in this application. 
Preliminary software development will permit a better estimate of the 
overall effort required to satisfy the security and efficiency 
requirements in the proposed application. Preliminary development 
will also permit testing of the user interface to ensure easy operation 
under strict security requirements.

4.3.5.	Simulation modeling

Simulation modeling for predicting effects of the completed system can 
play both analytic and educational roles. Graphics can effectively 
illustrate the relative impact of preventative as opposed to treatment-
based methods in epidemiology. Such simulations can influence 
organizational decision makers as well as potential users. Analytic 
questions concerning the relative impact of limited adoption of the 
technology on overall population morbidity and mortality can also be 
answered with simulation methods. This could answer cost 
effectiveness questions and be used to guide the rate of adoption of the 
new technology. Considering the very large expenses associated with 
clinical treatment of AIDS, the simulation models may be useful in 
estimating appropriate funding for operational stages of the project.

4.3.6.	Publication of "Hormones" epidemiological model. 

While the general concept of real-time epidemiological modeling has 
been presented at a conference (Stodolsky, 1983), publication has been 
limited to an application involving control of electronic infections on 
computer networks (Stodolsky, 1989). Conference presentation and 
publication as a human population oriented application will strengthen 
theoretical review, and directly address specific questions concerning 
human and legal rights. The secure model was included in a recent 
conference presentation (Stodolsky, 1986). It would best be 
mathematized and then subject to a proof of correctness to insure that 
any flaws are identified before substantial software development 
efforts are made. 

4.3.7.	Publication of "Conditional privacy:..."

The paper "Conditional privacy: Protecting expression by one-bit 
matchmaking" received public exposure in a conference presentation 
(Stodolsky, 1986). While the method is relatively straight forward 
cryptographicly, conference presentation and publication would 
increase the probability that any protocol errors are uncovered and 
perhaps suggest enhancements that integrate certification with 
information exchange.

4.3.8.	Test data collection

Once data requirements are identified, data collection procedures will 
be tested in a software environment approximating the final system. 
This will permit identification of user interface and security problems 
that could cause problems.

4.3.9.	Pilot tests

Test of the completed system, not including cryptographic security, can 
be conducted with non-sensitive data to insure operational procedures 
are functional. Participants could include students and interested 
person attending demonstrations.

5.	References

AIDS not gentle on the mind. (1987, March 26). New Scientist, (1153), 
38-39.

Brecher, E. M. (1975). Prevention of sexually transmitted diseases. The 
Journal of Sex Research, 11(4), 318-328.

Cancer virus linked to drug users. (1987, May 21). International Herald 
Tribune, 8.

Chaum, D. (1985). Security without identification: Transaction systems 
to make big brother obsolete. Communications of the ACM, 28(10), 
1030-1044.

Fredriksson, A. (1987, July, 15). Blodgivarnaal blir "friskhetsintyg"? 
Goteborgs-Posten, No. 88, 18.

Hellerstedt, L. (1987, June 19). Homosexutredning: Aidstest "frikort" 
foer loesslaeppt sex. Dagens Nyheter.

Ivey, P. A., Cox, A. L., Harbridge, J. r., & Oldfield, J. K. (1989, August).
A single-chip public key encryption subsystem. IEEE Journal of Solid-
State Circuits.

Painters and Dockers (Rock musicians). (1988). "Safe Sex", Crocodile 
(Compact Disk EMA CD1). Export Music Australia.

Prostitutes asked not to give blood. (1987, April 9). New Scientist, 
(1555), 29.

Seale, J. R. & Medvedev, Z. A. (1987). Origin and transmission of AIDS. 
Multi-use hypodermics and the threat to the Soviet Union: discussion 
paper. Journal of the Royal Society of Medicine, 80, 301-304.

Smith, D. (1989, July 14). AZT, Acyclovir, and the case for early 
treatment. AIDS Treatment News, Issue No. 83.

Stodolsky, D. (1979a, April 9). Personal computers for supporting health 
behaviors. Stanford, CA: Department of Psychology, Stanford University. 
(Preliminary proposal)

Stodolsky, D. (1979b, May 21). Social facilitation supporting health 
behaviors. Stanford, CA: Department of Psychology, Stanford University. 
(Preliminary proposal)

Stodolsky, D. (1979c, October). Systems approach to the epidemiology 
and control of sexually transmitted diseases. Louisville, KY: System 
Science Institute, University of Louisville. (Preliminary project 
proposal)

Stodolsky, D. (1983, June 15). Health promotion with an advanced 
information system. Presented at the Lake Tahoe Life Extension 
Conference. (Summary)

Stodolsky, D. (1986, June). Data security and the control of infectious 
agents. (Abstracts of the cross disciplinary symposium at the University 
of Linkoeping, Sweden: Department of Communication Studies). 

Stodolsky, D. (1989). Net hormones: Part 1 - Infection control assuming 
cooperation among computers [Machine-readable file]. Van Wyk, K. R. 
(1989, March 30). Several reports available via anonymous FTP. Virus-
L Digest, 2(77). Abstract republished in van Wyk, K. R. (1989, April 24). 
Virus papers (finally) available on Lehigh LISTSERV. Virus-L Digest, 
2(98). (Available via anonymous file transfer protocol from LLL-
WINKEN.LLNL.GOV: File name "~ftp/virus-l/docs/net.hormones" at 
Livermore, CA: Lawrence Livermore National Laboratory, Nuclear 
Chemistry Division and IBM1.CC.LEHIGH.EDU: File name "HORMONES 
NET" at Bethlehem, PA: Lehigh University. And by electronic mail from 
LISTSERV@LEHIIBM1.BITNET: File name "HORMONES NET" at Lehigh 
University).

Stodolsky, D. (in prep.). Conditional privacy: Protecting expression by 
one-bit matchmaking.

=========================================================

 /---[]                                  []
| Pa  |                   ---------------[]--------------
 \---/                   |               []              |
                         |                               |
 /---[]                  |   /---[]    /---[]            |
| Pb  |                  |  | Da  |   | Db  |            |
 \---/                   |   \---/     \---/             |
                         |                               |
                         | Health Center                 |
/---[]                    -------------------------------
| Pc |
\---/

----------------------------------------------------------

Explanation of Symbols:

          /---\
Persons  | Pi  |
          \---/
          
          
          
          /---\
Doctors  | Di  |
          \---/

       
           
Computers []

Figure 1

============================================================

P
h                           -----------      -----[]-----
y                          |   N1,N2   |    |     N1,N2  |
s                          | Pb     Da |    |   Da       |
i                          |           |    |            |
c                           -----------      ------------
a    Pa           Pa                                    
l    N1                                           N1=N1 
     Pb                        Pa               Pa      
P                 Pb                                    
l                 N2                              N2=N2 
a    Pc           Pc           Pc               Pc     
c                                                       
e                                                 Pb

 Time ----------------------------------------------->
     T1           T2           T3                 T4

----------------------------------------------------------

Explanation of symbols:

Person i        Pi             Doctor A            Da

Physical and    Pi
informational   Ni             Transaction codes   Ni
exchange        Pj
                                                  ----
Information       Ni,Nj        Health Center     |    |
transmission    Pi                                ----

Information       Ni=Ni        Health Center      -[]-
reception       Pi             Computer          |    |
and matching                   Transmitting       ----

Time of operation   Ti

Figure 2

===========================================================
David S. Stodolsky, PhD      Routing: <@uunet.uu.net:stodol@diku.dk>
Department of Psychology                  Internet: <stodol@diku.dk>
Copenhagen Univ., Njalsg. 88                  Voice + 45 31 58 48 86
DK-2300 Copenhagen S, Denmark                  Fax. + 45 31 54 32 11
-----------[000093][next][prev][last][first]----------------------------------------------------
From:      judice@kyoa.enet.dec.com (Louis J. Judice  18_Oct_1989 2147)  18-Oct-1989 2147)  31-OCT-1989  4:29:51
To:        "security@pyrite.rutgers.edu"@decwrl.dec.com
I installed one of these in an installation about 2 years ago.

It's a dial-back security device called a Traq-net (I believe), made by
Lee-Mah Data Security.

The tone is a prompt to enter a touch tone id-code. With the id-code,
the device calls back the telephone # associated with the id-code, which 
then auto-answers or manually answers the line, establishing a modem
connection.

I believe there is also a provision for having it dial you at other
pre-determined numbers when you are travelling. The Traq-net also logs
all calls, both invalid and valid.

It was a neat device, but there was significant user resistance to using
it, so it eventually fell into dis-use. Combined with a strong security
program it would probably work well in some environments.

Lou Judice
DEC

Note: this posting is my opinion only and is not an endorsement of the
 product(s) mentioned.
-----------[000094][next][prev][last][first]----------------------------------------------------
From:      Jeffrey Walsh <JEWALSH@fordmurh.bitnet>  31-OCT-1989  4:58:11
To:        security@ohstvma
As far as I know, and I'm not sure if this is a NY state law or a federal
law, but most information held by a college/university registrar concerning
name, address of record, phone number, etc., is not confidential, unless
the student/alumnus specifies so.  If these people have or have had a
relationship with an institution of higher learning, this might be one
avenue.

There's always the notion of posting something in the personals of a well-read
paper (eg - Village Voice) where people look for that type of thing.  If the
group has something in common, focus in on that -- they might be peeved if
last names are involved.  The key here is, of course, where do you think they
are geographically centered?

If anyone in the group has even a remote connection with the military, try
using the locators (usually free) in the branch publications:  Army Times,
Air Force Times, Navy Times...  Even if they've served in a unit five years ago
and aren't in anymore, there's the chance that someone who served with them
might still be and be able to relay you information on their whereabouts.

I'm not sure about the confidentiality laws that you queried about.  Sorry.

If you want the address for the locator service of the service papers, write
me at the address below.

Jeff Walsh
"JEWALSH@FORDMURH"
Fordham University
-----------[000095][next][prev][last][first]----------------------------------------------------
Date:      31 Oct 89 00:57:00 GMT
From:      ECL4JS2@OAC.UCLA.EDU (Jeff Suttor)
To:        misc.security
Subject:   Re: Re: Privacy vs on-line library

> A few programmers can even construct the borrowing history  of a given
> individual (a moment's thought about how a library works will tell you this)

This is not true for the Library I program for.  When a circulation
transaction is resolved, checked back in, the circ trans is archived but
any link to the user record is zeroed out.  This allows the archives to
be used for stat anal but protects the privacy of the user.  Most
Libraries are strong believers in information rights and do whatever
they can to protect the rights of their users.

-----------[000096][next][prev][last][first]----------------------------------------------------
Date:      31 Oct 89 18:05:57 GMT
From:      GSRLR@alaska.BITNET ("Robyn Robertson GSRLR@ALASKA")
To:        misc.security
Subject:   How to track people down.

Finding people?  I have spent considerable time and effort doing this
sort of work.  The only solid rule for tracking people down is that there
are no solid rules.

In general, finding people depends upon knowing enough about the target
subject(i.e. the person you want to find) to gain direction for the search.
For instance, I was retained to search for a gentleman that had absconded
from the Seattle area with substantial debts left behind.  I knew very
little about the guy other than his name, the fact that he had a trust
fund administered from Los Angeles, and that he had been planning to wed
a woman from Seattle when he was last heard from several weeks before.

In this case, I managed to locate a marriage license in the King county
(Seattle) Courthouse which yielded the name and address of the woman he
had, by the time of this search, married.  Although the man had covered
most of his tracks pretty well, the woman he had married took no effort
to obscure her path.

Consequently, I had the woman's name and last known residence(in
Renton, Washington, a suburb of Seattle)when I left the courthouse.  Once
I had this, the remaining follow up was reasonably simple.  It turnt out
that her prior residence she had been living in was up for sale.  A visit
to the real estate agent acting as broker afforded a reasonably fast
face-to-face meeting with the fugative I sought.   He, it developed, was
handling all the business of his new wife.  The real estate agaent very
thoughtfully arranged the meeting, and also provided me with the seller's
new home address.

I tell this story as a means of illustrating an approach to finding people.
While in general it is helpful to review information resources like the
telephone book, Polk directory, etc., I believe that a general priciple
is the best advice.  Find out all you can about your target, then determine
what, if any, information resources this knowledge of your target implies.
If you are uncertain what information your basic knowledge of your target
does imply, take what you know to an expert(like the records clerk in the
city/county building where the target I mention above had filed his marriage
license) and ask the expert what intelligence is necessarily implicit in
the information you have as a foundation.  Once this is accomplished, the
remaining task is to exploit this information.

As for expert assistance in developing the leads that you start with,
there are as many sources for this intelligence as there are catagories
worth exploiting.  I know very little about tennis, for instance,
but I know enough that if I found that a suspect I sought was a heavy tennis
player, I could certainly locate a tennis expert to tell me what
organizations associated with tennis might yield the suspect's location.
Failing that, if the suspect is a serious tennis player, and I have a good
idea what city he might be in, I might be able to develope leads by asking
questions at atheletic clubs in the area.

Although this approach seems like common sense, many people tend to forget
what creatures of habit we humans are, and they consequently fail to
exploit the obvious when searching for someone.  Nonetheless, I have found
this approach fairly useful.  Just find out all you can about your target,
then think! One must compile all available information on the target
subject, then follow it up and exploit whatever leads this information
developes.

===========================================================================
Robyn Robertson                         | The opinions expressed here are
BITNET: GSRLR@ALASKA                    |              my own
Internet: GSRLS@acad3.fai.alaska.edu    |
P.O.Box 81638                           |
Fairbanks, AK   99708                   |

END OF DOCUMENT