The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: Rutgers 'Security List' (incl. misc.security) - Archives (1990)
DOCUMENT: Rutgers 'Security List' for November 1990 (8 messages, 3536 bytes)
SOURCE: http://securitydigest.org/exec/display?f=rutgers/archive/1990/11.txt&t=text/plain
NOTICE: securitydigest.org recognises the rights of all third-party works.

START OF DOCUMENT

-----------[000000][next][prev][last][first]----------------------------------------------------
Date:      5 Nov 90 15:48:45 GMT
From:      veeneman@MOT.COM (Dan Veeneman)
To:        misc.security
Subject:   Motion detectors


     Does anyone have any experience or details about area motion
detectors ?  I know about the Radio Shack model(s), but am looking
for other options.

-- Dan
veeneman@mot.com

-----------[000001][next][prev][last][first]----------------------------------------------------
Date:      12 Nov 90 17:34:00 GMT
From:      THOR@lcc.edu (What's So Personal About a Name Anyhow ?)
To:        misc.security
Subject:   RE: Physical security of terminals

In regard to your physical security issue:

	One tried and true solution is to hire student empolyess as
	terminal-baby sitters.  Students are generally are inexpensive
	and available source for employment (and they will even work
	night & early morning shifts).

	While you could go out and bolt your terminals down, a determened
	thief wouldn't be detered for long, especially in an unattended
	room full of thousand dollar terminals.

				Just a Thought!

-----------[000002][next][prev][last][first]----------------------------------------------------
Date:      14 Nov 90 05:00:55 GMT
From:      wcs@erebus.att.com (William Clare Stewart)
To:        misc.security
Subject:   Re: Physical security of terminals

David Harrison asks for suggestions about keeping X terminals from
being stolen in a physically non-secure environment, such as pinging
the terminal every few minutes.  This won't work if people turn the
terminals off, or do other things that confuse the terminal too much
to answer pings, and won't work at all if there are any workstations
on the net that could be convinced to forge replies.

I don't have any POSITIVE suggestions, beyond social engineering and
maybe a video camera that's VERY obvious.  Model 029 keypunches were
a lot easier to secure - they were too big to move without major
inconvenience.
-- 
					Thanks; Bill
# Bill Stewart 908-949-0705 erebus.att.com!wcs AT&T Bell Labs 4M-312 Holmdel NJ

-----------[000003][next][prev][last][first]----------------------------------------------------
Date:      16 Nov 90 17:03:33 GMT
From:      spoelhof@KODAK.KODAK.COM (Gordon Spoelhof)
To:        misc.security
Subject:   Re: Password Servers

I tried an experiment on a Sun running SunOS 4.0.3.  I removed the password
file (moved to a different name) and tried accessing the machine...  All
new pseudo terminal access was blocked (before login prompt) as well as new
getty terminal access.  It seems safe.  I was not running NIS (yellow pages)
and would have to explore that one.

But I will leave other systems and other password mechanisms to the curious
reader.

Sincerely,

Gordon Spoelhof,
Computer Technology Consultant
Eastman Kodak Co. - Information Technology Management

-----------[000004][next][prev][last][first]----------------------------------------------------
Date:      21 Nov 90 14:58:14 GMT
From:      barnett@unclejack.crd.ge.com (Bruce Barnett)
To:        misc.security
Subject:   Re: Help finding DoD security specification

I just called, and the phone number you want to order the books
(i.e. the warehouse) is (301) 766-8729.

-----------[000005][next][prev][last][first]----------------------------------------------------
Date:      21 Nov 90 16:41:35 GMT
From:      wmartin@STL-06SIMA.ARMY.MIL (Will Martin)
To:        misc.security
Subject:   Re:  Same Key?

For what it's worth, just this past weekend (18 Nov 90), the "Fight Back"
consumer program hosted by David Horowitz, which I think is a nationally-
syndicated TV show, had a segment on locks being keyed alike. Unfortunately,
I missed the first minute or so of the segment, but it appeared that a
viewer had sent in a letter reporting that all (or a large number) of the
door locks for sale at a hardware store in her area had the same key.

Horowitz interviewed a lock manufacturer, who stated that there were about
6000 possible key combinations on standard door locks, and that they
tried to spread the duplicates out geographically, with one shipment to
a single dealer not having any duplicates (or at least minimizing the
number of duplicates). Duplicates were supposed to be sent to disparate
areas of the country, like New York versus San Francisco. The situation
reported by the viewer was a failure of this policy, of course -- possibly
an order for locks keyed alike had gotten mispackaged into the regular
retail-sales output.

Horowitz suggested that people purchasing door locks check out the other
identical items in the store, and see if the one lock's key will work a
different lock. If these things are in sealed packages, though, I don't
see how this would be possible. I would be more wary of a situation
where a builder, say, creating a subdivision, bought a truckload of locks
from a single vendor to put on the doors of those houses. If *he* got a
keyed-alike batch, now *that* would be an interesting mess...! If all
the locks on the shelf at a K-Mart were keyed alike, and I bought one,
that really isn't much of a risk -- who would know that the lock now on
my door was one of *those* locks? My neighbors' locks would have come
from dozens of other sources, and it would be unlikely that one of them
would have bought the same kind of lock at the same K-Mart during that
same time period, after all...

This program is usually repeated later in the viewing year, so you may
well be able to catch this segment on a show aired this coming spring,
if it is carried in your area.

Regards, Will Martin

PS -- Hmm... Do subdivision builders master-key their houses' locks so
they can get in to all the houses with just the one master key? Or
aren't the houses locked before they are sold? [I always lived in old
city houses and know nothing of subdivisions...] WM

-----------[000006][next][prev][last][first]----------------------------------------------------
Date:      21 Nov 90 17:07:26 GMT
From:      MAUVAIS@psuorvm.BITNET (Paul Mauvais)
To:        misc.security
Subject:   Re: Help finding DoD security specification

You can pick up one complimentary (read: FREE) copy of all the
Security "Rainbow" Books from the following address (or phone #):

INFOSEC Awareness Office
Department Of Defense/National Security Agency
Attn: S332
9800 Savage Road
Ft. George G. Meade, MD  20755-6000              (301) 688-8742

-----------[000007][next][prev][last][first]----------------------------------------------------
Date:      27 Nov 90 19:55:00 GMT
From:      herrickd@iccgcc.decnet.ab.com ("CONTR  HERRICK, DAN")
To:        misc.security
Subject:   finding DoD security specification

The very Civil Servant who answered that phone number referred me
to (301)766-8729, where another very Civil Servant took my name
and address and promised prompt shipment.

dan herrick
herrickd@astro.pc.ab.com

END OF DOCUMENT