----MESSAGE-BEGIN---- [9012030543.AA21399@ucbarpa.Berkeley.EDU] <1990110515484500> From: veeneman@MOT.COM (Dan Veeneman) Newsgroups: misc.security Subject: Motion detectors Message-ID: <9012030543.AA21399@ucbarpa.Berkeley.EDU> Date: 5 Nov 90 15:48:45 GMT Sender: daemon@ucbvax.BERKELEY.EDU Organization: The Internet Lines: 7 Approved: security@rutgers.edu Posted: Mon Nov 5 16:48:45 1990 Does anyone have any experience or details about area motion detectors ? I know about the Radio Shack model(s), but am looking for other options. -- Dan veeneman@mot.com ----MESSAGE-END---- ----MESSAGE-BEGIN---- [9012030631.AA21642@ucbarpa.Berkeley.EDU] <1990111217340000> From: THOR@lcc.edu (What's So Personal About a Name Anyhow ?) Newsgroups: misc.security Subject: RE: Physical security of terminals Message-ID: <9012030631.AA21642@ucbarpa.Berkeley.EDU> Date: 12 Nov 90 17:34:00 GMT Sender: daemon@ucbvax.BERKELEY.EDU Organization: The Internet Lines: 12 Approved: security@rutgers.edu Posted: Mon Nov 12 18:34:00 1990 In regard to your physical security issue: One tried and true solution is to hire student empolyess as terminal-baby sitters. Students are generally are inexpensive and available source for employment (and they will even work night & early morning shifts). While you could go out and bolt your terminals down, a determened thief wouldn't be detered for long, especially in an unattended room full of thousand dollar terminals. Just a Thought! ----MESSAGE-END---- ----MESSAGE-BEGIN---- [9012110331.AA27288@ucbarpa.Berkeley.EDU] <1990111405005500> From: wcs@erebus.att.com (William Clare Stewart) Newsgroups: misc.security Subject: Re: Physical security of terminals Message-ID: <9012110331.AA27288@ucbarpa.Berkeley.EDU> Date: 14 Nov 90 05:00:55 GMT Sender: daemon@ucbvax.BERKELEY.EDU Organization: The Internet Lines: 14 Approved: security@rutgers.edu David Harrison asks for suggestions about keeping X terminals from being stolen in a physically non-secure environment, such as pinging the terminal every few minutes. This won't work if people turn the terminals off, or do other things that confuse the terminal too much to answer pings, and won't work at all if there are any workstations on the net that could be convinced to forge replies. I don't have any POSITIVE suggestions, beyond social engineering and maybe a video camera that's VERY obvious. Model 029 keypunches were a lot easier to secure - they were too big to move without major inconvenience. -- Thanks; Bill # Bill Stewart 908-949-0705 erebus.att.com!wcs AT&T Bell Labs 4M-312 Holmdel NJ ----MESSAGE-END---- ----MESSAGE-BEGIN---- [9012120411.AA12807@ucbarpa.Berkeley.EDU] <1990111617033300> From: spoelhof@KODAK.KODAK.COM (Gordon Spoelhof) Newsgroups: misc.security Subject: Re: Password Servers Message-ID: <9012120411.AA12807@ucbarpa.Berkeley.EDU> Date: 16 Nov 90 17:03:33 GMT Sender: daemon@ucbvax.BERKELEY.EDU Organization: The Internet Lines: 14 Approved: security@rutgers.edu Posted: Fri Nov 16 18:03:33 1990 I tried an experiment on a Sun running SunOS 4.0.3. I removed the password file (moved to a different name) and tried accessing the machine... All new pseudo terminal access was blocked (before login prompt) as well as new getty terminal access. It seems safe. I was not running NIS (yellow pages) and would have to explore that one. But I will leave other systems and other password mechanisms to the curious reader. Sincerely, Gordon Spoelhof, Computer Technology Consultant Eastman Kodak Co. - Information Technology Management ----MESSAGE-END---- ----MESSAGE-BEGIN---- [9012031622.AA24247@ucbarpa.Berkeley.EDU] <1990112114581400> From: barnett@unclejack.crd.ge.com (Bruce Barnett) Newsgroups: misc.security Subject: Re: Help finding DoD security specification Message-ID: <9012031622.AA24247@ucbarpa.Berkeley.EDU> Date: 21 Nov 90 14:58:14 GMT Sender: daemon@ucbvax.BERKELEY.EDU Organization: The Internet Lines: 2 Approved: security@rutgers.edu Posted: Wed Nov 21 15:58:14 1990 I just called, and the phone number you want to order the books (i.e. the warehouse) is (301) 766-8729. ----MESSAGE-END---- ----MESSAGE-BEGIN---- [9012120442.AA12888@ucbarpa.Berkeley.EDU] <1990112116413500> From: wmartin@STL-06SIMA.ARMY.MIL (Will Martin) Newsgroups: misc.security Subject: Re: Same Key? Message-ID: <9012120442.AA12888@ucbarpa.Berkeley.EDU> Date: 21 Nov 90 16:41:35 GMT Sender: daemon@ucbvax.BERKELEY.EDU Organization: The Internet Lines: 41 Approved: security@rutgers.edu Posted: Wed Nov 21 17:41:35 1990 For what it's worth, just this past weekend (18 Nov 90), the "Fight Back" consumer program hosted by David Horowitz, which I think is a nationally- syndicated TV show, had a segment on locks being keyed alike. Unfortunately, I missed the first minute or so of the segment, but it appeared that a viewer had sent in a letter reporting that all (or a large number) of the door locks for sale at a hardware store in her area had the same key. Horowitz interviewed a lock manufacturer, who stated that there were about 6000 possible key combinations on standard door locks, and that they tried to spread the duplicates out geographically, with one shipment to a single dealer not having any duplicates (or at least minimizing the number of duplicates). Duplicates were supposed to be sent to disparate areas of the country, like New York versus San Francisco. The situation reported by the viewer was a failure of this policy, of course -- possibly an order for locks keyed alike had gotten mispackaged into the regular retail-sales output. Horowitz suggested that people purchasing door locks check out the other identical items in the store, and see if the one lock's key will work a different lock. If these things are in sealed packages, though, I don't see how this would be possible. I would be more wary of a situation where a builder, say, creating a subdivision, bought a truckload of locks from a single vendor to put on the doors of those houses. If *he* got a keyed-alike batch, now *that* would be an interesting mess...! If all the locks on the shelf at a K-Mart were keyed alike, and I bought one, that really isn't much of a risk -- who would know that the lock now on my door was one of *those* locks? My neighbors' locks would have come from dozens of other sources, and it would be unlikely that one of them would have bought the same kind of lock at the same K-Mart during that same time period, after all... This program is usually repeated later in the viewing year, so you may well be able to catch this segment on a show aired this coming spring, if it is carried in your area. Regards, Will Martin PS -- Hmm... Do subdivision builders master-key their houses' locks so they can get in to all the houses with just the one master key? Or aren't the houses locked before they are sold? [I always lived in old city houses and know nothing of subdivisions...] WM ----MESSAGE-END---- ----MESSAGE-BEGIN---- [9011211707.AA19245@ucbarpa.Berkeley.EDU] <1990112117072600> From: MAUVAIS@psuorvm.BITNET (Paul Mauvais) Newsgroups: misc.security Subject: Re: Help finding DoD security specification Message-ID: <9011211707.AA19245@ucbarpa.Berkeley.EDU> Date: 21 Nov 90 17:07:26 GMT Sender: daemon@ucbvax.BERKELEY.EDU Organization: The Internet Lines: 8 Approved: security@rutgers.edu Posted: Wed Nov 21 18:07:26 1990 X-Unparsable-Date: Tue, 30 Oct 90 14:30:29 LCL You can pick up one complimentary (read: FREE) copy of all the Security "Rainbow" Books from the following address (or phone #): INFOSEC Awareness Office Department Of Defense/National Security Agency Attn: S332 9800 Savage Road Ft. George G. Meade, MD 20755-6000 (301) 688-8742 ----MESSAGE-END---- ----MESSAGE-BEGIN---- [9012031706.AA24577@ucbarpa.Berkeley.EDU] <1990112719550000> From: herrickd@iccgcc.decnet.ab.com ("CONTR HERRICK, DAN") Newsgroups: misc.security Subject: finding DoD security specification Message-ID: <9012031706.AA24577@ucbarpa.Berkeley.EDU> Date: 27 Nov 90 19:55:00 GMT Sender: daemon@ucbvax.BERKELEY.EDU Organization: The Internet Lines: 6 Approved: security@rutgers.edu Posted: Tue Nov 27 20:55:00 1990 The very Civil Servant who answered that phone number referred me to (301)766-8729, where another very Civil Servant took my name and address and promised prompt shipment. dan herrick herrickd@astro.pc.ab.com ----MESSAGE-END----