The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: Rutgers 'Security List' (incl. - Archives (1990)
DOCUMENT: Rutgers 'Security List' for November 1990 (8 messages, 3536 bytes)
NOTICE: recognises the rights of all third-party works.


Date:      5 Nov 90 15:48:45 GMT
From:      [email protected] (Dan Veeneman)
Subject:   Motion detectors

     Does anyone have any experience or details about area motion
detectors ?  I know about the Radio Shack model(s), but am looking
for other options.

-- Dan
[email protected]com

Date:      12 Nov 90 17:34:00 GMT
From:      [email protected] (What's So Personal About a Name Anyhow ?)
Subject:   RE: Physical security of terminals
In regard to your physical security issue:

	One tried and true solution is to hire student empolyess as
	terminal-baby sitters.  Students are generally are inexpensive
	and available source for employment (and they will even work
	night & early morning shifts).

	While you could go out and bolt your terminals down, a determened
	thief wouldn't be detered for long, especially in an unattended
	room full of thousand dollar terminals.

				Just a Thought!

Date:      14 Nov 90 05:00:55 GMT
From:      [email protected] (William Clare Stewart)
Subject:   Re: Physical security of terminals
David Harrison asks for suggestions about keeping X terminals from
being stolen in a physically non-secure environment, such as pinging
the terminal every few minutes.  This won't work if people turn the
terminals off, or do other things that confuse the terminal too much
to answer pings, and won't work at all if there are any workstations
on the net that could be convinced to forge replies.

I don't have any POSITIVE suggestions, beyond social engineering and
maybe a video camera that's VERY obvious.  Model 029 keypunches were
a lot easier to secure - they were too big to move without major
					Thanks; Bill
# Bill Stewart 908-949-0705!wcs AT&T Bell Labs 4M-312 Holmdel NJ

Date:      16 Nov 90 17:03:33 GMT
From:      [email protected] (Gordon Spoelhof)
Subject:   Re: Password Servers
I tried an experiment on a Sun running SunOS 4.0.3.  I removed the password
file (moved to a different name) and tried accessing the machine...  All
new pseudo terminal access was blocked (before login prompt) as well as new
getty terminal access.  It seems safe.  I was not running NIS (yellow pages)
and would have to explore that one.

But I will leave other systems and other password mechanisms to the curious


Gordon Spoelhof,
Computer Technology Consultant
Eastman Kodak Co. - Information Technology Management

Date:      21 Nov 90 14:58:14 GMT
From:      [email protected] (Bruce Barnett)
Subject:   Re: Help finding DoD security specification
I just called, and the phone number you want to order the books
(i.e. the warehouse) is (301) 766-8729.

Date:      21 Nov 90 16:41:35 GMT
From:      [email protected] (Will Martin)
Subject:   Re:  Same Key?
For what it's worth, just this past weekend (18 Nov 90), the "Fight Back"
consumer program hosted by David Horowitz, which I think is a nationally-
syndicated TV show, had a segment on locks being keyed alike. Unfortunately,
I missed the first minute or so of the segment, but it appeared that a
viewer had sent in a letter reporting that all (or a large number) of the
door locks for sale at a hardware store in her area had the same key.

Horowitz interviewed a lock manufacturer, who stated that there were about
6000 possible key combinations on standard door locks, and that they
tried to spread the duplicates out geographically, with one shipment to
a single dealer not having any duplicates (or at least minimizing the
number of duplicates). Duplicates were supposed to be sent to disparate
areas of the country, like New York versus San Francisco. The situation
reported by the viewer was a failure of this policy, of course -- possibly
an order for locks keyed alike had gotten mispackaged into the regular
retail-sales output.

Horowitz suggested that people purchasing door locks check out the other
identical items in the store, and see if the one lock's key will work a
different lock. If these things are in sealed packages, though, I don't
see how this would be possible. I would be more wary of a situation
where a builder, say, creating a subdivision, bought a truckload of locks
from a single vendor to put on the doors of those houses. If *he* got a
keyed-alike batch, now *that* would be an interesting mess...! If all
the locks on the shelf at a K-Mart were keyed alike, and I bought one,
that really isn't much of a risk -- who would know that the lock now on
my door was one of *those* locks? My neighbors' locks would have come
from dozens of other sources, and it would be unlikely that one of them
would have bought the same kind of lock at the same K-Mart during that
same time period, after all...

This program is usually repeated later in the viewing year, so you may
well be able to catch this segment on a show aired this coming spring,
if it is carried in your area.

Regards, Will Martin

PS -- Hmm... Do subdivision builders master-key their houses' locks so
they can get in to all the houses with just the one master key? Or
aren't the houses locked before they are sold? [I always lived in old
city houses and know nothing of subdivisions...] WM

Date:      21 Nov 90 17:07:26 GMT
From:      [email protected] (Paul Mauvais)
Subject:   Re: Help finding DoD security specification
You can pick up one complimentary (read: FREE) copy of all the
Security "Rainbow" Books from the following address (or phone #):

INFOSEC Awareness Office
Department Of Defense/National Security Agency
Attn: S332
9800 Savage Road
Ft. George G. Meade, MD  20755-6000              (301) 688-8742

Date:      27 Nov 90 19:55:00 GMT
From:      [email protected] ("CONTR  HERRICK, DAN")
Subject:   finding DoD security specification
The very Civil Servant who answered that phone number referred me
to (301)766-8729, where another very Civil Servant took my name
and address and promised prompt shipment.

dan herrick
[email protected]