The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: Rutgers 'Security List' (incl. - Archives (1989)
DOCUMENT: Rutgers 'Security List' for December 1989 (12 messages, 6335 bytes)
NOTICE: recognises the rights of all third-party works.


Date:      1 Dec 89 13:03:24 GMT
From:      [email protected] ("W. K.  Gorman", Bill)
Subject:   Re:  Privacy vs on-line library
>these stores in hope of finding certain seeds or plants that may thrive
>in an 'indoor gardening' setup, or for the sole purpose of seizing
>files? [...]

Any references I have come across pointed to such raids being used
for intelligence gathering only - no illegal substances were found at
such locations. Even with a warrant, it strikes me as an abuse of
authority to raid an innocent third party in the purely speculative
hope of finding something pertinent to a presently weak or non-existing
prosecution of a customer of such a business. The same logic could be
perverted to justify raiding Sears for the same "reasons".

Date:      1 Dec 89 17:10:05 GMT
From:      [email protected] (Howie Choset)
Subject:   Market Survey for school
[Moderator injection: No flames about "commercial nature", please.  I think
we could all learn something from this.  Howie, when you finish collecting
any replies, could you summarize for the list?  Thanks.   _H*]

Hello, the following is a market survey for a class I am taking. I 
plan to make this product in the future. Please fill out the 
survey and mail it and any comments to 
[email protected]

Thank you for your time and effort

Market Survey 

1. How often do you lose things (ie keys, wallet, credit cards)

A. never   B. rarely   C. sometimes  D. often E. all the time

2. If the price were right, would you buy a product that would help 
you find lost items. For example, there is a device which you
attach to your keys and detects a high pitched sound. When you
lose your keys, you whistle and if your keys are in the same room, 
then they would beep.

A. yes  B. no
3. What would be an approximate price for such a device (If E, fill in 
a price)

A. 30 dollars   B. 50 dollars  C. 60 dollars  D. 40 dollars E. None______

4. If the price were right, would you buy a product that would
warn you as soon as you lost an object of yours. Before, you had
to realize something was lost and look for it; now, as soon as
you lose an object, the product will notify the user that something
is lost.

A. yes  B. no

5. What would be an approximate price for such a device

A. 100 dollars  B. 150 dollars  C. 200 dollars  D. 250 dollars E. None_____

6. If you want to be put on a mailing list for more information about
the above listed devices, please return your name and  address with
this survey

Date:      3 Dec 89 19:10:23 GMT
From:      [email protected] (Wendel Bordelon)
Subject:   Finding a key blank
  I hope that someone on this list may be able to help me. I am looking
for a key blank for a WALSCO lock. I have the lock and a single key but
before I put it in anything I would like to have another key. I do not
remember where I got the lock. The lock has ingraved on it:

     WALSCO  by Viro Italy

The key has Made Italy and a number (serial number?) and Walsco on the
opposite side. Any help in getting a blank to have a new key made or info
about this kind of lock would be appreciated. Oh, and before you all send
me a note about going to a lock smith I did that.... no help there.


Date:      4 Dec 89 15:25:47 GMT
From:      [email protected] (Nicholas Heesters)
Subject:   site security, storage

	Do any netters know of any organizations that currently
have a need for contract security or are thinking of changing
their present contract security?

	How about a need for secure off-site storage for computer

	If so please let me know.  I'm doing an informal survey for 
small businesses that specialize in the above.

	e-mail -> [email protected]

Date:      4 Dec 89 18:59:00 GMT
From:      [email protected] ("LFA")
Subject:   Computer Security Text
> Course on security

Mr. de Groot,

	One excellent text on the subject is SECURITY IN COMPUTING, 
C. P. Pfleeger, Prentice-Hall, Englewood Cliffs, New Jersey (1989).
It is my understanding that this material was taught by the author
while he was a professor in the Computer Science Dept. at The University
of Tennessee.  The author is currently working in private industry
as a computer security professional.


					Lloyd F. Arrowood
					Oak Ridge National Laboratory

Disclaimer:  The views and opinions of the author do not necessarily state
             or reflect those of the United States Government or any agency

Date:      4 Dec 89 21:52:42 GMT
From:      [email protected] (Ken Bell)
Subject:   Re: Universal Card System
> card" account.  But there is a catch to this system.  You have to use
> ALL of your money by the end of each semester.

So they first get all of your money in advance (the reverse of what
happens when you charge something on a normal credit card and then
pay all of it immediately when it is billed), and then they take
anything that you haven't spent at the end.  Why are people so willing
to accept things like this?  (A student could put the money in an
interest bearing account and end up with at least a few percent profit
by the end of the year, with no risk of losing anything that hasn't
been spent.)

[Moderator tack-on:  Perhaps I'm missing the point, but it seems to me the
student would have a valid beef if the institution appropriated money that
the student hadn't actually *spent* on something??  Is this for real?!  _H*]

Date:      6 Dec 89 09:06:54 GMT
From:      [email protected]
Subject:   Security Server?

We are in the early stages of consideration of a "Security Server" for our
network. Besides our LAN we also want to use our ISDN PABX for data communi-

Therefor I am interested in information or references about
        - existing systems (LAN based like KERBEROS or ISDN like ???)
                system design, protocols/communication software used, etc.
        - hardware/software for encryption
                both private and public key cryptosystems
                (e.g. DES/RSA implementations available; which data transfer
                 rates can be achieved, key management and distribution, etc.)
        - interworking between LAN-based and ISDN system

All information, references or contacts are highly appreciated

        Thomas Vogel
        HRZ                             (that's the computation center)
        Technische Hochschule Darmstadt

Date:      7 Dec 89 22:01:04 GMT
From:      [email protected]
I am doing a survey of trunk encryption devices (both NSA endorsed and
  non-NSA endorsed).  I am looking for devices which will run at T1 rates and
  above.  Right now, I have three devices on my list
	1.  Cylink CIDEC-HS (operates at rates between 9.6Kbps and 7Mbps,
		  supports V.35, Rs449, DS1 and DS2 interfaces)
	2.  Cylink CKG-VHS (operates at rates between 10 and 50 Mpbs,
		  supports DS3 interface)
	3.  KG94
	4.  KG95

Would you please include a telephone number, name, location etc. with
  the product name?  A brief description would be appreciated also.

Please send responses directly to me ([email protected]).  I will post
a summary. 


Date:      8 Dec 89 01:46:00 GMT
From:      [email protected]
Subject:   re: privacy
A DA or Ass't AG do not need either a warrant or probable cause to obtain
copies of your records.  The approved procedure is to use a subena deues tacem.
The supena comes from a grand jury; the GJ requests your records to help it
investigate whatever the DA or AAG wants the GJ to investigate.  So any
record the DA or AAG wants, he (or she) gets.

A supena does not require probable cause.

Often a DA (and less often a AAG) will just wander in and demand the records.
They will threaten to get a supena.  Since they can easily get a supena, and
since most people hate a fight, this is often all that is required to obtain
records.  For example, in Lorain county OH the DA went to all the drug stores
in Oberlin and demands the prescription lists.  Seems he was looking for people
(most likely oberlin college students) who were receiving the same prescription
from several drug stores.  I suppose those who did this (if there were any)
sold or gave the extra happy pills to their friends. :->  Given the great
all campus drug parties at Oberlin I'm sure this went on.  OF course he
incidently found out who was on what anti-depressent anti-psycicotic drug...

always watching: cjs

Date:      15 Dec 89 17:09:38 GMT
From:      [email protected] ("Douglas F. DeJulio")
Subject:   Fwd: Trojan Horse PC not in US
This might be of interest...

---------- Forwarded message begins here ----------

Date: 14 Dec 1989 14:04:56-EST
>From: [email protected]
Subject: Trojan Horse PC not in US

Here at the CERT we've been following information about the AIDS
information disk/trojan horse pretty closely.  (There was a New York
Times article on Wednesday in the business section that quoted the

We are working on a more complete posting that we will put out to the
net, but at this point it's worth saying that we have heard of no
reports of this disk being sent to the United States.  From what we've
heard, most of the disks were sent to of subset of the subscribers of
a UK PC magazine 'PC Business World'.  It's been very hard to get real
numbers on how many people received the disk, but the latest numbers
(and these should be taken with a very large grain of salt) are that
person or persons who sent the disks rented 7000 names from the list
of 35,000 subscribers to PC Business World.  There's no definitive
answer on how many of those people were actually sent disks, but I
talked to Alan Jay at the UK IBM PC User's Group, and he said that
based on the number of calls they'd received, it was easily more than
hundreds.  Their best guess was 1/5 to 1/4 of 7000 got the disk.
(Again, this is not confirmed.)

So the bottom line is that it's unlikely to be a problem here.  Still,
if you should hear of anyone actually getting this disk outside of
Eurpope, please have them get in touch with the CERT.

J. Paul Holbrook
Computer Emergency Response Team
Software Engineering Institute
Internet: <[email protected]>
(412) 268-7090  
24 hour hotline: CERT personnel answer 7:30am-6pm EST, on call for
   emergencies other hours

Date:      18 Dec 89 07:08:00 GMT
From:      [email protected]
Subject:   The tuxedo cat burgler.
I was reading your message concerning a man who robbed affluent homes
during the middle of the night while wearing a tux and armed with 1000 
dollar bills.  The letter reffered to the demise of the robber, but
didnt give any particuliars of how he was caught, and what the "bearable"
punishment was.  The letter referred to couple of different downfall to the
system.  Just out of curiosity, could you please enlighten me to what they


				[email protected]

Date:      27 Dec 89 13:50:49 GMT
From:      [email protected] (Christopher E. Shull)
Subject:   Re: Mac Security Software
The January 1990 issue of MacWorld features as its cover story, a special
report on "Data Safety".  I'm not an expert, but the author seems to hit
the major options.  If anyone has experiences with the products described,
please post your experiences.


Christopher E. Shull                    [email protected]
Decision Sciences Department            [email protected]
The Wharton School                      University of Pennsylvania
Philadelphia, PA  19104-6366            215/898-5930
"Damn the torpedoes!  Full speed ahead!"  Admiral Farragut, USN, 1801-1870