Date: Wed, 07 Feb 90 21:20 CST From: GREENY Subject: Remote Alarm systems To: > ...connect to a central office via phone lines... Nope, not any more. Now Ademco has a long range wireless xmitter (two way, or one way) which hooks up to your alarm system and can act as the stand alone transmission device or as a redundant circuit to the phone line connection. Basically, in the one way connection, the xmitter sits idle if not triggered and does nothing (except send in an ACK signal to tell the receiver at the central station "I'm Here, everything's cool"), until the alarm is triggered. When the alarm is triggered it sends the account #, and "popped" zone over the radio waves (about 900 MHz), and is repeated by local "nodes" till received by the CS.... The two way model is continously sending Acks back and forth to the CS, but has a 6 minute "drop out" window in case of intereference.....costs more to monitor per month, but is twice as secure.....something like a UL AA rating... bye for ow but not for long... Greeny Date: Tue, 30 Jan 90 08:10:16 EST From: AZM@cu.nih.gov Subject: Re: Finding a key blank To: security@pyrite.rutgers.edu > [Moderator add-on: Most hardware stores and other places that have blanks > *will* sell you blanks, especially if you express indignation at their weak > attempts to not do so. Keep at it. _H*] I do not know what part of the country you are in, but I live in Maryland (the ancestral home of goody twoshoes, and test market for all future restrictions on American's rights). Here no locksmith, or locksmith supply house, or hardware store will sell you key blanks. Of course, the real reason for the restriction is to "lock up" the keymaking business as a big money-maker for the locksmiths. What they tell those who try to buy blanks is that you must be a licensed lock- smith. I tried to buy a lousy flat blank to make a key for a microscope cabinet and was refused out of hand. I even tried bringing the cabinet with me to show them what I wanted it for, but was still refused. At least here in Maryland these are not weak attempts, they are absolute and total restrictions. For my part, rather than give ANY money at all to these profit-hungry, blood-sucking "artisans" I will go to my grave never having seen the insides of the nine cabinets that I need keys for. Now that I have vented my spleen on the subject of refusal on the part of locksmiths to dispense keyblanks I DO have a constructive solution to the problem. At virtually every flea market you will find one or more people selling rings, or strings, or cans or boxes full of old keys, and at ridiculously low prices (I paid $3 for a can containing 147 keys). Although it may involve consider- ably more effort than working from "blank" key blanks, it is quite possible to reshape existing keys to fit other locks. In a few cases it is possible to find keys that require only a touch of the jewelers file here and there to fit another lock. I have done this successfully on quite a few occasions. In other cases I have found exact matches, sometimes in unusual ways. I bought a small, nineteenth century, mahogany box that was locked and required a small "skeleton" key. At another time I bought a small Reichert microscope from the turn of the century that came with a locked, leather-covered box. Just on a whim I tried the micro- scope key in the mahogany box and found it an exact match. The two locks are half a century apart in manufacture. I guess the bottom line is, that as our country becomes more and more restrictive, it will be necessary to counter by becoming more and more innovative. Kokkor Hekkus AZM@NIHCU Date: 23 Jan 90 15:20:08 GMT From: gregm@csd4.csd.uwm.edu (Greg Mumm) Subject: Slim-Jim purchase To: misc-security@uunet.uu.net Anyone know where I can get a Slim-Jim from? I think that's what they call those thin metal devices that cops use to unlock car doors with. How much do they cost? Are they legal? I would like to purchase it as a joke for my brother. Internet: gregm@csd4.csd.uwm.edu Bitnet: gregm%csd4.csd.uwm.edu@INTERBIT Uucp: uunet!gregm@csd4.csd.uwm.edu Name : Greg Mumm [Moderator add-on: US General Tools had 'em, last I checked. "Not legal for sale in NY or NJ." I had the item cut out and tacked on my door for a while, with the header line modified to read "Never get locked out of your [neighbor's] car again!" But why buy one when they show you a *picture* of what the thing looks like, complete with a cutaway view of the car door?!?!? Find a piece of packing strap and take a pair of shears to it. _H*] Date: Thu, 1 Feb 90 15:14 CST From: david paul hoyt Subject: RE: Request for help To: security@pyrite.rutgers.edu > I would like to know the titles of a few books I would recommend browsing through the papers from the 'IEEE Symposium on Security and Privacy.' There are good survey articles, as well as more vertical papers. The (delivered) papers are also an excellent source of references to other articles. david | dhoyt@vx.acs.umn.edu Date: 2 Feb 90 22:34:20 GMT From: virtech!jje@uunet.uu.net (Jeremy J. Epstein) Subject: Re: Request for help To: misc-security@uunet.uu.net Try "Cryptography & Data Security" by Dorothy Denning, (c) about 1982 (Addison Wesley, I think, but I'm not sure). An excellent introduction to the subject, with many good references. I took it as a course from Dorothy at Purdue, and was not disappointed! -- Jeremy Epstein TRW Systems Division 703-876-4202 jje@virtech.uu.net Date: Thu, 8 Feb 90 10:23:13 EST From: shz@packard.att.com (Seth Zirin) Subject: Re: cop detectors To: misc-security@att.att.com >Would it be possible to build a police radio detector that detected >the emissions from the local oscillators of the radios? This would be pretty sophisticated gear. Police use several VHF and UHF bands and civilian radios operate within fairly close range of the police frequencies. Detecting police while ignoring tow trucks, buses and utility company radios would require selective detection of many frequency ranges on several bands. Seth Zirin Date: Wed, 7 Feb 90 22:04:04 PST From: Cassius_Gaius_Longinus@cc.sfu.ca Subject: cordless privacy To: security@pyrite.rutgers.edu I am no lawyer, but I think you ony need the consent of one of the parties in order to legally record a phone conversation - at least that is the case here in Canada. So, if it's ok for the LEA to tape the end being 'broadcasted', the 'right' extends to the other party, no? ~~~~ BITNET: usereaxe@sfu; INTERNET/ARPA: cassius_longinus@cc.sfu.ca UUCP: ...!ubc-cs!cc.sfu.ca!cassius_longinus If all else fails: CIS: 73040,2210; or a1254@mindlink.uucp Disclaimer:I work for myself. I stand behind my words! SO THERE! 'Cute' remark:"Every law is an infraction of liberty." -- Jeremy Bentham ~~~~ Date: Wed, 07 Feb 90 10:15:06 EST From: "Paul T. Winkfield" Subject: Re: criminal intelligence To: security@pyrite.rutgers.edu I notice the same thing that Jim had mentioned, what criminals take advantage of are people/organizations who often do stupid things that allow crimes to be committed ie: leaving car keys in car; open windows; faulty audit practices, etc. Here in Philly there are known families who's sole career is thief. Who is less intelligent; the drug seller or user? I hate people who goes around yelling about intelligence levels of any group; in my book; getting caught committing the crime is stupidity. Now everyone say Watergate!!! No6..The Prisoner Date: Thu, 8 Feb 90 12:45 EST From: WHMurray@dockmaster.ncsc.mil Subject: Answerback To: security@rutgers.edu >This is a purplexing problem ... why do manufacturers still >put an answerback buffer in computer terminals ... The complete answer to this question will have to await a day when I have more time. The short answer is that both de facto and de jure standards require it. Note also that there are more than ten milllion terminals and another ten million terminal emulators with this "feature" already deployed; nothing that the vendors do now is likely to have any effect on the exposure for a decade or more. William Hugh Murray, Fellow, Information System Security, Ernst & Young 2000 National City Center Cleveland, Ohio 44114 21 Locust Avenue, Suite 2D, New Canaan, Connecticut 06840 Date: 13 Feb 90 23:29:58 GMT From: spaf@cs.purdue.edu (Gene Spafford) Subject: Re: Who (Specificly) has Morris' Worm Code? To: misc-security@gatech.edu Hundreds (maybe thousands) of people around the world have Morris's worm code. Lots of people have the binaries, and many people have reverse-engineered the code to C source. There has even been a book published in England that has most of the code in it. As far as people having the original source, well, folks at Cornell have it. Printouts and tape copies were given to the FBI, and the U.S. Attorney's office has copies. Some of the witnesses for the prosecution got paper copies, too. It's not all that surprising or entertaining.... -- Gene Spafford NSF/Purdue/U of Florida Software Engineering Research Center, Dept. of Computer Sciences, Purdue University, W. Lafayette IN 47907-2004 Internet: spaf@cs.purdue.edu uucp: ...!{decwrl,gatech,ucbvax}!purdue!spaf Date: 13 Feb 90 09:14:26 GMT From: dlb!netcom!onymouse@ames.arc.nasa.gov (John Debert) Subject: Re: cop detectors To: misc-security@ames.arc.nasa.gov > Would it be possible to build a police radio detector that detected > the emissions from the local oscillators of the radios? This would be > [Moderator tack-on: Professional rigs are normally pretty-well shielded.] I have found it very easy to detect police hand-helds, and, sometimes, mobile sets. Some of the recent Motorola hand-helds (the HT-220 series and on) emit such strong signals that I have picked them up as much as 200 feet away on my Pro-30 with it in my back pocket. The radios operate on UHF with repeaters and I pick up the signals on the repeater output frequency. Of course, there are those who would say that "That's impossible!" but it does in fact happen with my radios and I don't worry about whether it's possible or not. It happens, it works, no problem. I do not know if it works with all makes of radios, though. That is one method that may work. Others are to set your scanner to pick up the local oscillator frequency or even the transmit frequency in case the transmitter oscillator aways idles during receive. jd onymouse@netcom.UUCP Date: Thu, 8 Feb 90 10:48:11 -0500 (EST) From: Thomas Neudecker Subject: Caller ID To: security@pyrite.rutgers.edu Recently I have been having some annoying people trying to breakin to a BBoard. This/these people come in via a modem. Now that Bell is providing caller id service in some areas I was wondering if I could capture the number of the caller and add it to the activity log I keep. Most of the normal caller id boxes only store the last three numbers so adding it would only be a partial solution. How does caller id work? Can the signal be captured via a modem? Is it prefixed to the first or to all packets? Tom Neudecker Carnegie Mellon Date: Thu, 8 Feb 90 15:45 CST From: douglas@ddsw1.mcs.com (Douglas Mason) Subject: Credit Card Fraud... To: misc-security@rutgers.edu Something interesting that I heard was going on at [eastern college] was that a couple of students were able to get a hold of a credit-card magnetic stip recorder somehow. They also stole purses, wallets, anything that they could get their hands on that had credit cards in it. After doing the above, they would dig through dumpsters (we all know that story) and pick up carbons or other receipts that have credit card numbers on them, and make a list of valid card numbers. Using the encoding machine, they then erased the old card number off of the magnetic strip (which had probably been reported stolen by this time) and encoded on that same strip one of the card numbers that they had picked up out of the dumpsters. So now they have say a MasterCard with an invalid number embossed on the front of it, and a different-but-valid account on the magnetic strip. What good is this? Plenty good for the clever thief! They then went into shopping malls or anywhere that the credit-card validation machines were the all-too-familiar "slide the card through and read the number off the mag strip" type. The merchant would authorize the card successfully and get an approval code, then run the card though and get a paper receipt. The merchants never check the card number on the authorization machine display and compare it to that of the card! When the merchants send in the credit card slips to the bank, they of course come back, and I imagine it takes a long time to figure out what exactly happened. Merchants beware! -Douglas Mason -- Douglas T. Mason | douglas@ddsw1.UUCP or dtmason@m-net | Date: Thu, 1 Feb 90 13:06:39 PST From: faigin@aerospace.aero.org Subject: Call for Papers --> 6th Annual Computer Security Applications Conf. To: security@rutgers.edu CALL FOR PAPERS AND PARTICIPATION Sixth Annual Computer Security Applications Conference December 3-7, 1990 Tucson, Arizona The Conference Operational requirements for civil, military, and commercial systems increasingly stress the necessity for information to be readily accessible. The Computer Security Act of 1987 requires that all Federal agencies take certain actions to improve the security and privacy provided by federal computer systems. Accomplishing both operational and security requirements requires the application of the maturing technology of integrated information security to new and existing systems throughout their life cycle. This conference will explore technology applications for both civil and military systems; the hardware and software tools and techniques being developed to satisfy system requirements; and specific examples of systems applications and implementations. Security policy issues and standards will also be covered during this five day conference. Papers, Tutorials, and Vendor Exhibits Technical papers and tutorials that address the application of integrated information security technologies in the civil, defense, and commercial environments are solicited. Original research, analyses and approaches for defining the computer security issues and problems identified in the Conference's interest areas; secure systems in use or development; methodological approaches for analyzing the scope and nature of integrated information security issues; and potential solutions are of particular interest. We are also interested in vendor presentations of state-of-the-art information security products. INSTRUCTIONS TO AUTHORS: Send five copies of your paper or panel proposal to Dr. Ronald Gove, Program Chairman, at the address given below. Tutorial proposals should be sent to Dr. Dixie Baker at the address given below. We provide "blind" refereeing; put names and affiliations of authors on a separate cover page only. It is a condition of acceptance that manuscripts submitted have not been published. Papers that have been accepted for presentation at other conferences should not be submitted. Papers and tutorial proposals must be received by May 18, 1990. Authors will be required to certify prior to June 20, 1990, that any and all necessary clearances for publication have been obtained, that they will attend the conference to deliver the paper, and that the paper has not been accepted elsewhere. Authors will be notified of acceptance by July 30, 1990. Camera ready copies are due not later than September 19, 1990. Material should be sent to: Dr. Ronald A. Gove Dr. Dixie B. Baker Technical Program Chair Tutorial Program Chair Booz-Allen & Hamilton Inc. The Aerospace Corporation 4330 East-West Highway P.O. Box 92957, MI/005 Bethesda, MD 20814 Los Angeles, CA 90009 (301) 951-2395 (213) 336-7998 Gove@dockmaster.ncsc.mil baker@aerospace.aero.org Areas of Interest Include: GOSIP C3I Systems ISO/OSI Security Architecture Policy and Management Issues Advanced Architectures SDNS Trusted DBMSs and Operating Risk/Threat Assessments Systems Network Security Public Law 100-235 Medical Records Security Current and Future Trusted State-of-the-Art System Technology Trusted Products Space Station Requirements Certification, Evaluation, and Accreditation Reviewers and Prospective Conference Committee Members Anyone interested in participating as a reviewer of the submitted papers, please contact Dr. Ron Gove at the address given above. Those interested in becoming members of the conference committee should contact Dr. Marshall Abrams at the address below. Additional Information For more information or to receive future mailings, please contact the following at: The MITRE Corporation Marshall Abrams 7525 Colshire Drive Conference Chairman McLean, VA 22102 (703) 883-6938 abrams@mitre.org Diana Akers or Victoria Ashby Publicity and Publication Chairs (703) 883-5907 or (703) 883-6368 akers%smiley@gateway.mitre.org ashby%smiley@gateway.mitre.org Date: Thu, 8 Feb 90 23:48 EST From: Dan Wheeler Subject: WordPerfect file encryption To: security@pyrite.rutgers.edu An article by John Bennett (_Cryptologia_, October, 1987) showed that the encryption algorithm used by WordPerfect 4.2 was simple to break. It is equivalent to a Vigenere cipher with some minor complications added. I have verified that WordPerfect 5.0 uses the same algorithm. I don't yet have version 5.1, but I certainly don't expect it to be any different. Peace, Dan Wheeler ** Daniel D. Wheeler Internet: wheeler@ucbeh.san.uc.edu ** ** University of Cincinnati Bitnet: wheeler@ucbeh ** Date: Fri, 09 Feb 90 09:20:12 PLT From: "Craig A. Summerhill" Subject: -- To: SECURITY@OHSTVMA I'm interested in finding a piece of software which can be used on DOS machines and run from the AUTOEXEC.BAT on startup that will disable the -- key sequence on the keyboard and prevent a warm boot to a machine. Is there such a piece of software (hopefully in the public domain or shareware markets)? Please send responses directly to me. Thanx in advance. : Craig A. Summerhill BITNET: SUMMERHI@WSUVM1 : : Assistant Systems Librarian Internet: SUMMERHI@wsuvm1.csc.wsu.edu : [Moderator tack-on: I was recently cruising Simtel and saw reference to such an item, with .asm source, I believe.. _H*] Date: Thu, 08 Feb 90 12:00:50 CST From: Ed finnell Subject: Re: RACF databases on electronic disk To: security@pyrite.rutgers.edu SSD stands for solid state device as opposed to spinning ferrous oxide. Think STK SSD are backed by spinning Winchesters or the like. Anybody who puts precious stuff on this type device is asking for big trouble. They break a lot. If they insist on doing this,I can only address paging and RACF. Should use as secondary paging only, newer levels of VM figure out which devices are responding and eventually start using "better thruput" devices. If used as primary can't IPL when they fail(and they will). Haven't seen a shop where RACF was a large enough bottleneck to risk this. Don't think they're even going to put RACF on them just some "look up" files. Cached devices like IBM 3880-23 or 3990-3 provide sufficient performance for RACF datasets on a "properly tuned" storage farm. This type of outage is a small concern to us, but valid. RACF runs a secondary database that we can switch to on the fly should we lose the primary RACF volume. We also make regular copies of the databases and could do standalone restores if required. Further, a new feature of the 3990 is dual write capability. That is while updating files on a volume the same files are updated on the clone. Should anything happen to primary, the clone automagically kicks in. Being of the conservative ilk, waiting to see who's tried this(successfully) Date: Fri, 09 Feb 90 13:45:31 CST From: Gregg Grosshans Subject: Re: Computer Abuse / Product Liability / Criminal Statutes / ECPA To: security@pyrite.rutgers.edu Last fall at the Univ. of NE-Lincoln several students used there class (computer) accounts in one of the computer user rooms to telnet (via tcp/ip) to a computer over in Europe. That alone isn't a crime or illegal, anyone with an account can telnet where ever they want to as long as they have permission to use another computer. What they did though was play a computer game on this Europe computer (via telnet) with other users across the country and also Europe. They were caught and subjected to the Student Code conduct and the director of the University computing resources wasn't to happy that they were playing games. Now when one enters a computer user room s/he clearly sees bold sign posted stating that Hacking or game playing on university computers is more or less illegal. My thought is that those are loose terms and often applied and read in the general public. What is Hacking? Is it what people did in the late 70's with Apple II computers or Macs? Is it righting efficient code (theres plenty of people, to many that is, that right sloppy code)? Is it an intermidiate step between a new computer user and a computer guru? Is it somebody who writes in assembler or rights code(works) at very odd hours during the day? Hacking is a very non-descriptive word and must not be used or that the context its used in must be the descriptive part, which makes using the term "hacker" unnecessary. But the public has come to notice "hacker" as an icon for, corrupt, evil, criminal oriented, etc.... is what a believe a hacker was not in the mid and late 70's. ********************************************************** * : * * GREGG GROSSHANS :SR. METEOROLOGY / CLIMATOLOGY * * :___________________________________* * AGME003@UNLVM UNIV. OF NE-LINCOLN * * * ********************************************************** Date: Fri, 9 Feb 90 07:55 EST From: Kilgallen@dockmaster.ncsc.mil Subject: Answerbacks / Vendor Liability To: security@pyrite.rutgers.edu > o I believe the law should be changed to match the anti gun statutes > ... "USE A COMPUTER IN THE COMMISSION OF A FELONY: GO TO JAIL" ... Would not a simpler rule be "Commit a felony: go to jail"? Why involve computers in the discussion? > Obligatory hacking report: I am trying to fix a generic security problem > involving the triggering of data terminal answerback buffers by whatever DEC reported repairing this vulnerability somewhere in the VMS V3 time frame (at least 5 years ago) with respect to the MAIL utility by screening text and not transmitting arbitrary control characters to recipient terminals. Since the author suggests that the "user authorization program" was originally protected against end-user access, presumably the operating system environment is not standard VMS (where the *program* allows world read). Using that technique for any programs whose output can be controlled by another user would be my suggestion. Of course nothing is going to protect the privileged user who chooses to *run* a program from an untrusted source, since that program might trigger the answerback itself or might fail to screen user data for arbitrary control characters. > FINAL COMMENT: The INTERNET virus should be treated as a product liability > question. In my opinion, DEC and SUN should pay the cost of the cleanup I was under the impression that the released version of Ultrix (the version of UNIX sold by DEC) did not have the sendmail debugging feature turned on, while some other versions of UNIX which run on VAXen did have it turned on. Restricting discussion for a moment to the vulnerability introduced by that feature(?), "Who ya gonna sue?". Do UNIX fans think the Trustees of U.C. Berkeley would allow the organization to release any software if there were such financial risks involved? > another ... is only detracting from the central fact -- today's vendors are > incapable of producing computer products without significant security (and > for that mater day to day operational) defects. Not the least factor influencing vendors is user insistance on wart-for-wart compatibility between UNIX systems. Even VMS-only users get hit if they choose the C programming language because of many bugs/misfeatures which are present in the run-time library solely to make the environment "like-UNIX". Maintaining a particular operating system definition can be incompatible with avoiding security or operational defects. The customer base cannot constrain vendors with mutually exclusive conditions. Larry Kilgallen Date: Fri, 9 Feb 90 18:30:52 EST From: Doug Humphrey Subject: vault doors, was: locks To: "kelly@UTS.AMDAHL.COM"@mintaka.lcs.mit.edu Cc: misc-security@ames.arc.nasa.gov One thing to watch out for with thermic lances and/or plasma things if you are trying to open a safe; it will blow your whole approach if you manage to set off the smoke/heat detectors and call the fire department... Date: Sun, 11 Feb 90 15:03:38 MST From: jimkirk@outlaw.uwyo.edu (James Kirkpatrick) Subject: RE: WP5.0/5.1 file security To: AGME003%UNLVM@outlaw.uwyo.edu, SECURITY@pyrite.rutgers.edu WordPerfect 5.0 still incorporates the same scheme and is indeed vulnerable. It is basically a Vigenere cipher. I have not had a chance yet to test version 5.1. I still have found out nothing about Lotus. DES encryption would probably be superior. Date: Wed, 14 Feb 90 00:19 CST From: GREENY Subject: re: Thermic Lances To: > Thermic lances willnormally penetrate 3' of reinforced concrete... yeah, true....but they DO NOT cut through wood...according to a close associate locksmith friend....."cram about 1" of wood in the safe/vault door.. poof, the lance goes out..." not too shabby..... C'est La Vie! bye for now but not for long Greeny Date: Fri, 09 Feb 90 10:42:58 MDT From: "Bruce A. Carter" Subject: Re: Home security To: security@pyrite.rutgers.edu Regarding window grates, what are the options these days in security versus being able to get out from the inside quickly in case of fire or similar problem during which one would not want to be trapped inside the structure? It seems to me, in just a naive assessment, that anything that improves one of these criteria damages the other? Bruce A. Carter, Courseware Development Coordinator = Boise State University "It is intuitively obvious to the most casual observer"= 1910 University Drive ======================================================== Boise, ID 83725 InterNet/Domain: duscarte@idbsu.idbsu.edu = Office: (208) 385-1250 CREN (BITNet): duscarte@idbsu [] CompuServe: 76666,511 = Lab: (208) 385-1859 Date: Tue, 13 Feb 90 11:01:35 EST From: shz@packard.att.com (Seth Zirin) Subject: Re: vault doors, was: locks To: misc-security@att.att.com >I missed the first part of this thread... but THERMIC LANCES will normally >penetrate 3' of reinforced concrete within about 2 minutes... and if that Thermic Lances produce enormous amounts of smoke when they cut through concrete reinforced safe walls or doors. This is sure to set off fire alarms and thermal attack alarms. In addition, the large plume of smoke rising from a bank across town might tip off the police. These cutting tools produce blindingly bright light that is visible for great distances unless shielded. I've used mini-lances a few times and even they are not for the faint at heart. You can easily burn down the entire building with one of these. Date: 10 Feb 90 18:20 -0600 From: Ken Wallewein Subject: Re: Field service spying? To: Cc: > I recently got a command file called SW_INVENTORY.COM which was written I certainly wouldn't want such a program run on my system without my permission. On the other hand, there's not a lot that's beyond the reach of the FIELD account. Which is why ours is normally DISUSERed (disabled) -- that way, I know when it's being used, and why. A while ago I wrote a newsletter article lambasting DEC for not providing such tools as part of standard system software. If you know how I could get a copy, I'd appreciate the information. /kenw Ken Wallewein A L B E R T A kenw@noah.arc.cdn R E S E A R C H (403)297-2660 C O U N C I L Date: Sun, 11 Feb 90 01:02:15 -0500 From: don@cs.umd.edu (Don Hopkins) Subject: Computer Abuse / Product Liability / Criminal Statutes / ECPA To: blackcat@neuro.usc.edu Cc: security@pyrite.rutgers.edu >> [...] updating the old X10 server for the ibm/pc to work with X11R4, etc. Yeah, right. Might as well have them fill in the Grand Canyon using a pair of tweezers. How about having Robert Morris implement the Gnu kernel? I'm sure he's bright enough to come up with a very secure system (much to rms's disgust). So secure that only he would know the loopholes. Morris would be dead meat if his daddy didn't work for the NSA. One of the first patches for sendmail that was sent around to keep the Internet worm out was to edit the sendmail binary changing the 'D' in "DEBUG" to '\0', so the DEBUG command wouldn't work any more. Well that stopped the worm, but it made the null string invoke the debug command. I noticed this a couple days after the worm, when I telneted to sun.com port 25, to EXPN a user name of somebody on a mailing list I run, hit CR a couple of times to make sure sendmail was listening, and did the EXPN. It spit back huge ammounts of debugging information! Of course I promptly notified the appropriate people at Sun so they could put the right fix in. Sheez. -Don Date: 10 Feb 90 02:46:00 GMT From: blackcat@neuro.usc.edu Subject: Re: Field service spying? To: misc-security@ucbvax.berkeley.edu >I recently got a command file called SW_INVENTORY.COM which was written >by DEC to be run by field service people to give a complete inventory >of all DEC software running on a machine. It looks for images, IF DEC FIELD SERVICE ENGINEERS ARE USING THEIR ACCESS TO YOUR SYSTEM FOR ANYTHING OTHER THAN RUNNING HARDWARE/FIRMWARE DIAGNOSTICS AND PERFORMING ROUTINE SYSTEM MAINTENANCE THEY MAY BE CHARGED UNDER AN EVER INCREASING NUMBER OF STATE AND FEDERAL COMPUTER CRIME LAWS ... AS WELL AS SUFFERING CIVIL ACTION FOR UNAUTHORIZED ACCESS, INVASION OF PRIVACY AND DISCLOSURE OF CONFIDENTIAL INFORMATION. It is understandable that a computer vendor might seek to police unauthorized distribution of their software, gather intelligence about competing vendor software installations on their iron, and learn more about customer needs in general. However, DEC should come in the front door and request this information in a straightforward way; they should not sneak in the back door to steal data like thieves in the night. IF YOU FIND SOME DEC PERSON ACTUALLY RUNNING SUCH A SCRIPT ON YOUR MACHINE ... CALL YOUR REGIONAL MARKETING MANAGER RIGHT AWAY ... AND MAKE IT CLEAR THAT THERE IS NO ACCEPTABLE REASON FOR SUCH BEHAVIOUR ... BETTER YET, LOOK INTO THIRD PARTY MAINTENANCE FROM SOMEONE WHO HAS A BETTER UNDERSTANDING ABOUT THE MEANING OF CUSTOMER CONFIDENTIALITY. Date: Fri, 9 Feb 90 09:47:53 MST From: jimkirk@outlaw.uwyo.edu (James Kirkpatrick) Subject: Privacy and cordless phones (was Re: Privacy) To: security@pyrite.rutgers.edu, faatzd@turing.cs.rpi.edu >A recent court decision held that conversations on cordless telephones are >not subject to "expected privacy" as are conversations on telephones with >cords. Hence, police can simply LISTEN to cordless telephone conversations The catch here is that it is not illegal to listen to the broadcast conversation, but it IS illegal to disclose any information you obtain. Reference the Communications Act of 1934. For example I can hear someone say "OK, drop the illegal controlled substance under the bridge and I will pick it up" but it is illegal for me to call the police and describe the pending transaction. Likewise it is illegal for the police to disclose, as evidence in court or for a search warrant, such information. It is not impossible for them to select their actions based on this info, though, such as stopping him for speeding on his way back from the pick-up and searching the car if he acts strangely. At least, that's my interpretation of the Act. It does not seem to be enforced very well of late. For example, when recording a phone call you are supposed to superimpose a beep to let the other party know the conversation is being recorded, but most (recorded) phone-in radio/TV shows do not do this (they did in the late 50's and early 60's). If my understanding of the Act is correct, the privacy is in fact surrendered but only as far as the person doing the original eavesdropping. It is illegal to record or disclose. But the first person might be taping the call or even pumping it over the company intercom, for all the second person knows! Date: Sat, 10 Feb 90 15:58 PST From: "Ned Freed, Postmaster" Subject: Re: Field service spying? To: security@pyrite.rutgers.edu I'd very much like to have a copy of SW_INVENTORY.COM myself to aid in tracking software usage. We, like many other college sites, have blanket licenses for pretty much all the software DEC sells. We are, however, required to monitor its installation and usage on our various systems and report it to DEC. The problem is that our systems are managed by a large number of people, with varying degrees of ability/responsibility/ authority. It would be a real help if we could run something that would simply tell us what's installed, rather than relying on reports that are often forgotten or incorrect. PAKs don't help much since DEC in their wisdom provides product PAKs in an all-or-nothing fashion. It is the actual installation of the software that counts, not the PAK. As far as DEC is concerned, I fail to see how SW_INVENTORY.COM would tell them much. With the advent of CD-ROM distributions, you can install practically anything DEC sells without actually being able to use it. I suspect that this is the reason SW_INVENTORY.COM has fallen into disuse, rather than concerns about customer security. Insofar as this represents a breach of security, if you're relying on lack of physical access to prevent this sort of traffic analysis, you're dreaming. Assuming that you're honest and you're not running software you're not entitled to use, DEC's own records of software sales to you are probably a more reliable indication of what you're doing. I suppose you could pretend to buy the software for some other system (which may well be illegal), but in the long run, do you seriously think you can fool people? Note also that the software you have may in fact be a red herring; I think a look at stuff like the usernames, load averages, programs used (especially accounting logs), and so forth would be a much better place to start nosing around. And it may not be practical to deny your vendor access to this sort of information (e.g. a bug which only manifests itself under load -- I practically never see any other kind these days, now that static analysis of program code is so good). Ned Freed ned@ymir.claremont.edu Date: 15 Feb 90 01:24:38 GMT From: kelly@uts.amdahl.com (Kelly Goen) Subject: Re: Home security To: misc-security@ames.arc.nasa.gov GE LEXAN in .25" thickness will generally repel anything iron bars will and it WONT give you the feeling of being in jail(just how strong is it well I tool a .125" thick sample and hit it with the pointed end of a 20 lb sledge about 15 to 20 times... bent and scratched but that damn plastic I swear was grinning at me and saying make my day... it wouldnt break...) cheers kelly Date: Sun, 11-Feb-90 13:54:12 PST From: mmm@cup.portal.com Subject: Fire Sprinkler Cameras To: misc-security@uunet.uu.net I had never heard of these things before. How can I tell the difference between a regular fire sprinkler and one of these things? I assume there must be some kind of lens, where is it located? For that matter, what are other common disguises for cameras or bugs? [Moderator add-on: I saw some of these at Surveillance Expo last December. They are built into regular sprinkler heads which have been slightly modified to fit a small mirror assembly. Basically it's a pinhole lens looking straight down through where the water would normally emerge, with a small mirror mounted in a holder at 45 degrees so the camera's view is out sideways and slightly downward [adjustable]. You would have to stare really hard at them, especially considering that sprinkler heads are normally mounted on the ceiling. The advantage besides unobtrusiveness is that the mirror assembly can turn, allowing a 360 degree scan which a normal camera needs a fancy motorized bracket for. The company there that was marketing the things is Visual Methods, in Westwood NJ. _H*] Date: Mon, 12 Feb 90 22:05:11 GMT From: Hans van Zanten Subject: Security Auditing To: phigate!security@relay.eu.net I have read a lot about security in the UNIX environment in the Newsgroup: misc.security. One of the things I am interested in I did not spot however and I am wondering whether you could help me. But first of all, I would like to tell you who I am and why I am interested in security. My name: Hans van Zanten My firm: Philips Netherlands The department I am working with is called "Communication and Processing Services" (about 1000 employees) and is the EDP department of Philips in the Netherlands. Although most of the Business processing done is still on IBM mainframes, UNIX is starting to rise. In technical environments however UNIX is, of course, becoming quite standard. One of the main problems I am facing at the moment is the lack of skill of UNIX system administrators in the Business environment. My work (software supporting just these system administrators) is to make sure that their UNIX system is configured properly secure. In order to be able to 'audit' their systems (preferably in an automated way) I would like to get hold of 'auditing tools' (e.g. for scanning all the s-bits in the file- system, or to report on permission settings of complete file-systems, etc.). My question to you is whether you know of such tools, do they exist, to whom should I address myself to obtain possibly some more information. I would be very greatfull to receive some information on this subject and I hope you do not mind me addressing these quetions to you, yours sincerely, Hans van Zanten C&P/LSS Manager Departmental Systems e-mail: hansz@cnps.philips.nl Date: Wed, 14 Feb 90 00:34 CST From: GREENY Subject: re: Entry alarms To: > ...inexpensive effective security device which would allow someone to tell > if a person has entered in ones apartment.... Yeah, the mod's wisecrack is one idea....and so is the infamous Radio Shack.. they sell an entry alarm that gets screwed/double stick taped onto the door... put in a chime mode it goes "ding/dong" when the door opens....or has a siren mode that blasts the hell out of an intruder. I successfully used the chime mode over a period of two months late at night to get a roommate in a college dorm to move out (*devilish smile*) and once when I left the siren mode on over vacation the device scared the Asst. Res. Hall Director out of her wits during vacation room checks (needless to say, they kept out of my room after that...). OR, you could wire up something with a latching relay and a magnetic contact that would trigger a small light or a counting module (radio shack again... about $14.99) so you could keep track of someone entering illegally....or a sign on the door saying "WARNING: THESE PREMESES ARE ELECTRONICALLY PROTECTED. ALL ENTRIES ARE RECORDED FOR INVOLVED PARTIES PROTECTION. DO NOT ENTER IF THE ROOM/APARTMENT RESIDENT(S) IS/ARE NOT HOME. THE POLICE WILL BE AUTOMATICALLY NOTIFIED UPON UNAUTHORIZED ENTRY..." A sign such as the above was quite successful in keeping a nosy landlord out of my apartment.....he asked for the "code" to the alarm, I told him he wasn't getting it....he said he'd kill the power....I said it had battery backup, he quoted the lease, I quoted it too and said he had to provide proper notice... Ok, so I'm rambling....stick with the mag contact, the latching relay, a 9V battery, a small led, and a reset switch to reset the relay (just have a N.C. switch on the neg. lead of the battery (in series). Then to reset it, press the switch....*poof* power gets cut, relay resets, you are set.. not bad? Hope the above helps... bye fo rnow but not for long Greeny Date: Sun, 11 Feb 90 00:02 EST From: Subject: FOIA Jewel: Original Charter of the National Security Agency To: hobbit@pyrite.rutgers.edu At 12:01 ON the morning of November 4, 1952, a new federal agency was born. Unlike other such bureaucratic births, however, this one arrived in silence. No news coverage, no congressional debate, no press announcement, not even the whisper of a rumor. Nor could any mention of the new organization be found in the Government Organization Manual of the Federal Register or the Congressional Record. Equally invisible were the new agency's director, its numerous buildings, and its ten thousand employees. Eleven days earlier, on October 24, President Harry S Truman scratched his signature on the bottom of a seven-page presidential memorandum addressed to secretary of State Dean G. Acheson and Secretary of Defense Robert A. Lovett. Classified top secret and stamped with a code word that was itself classified, the order directed the establishment of an agency to be known as the National Security Agency. It was the birth certificate for America's newest and most secret agency, so secret in fact that only a handful in the government would be permitted to know of its existence. -James Bamford, The Puzzle Palace (1982) at 15. ***************************************************************** A 20707 5/4/54/OSO NSA TS CONTL. NO 73-00405 COPY: D321 Oct 24 1952 MEMORANDUM FOR: The Secretary of State The Secretary of defense SUBJECT: Communications Intelligence Activities The communications intelligence (COMINT) activities of the United States are a national responsibility. They must be so organized and managed as to exploit to the maximum the available resources in all participating departments and agencies and to satisfy the legitimate intelligence requirements of all such departments and agencies. I therefore designate the Secretaries of State and Defense as a Special Committee of the National Security Council for COMINT, which Committee shall, with the assistance of the Director of Central Intelligence, establish policies governing COMINT activities. and keep me advised of such policies through the Executive Secretary of the National Security Council. I further designate the Department of Defense as executive agent of the Government, for the production of COMINT information. I direct this Special Committee to prepare and issue directives which shall include the provisions set forth below and such other provisions as the Special Committee may determine to be necessary. 1. A directive to the United States Communication Intelligence Board (USCIB). This directive will replace the National Security Council Intelligence Directive No. 9, and shall prescribe USCIB's new composition, responsibilities and procedures in the COMINT fields. This directive shall include the following provisions. a. USCIB shall be reconstituted as a body acting for and under the Special Committee, and shall operate in accordance with the provisions of the new directive. Only those departments or agencies represented in USCIB are authorized to engage in COMINT activities. b. The Board shall be composed of the following members: (1) The Director of Central Intelligence, who shall be the Chairman of the Board. (2) A representative of the Secretary of State. (3) A representative of the Secretary of Defense (4) A representative of the Director of the Federal Bureau of Investigation. (5) The Director of the National Security Agency. (6) A representative of the Department of the Army. (7) A representative of the Department of the Navy. (8) A representative of the Department of the Air Force. (9) A representative of the Central Intelligence Agency. c. The Board shall have a staff headed by an executive secretary who shall be appointed by the Chairman with the approval of the majority of the Board. d. It shall be the duty of the Board to advise and make recommendations to the Secretary of Defense, in accordance with the following procedure, with respect to any matter relating to communications intelligence which falls within the jurisdiction of the Director of the NSA. (1) The Board shall reach its decision by majority vote. Each member of the Board shall have one vote except the representatives of the Secretary of State and of the Central Intelligence Agency who shall each have two votes. The Director of Central Intelligence, as Chairman, will have no vote. In the event that the Board votes and reaches a decision, any dissenting member of the Board may appeal from such decision within 7 days of the Special Committee. In the event that the Board votes but fails to reach a decision, any member of the Board may appeal within 7 days to the Special Committee. In either event the Special Committee shall review the matter, and its determination thereon shall be final. Appeals by the Director of NSA and/or the representatives of the Military Departments shall only be filed with the approval of the Secretary of Defense. (2) If any matter is voted on by the Board but - (a) no decision is reached and any member files an appeal; (b) a decision is reached in which the representative of the Secretary of Defense does not concur and files an appeal; no action shall be taken with respect to the subject matter until the appeal is decided, provided that, if the Secretary of Defense determines, after consultation with the Secretary of State, that the subject matter presents a problem of an emergency nature and requires immediate action, his decision shall govern, pending the result of the appeal. In such an emergency situation the appeal may be taken directly to the President. (3) Recommendations of the Board adopted in accordance with the foregoing procedures shall be binding on the Secretary of Defense. Except on matter which have been voted on by the Board, the Director of NSA shall discharge his responsibilities in accordance with his own judgment, subject to the direction of the Secretary of Defense. (4) The Director of NSA shall make such reports and furnish such information from time to time to the Board, either orally or in writing, as the Board my request, and shall bring to the attention of the Board either in such reports or otherwise any major policies or programs in advance of their adoption by him. e. It shall also be the duty of the Board as to matters not falling within the jurisdiction of NSA; (1) To coordinate the communications intelligence activities among all departments and agencies authorized by the President to participate therein; (2) To initiate, to formulate policies concerning, and subject to the provision of NSCID No. 5, to supervise all arrangements with foreign governments in the field of communications intelligence; and (3) to consider and make recommendations concerning policies relating to communications intelligence of common interest to the departments and agencies, including security standards and practices, and, for this purpose, to investigate and study the standards and practices of such departments and agencies in utilizing and protecting COMINT information. f. Any recommendation of the Board with respect to the matters described in paragraph e above shall be binding on all departments or agencies of the Government if it is adopted by the unanimous vote of the members of the Board. Recommendations approved by the majority, but not all, of the members of the Board shall be transmitted by it to the Special Committee for such action as the Special Committee may see fit to take. g. The Board will meet monthly, or oftener at the call of the Chairman or any member, and shall determine its own procedures. 2. A directive to the Secretary of Defense. This directive shall include the following provisions: a. Subject to the specific provisions of this directive, the Secretary of Defense may delegate in whole of in part authority over the Director of NSA within his department as he sees fit. b. The COMINT mission of the National Security Agency (NSA) shall be to provide an effective, unified organization and control of the communications intelligence activities of the United States conducted against foreign governments, to provide for integrated operational policies and procedures pertaining thereto. As used in this directive, the terms "communications intelligence" or "COMINT" shall be construed to mean all procedures and methods used in the interception of communications other than foreign press and propaganda broadcasts and the obtaining of information from such communications by other than intended recipients, but shall exclude censorship and the production and dissemination of finished intelligence. c. NSA shall be administered by a Director, designated by the Secretary of Defense after consultation with the Joint Chiefs of Staff, who shall serve for a minimum term of 4 years and who shall be eligible for reappointment. The Director shall be a career commissioned officer of the armed services on active or reactivated status, and shall enjoy at least 3-star rank during the period of his incumbency. d. Under the Secretary of Defense, and in accordance with approved policies of USCIB, the Director of NSA shall be responsible for accomplishing the mission of NSA. For this purpose all COMINT collection and production resources of the United States are placed under his operational and technical control. When action by the Chiefs of the operating agencies of the Services or civilian departments or agencies is required, the Director shall normally issue instruction pertaining to COMINT operations through them. However, due to the unique technical character of COMINT operations, the Director is authorized to issue direct to any operating elements under his operational control task assignments and pertinent instructions which are within the capacity of such elements to accomplish. He shall also have direct access to, and direct communication with, any elements of the Service or civilian COMINT agencies on any other matters of operational and technical control as may be necessary, and he is authorized to obtain such information and intelligence material from them as he may require. All instruction issued by the Director under the authority provided in this paragraph shall be mandatory, subject only to appeal to the Secretary of Defense by the Chief of Service or head of civilian department of agency concerned. e. Specific responsibilities of the Director of NSA include the following: (1) Formulating necessary operational plans and policies for the conduct of the U.S. COMINT activities. (2) Conducting COMINT activities, including research and development, as required to meet the needs of the departments and agencies which hare authorized to receive the products of COMINT. (3) Determining, and submitting to appropriate authorities, requirements for logistic support for the conduct of COMINT activities, together with specific recommendations as to what each of the responsible departments and agencies of the Government should supply. (4) Within NSA's field of authorized operations prescribing requisite security regulations covering operating practices, including the transmission, handling and distribution of COMINT material within and among the COMINT elements under his operations or technical control; and exercising the necessary monitoring and supervisory control, including inspections if necessary, to ensure compliance with the regulations. (5) Subject to the authorities granted the Director Central Intelligence under NSCID No. 5, conducting all liaison on COMINT matters with foreign governmental communications intelligence agencies. f. To the extent he deems feasible and in consonance with the aims of maximum over-all efficiency, economy, and effectiveness, the Director shall centralize or consolidate the performance of COMINT functions for which he is responsible. It is recognized that in certain circumstances elements of the Armed Forces and other agencies being served will require close COMINT support. Where necessary for this close support, direct operational control of specified COMINT facilities and resources will be delegated by the Director, during such periods and for such tasks as are determined by him, to military commanders or to the Chiefs of other agencies supported. g. The Director shall exercise such administrative control over COMINT activities as he deems necessary to the effective performance of his mission. Otherwise, administrative control of personnel and facilities will remain with the departments and agencies providing them. h. The Director shall make provision for participation by representatives of each of the departments and agencies eligible to receive COMINT products in those offices of NSA where priorities of intercept and processing are finally planned. i. The Director shall have a civilian deputy whose primary responsibility shall be to ensure the mobilization and effective employment of the best available human and scientific resources in the field of cryptographic research and development. j. Nothing in this directive shall contravene the responsibilities of the individual departments and agencies for the final evaluation of COMINT information, its synthesis with information from other sources, and the dissemination of finished intelligence to users. 3. The special nature of COMINT actives requires that they be treated in all respects as being outside the framework of other or general intelligence activities. Order, directives, policies, or recommendations of any authority of the Executive Branch relating to the collection, production, security, handling, dissemination, or utilization of intelligence, and/or classified material, shall not be applicable to COMINT actives, unless specifically so stated and issued by competent departmental of agency authority represented on the Board. Other National Security Council Intelligence Directive to the Director of Central Intelligence and related implementing directives issued by the Director of Central Intelligence shall be construed as non-applicable to COMINT activities, unless the National Security Council has made its directive specifically applicable to COMINT. /s/ HARRY S. TRUMAN Date: 15 Feb 90 08:41:29 GMT From: reynhout@wpi.wpi.edu (Hagbard Celine) Subject: Re: Who (Specificly) has Morris' Worm Code? To: misc-security@husc6.harvard.edu Hmm... In order for the worm to proliferate, wouldn't it have to copy itself into every infected system? Therefore, doesn't every system admin who bothered to save it have a copy? (given a little reverse-engineering) Andrew -- Andrew Reynhout (Internet: reynhout@wpi.wpi.edu) (BITNET: reynhout@wpi.bitnet) All hail Eris! (uucp: uunet!wpi.wpi.edu!reynhout) Date: Wed, 14 Feb 90 00:13 CST From: GREENY Subject: re: 4D for the mac.... To: Howdy.....I was wondering if anyone had any knowledge of the System Designer passwords for the individual databases set up with 4th Dimension on the Mac really being secure....I seem to have forgotten the password for a database I set up for a friend and need to figure it out.....I could go with the "ole comparison" technique between an old file, and one with a modified password but if there is an easier way that someone knows of, I'd love to know it.. bye for now but not for long Greeny BITNET: MISS026@ECNCDC Date: 15 Feb 90 16:29:20 GMT From: waters@darla.sps.mot.com (Strawberry Jammer) Subject: Re: Field service spying? To: misc-security@uunet.uu.net I trust that no one who reads this leaves the account as Name: field Password: service no matter what DEC says. At one time they insisted on this, and refused to admit that it was a potential (HAH!) security problem. I still find VAXes set up this way BTW, recently the one my stockbroker uses to allow me to automate by stock transactions. Sigh. *Mike Waters AA4MW/7 waters@dover.sps.mot.com * The turtle lives 'twixt plated decks Which practically conceal its sex. I think it clever of the turtle Date: Fri, 16 Feb 90 13:48 EST From: WHMurray@dockmaster.ncsc.mil Subject: TEMPEST To: security@rutgers.edu >This note explores the legal status of a surveillance >technology ruefully known as TEMPEST[2]. Sorry, Chris. TEMPEST is the name of a U. S. DoD standard for permissable emanations from equipment to be employed in processing certain classified information in certain environ- ments. The name of the "surveilance" technology is called television. You are correct only to the extent that the code word is sometimes erroneously used to refer to the vulnerability. I have never heard it, even erroneously, used to describe the surveilance. >Using TEMPEST >technology the information in any digital device may be >intercepted and reconstructed into useful intelligence >without the operative ever having to come near his target. Well, near is a relative term. With hundreds of dollars of equipment, some luck, and some special knowledge, you might be able to read a CRT at a distance of tens of meters. Other equipment is significantly more expensive. It is a little easier on the other side of the pond where the number of scan lines is higher. However, to gain useful intelligence, you may also have to expend tens to hundreds of hours. Of course, with the resources of a nation state, you might get the distance up to low hundreds of meters. Since the data involved may have a very long life, the expenditure may be justified. >The technology is especially useful in the interception of >information stored in digital computers or displayed on >computer terminals. Close; reading information displayed on CRT's is relatively easy. Reading LCDs or gas-panel displays is relatively difficult. Reading most storage is virtually impossible. > The use of TEMPEST is not illegal under the laws of the >United States[3], ....... Well, the use of radios and televisions is not illegal in the US. As long as you keep everything that you here to yourself, you have not likely broken any laws. However, if you use any of that information to enrich yourself, you may well have. You may have broken laws against espionage, copyright laws, or criminal fraud laws. US law makes it illegal for you to broadcast certain signals and for me to sell you equipment that does so. Nonetheless, you broadcast information bearing signals at you own risk. >....or England. Canada has specific laws criminalizing TEMPEST eavesdropping but the laws do more to hinder surveillance countermeasures than to prevent TEMPEST surveillance. >In the United States it is illegal for an >individual to take effective counter-measures against >TEMPEST surveillance. This leads to the conundrum that it >is legal for individuals and the government to invade the >privacy of others but illegal for individuals to take steps >to protect their privacy. That is, at best, an overstatement. As I have said, the law makes it illegal for you to broadcast certain signals and certainly does not force you to broadcast any. It permits you to employ quiet equipment, such as LCD's or gas-panels. It permits me to sell it to you. It permits you to use ultra-quiet, TEMPEST capable equipment. I might even be able to sell you such equipment, though you would not likely want to pay for most of it. For example, certain models of the GRID Case computer were TEMPEST capable off-the-shelf out-of the-box. However, without the permission of the DoD, I cannot sell you equipment which I assert to be TEMPEST qualified. If I did, and it were, I might be guilty of compromising classified information. If I did, and it were not, I would be guilty of misrepresentation. Nonetheless, the intent of the law is to protect national security interest, not to force you, gratuitously, to compromise yours, or deny you access to legitimate measures to do so. > The author would like to suggest that the solution to >this conundrum is straightforward. Information on >protecting privacy under TEMPEST should be made freely >available; Well, you may suggest what you like; your suggestions may even be straightforward. Nonetheless, neither the issue nor the solution are as straightforward as you imply or as others might infer. First, most information is available; I have just given you some. A great deal of the rest is special knowledge that would not be meaningful to the average buyer. The only information that I am aware of that is, de jure, not available is the TEMPEST standard. This standard was developed by the US DoD at its own expense for its own purpose. That purpose would not be served by its disclosure. It is not clear that any public good would be served by its disclosure. They are prohibited by a very complex law from disclosing it to you. It is not likely that law will be changed any time soon. >TEMPEST Certified equipment should be legally >available; .... If you can convince anyone else that is useful, develop your own standard and your own certification program for your own purpose. You will not succeed in subverting TEMPEST to your purpose. >...and organizations possessing private information >should be required by law to protect that information >through good computer security practices.... If you use "private" as opposed to public, then they must have done so. If you use "private" as synonomous with sensitve, it can reasonably expected that they will do so. >.... and the use of TEMPEST Certified equipment. Be careful what you ask for; you might get it. (Thank heaven that the editor did not post the whold paper.) William Hugh Murray, Fellow, Information System Security, Ernst & Young 2000 National City Center Cleveland, Ohio 44114 21 Locust Avenue, Suite 2D, New Canaan, Connecticut 06840 Date: Fri, 16 Feb 90 11:38:55 -0600 (CST) From: "Anthony A. Datri" Subject: Re: Bill Changers To: security@pyrite.rutgers.edu >Remind me to tell you an interesting way that con-artists can construct ... Easy -- chop the big numbers off the corners of a $20 bill, past them onto the corners of a $1 bill. Pass this as a $20 bill. Turn in the mutilated $20 for a fresh one. (no, I am not advocating the practice) Date: 17 Feb 90 18:53:28 GMT From: gopstein@soleil.uucp (Rich Gopstein) Subject: Opening an old safe? To: misc-security@rutgers.edu I friend of mine has an old Victor safe which she purchased from someone who didn't know the combination. She's interested in using it, so she would like to know if it can be opened without destroying it. Any help or pointers to other information would be appreciated. Thanks. -- Rich Gopstein ..!rutgers!soleil!gopstein Date: Mon, 19 Feb 1990 13:13:42 EST From: "Don Z. Eng" Subject: LAN security & control review To: security@ohstvma Does anyone have, and willing to share, a program on LAN security and control review? I am starting my first LAN review and can use some guidance. We use Novell Netware. Thanks. Don Z. Eng Rutgers University U953005@RUTVM1 Date: Fri, 16 Feb 90 21:21:36 EST From: meister@gaak.lcs.mit.edu (phil servita) Subject: Re: bill changers To: marks@whoville.umiacs.umd.edu Cc: misc-security@uunet.uu.net The bill changer i took apart, (one of the newer types found on Coke machines) scanned a strip of bill 1/4 inch from the top, for light transmission. there was also a read head to check magnetic response. the rest of the bill could have been construction paper, and it would not have cared. -meister Date: Sat, 17 Feb 90 20:29:20 EDT From: Iqbal Qazi Subject: Re: Bill Changers To: security@pyrite.rutgers.edu My roommate tells me that you can take a bill apart into two halves, then stick, say the front of a twenty on the back of a 1, and vise- virsa. Then you'd have 1 real 20 front and 1 real 20 back which you could pass off. Is this for real? Iqbal Qazi WQ956C at GWUVM Date: Sun, 18 Feb 90 14:12 EST From: Subject: Wireless Home Security Systems To: hobbit@pyrite.rutgers.edu Does anyone know how hard it is to jam or fool these wireless home security systems? Couldn't one just use a spectrum analyzer to determine what sort of signals the sensors sent to the main control unit -- and then replicate these signals? For example if I pumped out the signal that meant "everything is OK" a three watts it would drown out the "door is open" signal when I broke open a door. That doesn't sound very secure. CJS cjs@cwru.cwru.edu p.s. I suppose the FEDS system being tested to protect nuclear weapon storage areas would fall at the other end of the spectrum. According to the specs, when it detect an intruder the system releases nerve gas. Now that's a serious system. Date: Mon, 19 Feb 90 09:41:52 CST From: Kevin LaFata Subject: Re: RE: Home Alarm Installations, R.S. Setups To: security@pyrite.rutgers.edu As an owner of a security system company, I would highly discourage any wireless alarm that has no form of supervision. There are many types of alarms that send low battery signals, as well as an "all is well" signal which, if not received by the control panel every x minutes, will also sound some kind of alarm. This prevents signal jambing. Personally (insert my opinion here) I do not like the AT&T wireless system. It seems they created a lot of hype about it and have exclusive dealers, etc. On company that installed them had to replace all but 6 (out of about one hundred) units because of a malfuntion. Even thought they were under warranty, it is still unreasonable to have to replace that many. You may have trouble buying a professional wireless system from a whole- saler yourself, but many alarm companies are happy to sell them to individuals. Kevin LaFata s899229@UMSLVMA Date: 20 Feb 90 05:50:56 GMT From: Jay Vosburgh Subject: Re: bill changers To: misc-security@tektronix.tek.com >That may be antiquated information, though. Bill changers >do work a lot better now that they did just a few years ago. Maybe, maybe not. A while ago (10-11 months) I took my dollar bill down to one of those "Coke and change" soda machines that take bills, and discovered a very dismayed individual. He had stuck a five dollar bill into the machine, gotten his soda, and only 50 cents change back. I suspect that the machine probably wasn't out of spare change, since it gave me my soda and 50 cents, too. My Coke cost four dollars less, though. Obviously, I don't know whether that the bill reader was at fault, or if the Coke machine just checked to see if the bill was valid, and assumed that nobody would stick anything but a single in the slot just because it says to use a one dollar bill on the outside. -J --- -Jay Vosburgh, Sequent Computer Systems, Inc; uunet!sequent!fubar Date: Sat, 17 Feb 90 21:33:13 -0500 From: Mark A. Schleifer Subject: Re: bill changers To: meister@gaak.lcs.mit.edu (phil servita) Cc: marks@umiacs.umd.edu, misc-security@uunet.uu.net > The bill changer i took apart, (one of the newer types found on Coke machines) > scanned a strip of bill 1/4 inch from the top, for light transmission. there > was also a read head to check magnetic response. the rest of the bill could > have been construction paper, and it would not have cared. Quite right. The one I took apart was from a Rowe changer. We had a problem with people using xerox copies of dollars. They would tape pieces of real dollars to the copy and run it trough. At other arcades they would then cover the holes in the real dollars with copys and pass it to busy cashiers. As long as you have the important section of a real bill in place the machine can't tell the difference. Are you sure that the it scanned for light trasmission? On the models I'm used to the optics at the top are just used to sense when a bill is being inserted, they then activate the feed moter. - Mark ---- Spoken: Mark A. Schleifer Domain: marks@umiacs.umd.edu UUCP: uunet!mimsy!umiacs!marks Phone: +1-301-454-7678 USPS: UMIACS, Univ. of Maryland, College Park, MD 20742 Date: FRI FEB 16, 1990 09.32.15 EST From: "Kathy Healy Brey" Subject: Virus Scan on a LAN To: Can anyone provide advice or information on the following: CONFIGURATION An ethernet LAN running NOVELL with 10 nodes. Workstations are Zenith 286LP's with 20Meg hard drives & a 3.5" drive. LAN is for student use. PROBLEM We would like to run a virus scan on any floppy inserted into the 3.5 inch drive AT INSERTION. Is this possible? If so, how? The ideal scenario would be: Student inserts floppy in A:. System recognizes presence of floppy and scans diskette for known viruses... (a system-initiated scan, not an operator-initiated scan) If diskette is O.K., student goes to work. If diskette is contaminated, it's ejected(?) and student gets locked out of workstation and is directed to LAN Administration. L.A. grabs diskette and does detective and control work... THANKS for any help. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | Kathy Healy Brey, Manager Admin Environment: | | KHB1@LEHIGH THE INFORMATION CENTER IBM 4381 VSE/SP 2.1.5 | | 215-758-3006 Lehigh University IA Systems | | Private U Fairchild-Martindale 8B IBM PCs & Compatibles | | 6500 Students Bethlehem, PA 18015-3146 Novell LANs | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Date: Mon, 19 Feb 90 13:50:40 EST From: "Larry Margolis" Subject: Bicycle locks To: security@pyrite.rutgers.edu The previous article on bicycle locks got me interested, so I've been examining different locks. (Living in Manhattan, I am able to come across many broken locks to play with.) It was mentioned that some bike locks had a rivet that could easily be removed, letting you pop out the lock cylinder. The Master brand Kryptonite-type lock (tube that locks over the open ends of a U-shaped round bar) has such a rivet, however removing it will not let you open the lock. If the lock is opened, you will be able to rotate the cylinder, but not if it's locked. In addition, there's a ring around the face of the cylinder that has to be removed in order to remove the cylinder (and the lock must be open). It's as easy to pick as your average Master padlock, so I wouldn't trust it too much, but it is safe from rivet removal. I found another one that I'd strongly recommend you avoid. The plastic was partly scraped off, so I couldn't make out the name, but it ends with NG-TAY. First, removing the rivet let the cylinder rotate which *did* let you open the lock. Second, instead of solid brass top pins, it used hollow shells that the springs rested in. This is apparently how the thief opened the lock - stuck in a screwdriver and gave it a good twist. The shells crumpled and the lock opened. Third, it looks like the serial number printed on the plastic is actually the key levels, so you could just look at the lock, then make a key to it with a key machine and a depth-key set. (I'd have to see another one of these locks to verify this last point.) Larry Margolis, MARGOLI@YKTVMV (bitnet), MARGOLI@IBM.COM (csnet) Date: 17 Feb 90 12:04:05+0100 From: Joseph C. Pistritto Subject: Re: tapes and x-ray machines To: Cc: Actually, I bet a lot of it isn't actually. (Xrayed that is). I always put stuff I'd rather not have Xrayed in my luggage, and I've never lost anything. This includes tapes, (vido, audio, reel-to-reel data, and cartridge data), disks (floppies of all sizes), and in particular film. I have one of those lead lined film bags, and normally use it when travelling internationally, (which is anytime I get on a plane, as I live in Switzerland, kinda pointless to fly inside the country...) > For the record, X-ray machines will not damage film less than 1000 speed. > Most film used is 200 or 400. I also sent all my (exposed and unexposed) > film through the X-ray machines in multiple airports with no problems. ditto. I've had filmed Xrayed, as well as video equipment, with no problems. > If you are still worried, you can purchase a lead film bag. I would > suspect traveling internationally, the bag might draw attention. The only place I've ever been asked is in India, four days after one of their 747's was taken out by a luggage bomb. They were _seriously_ into security at the time. Matter of fact, just about the only time I've ever felt security was being taken seriously at an airport. (But I've never flown El Al...) Even then, it wasn't a hassle, I just had to show the man with the submachine gun what was inside the bag... More amusing was being interviewed by a local TV crew at the airport, which asked me "aren't you scared to be flying Air India now? I mean, you're a foreigner, why don't you buy a ticket on some other airline..." (This was the STATE RUN (and only) TV network in India, mind you...) Amusingly enough, the flight was almost empty, (except for victims families being flown to Ireland to identify the bodies, lotsa laughs on the plane... :-( ) -jcp- ====================================================================== Joseph C. Pistritto HB9NBB N3CKF 'Think of it as Evolution in Action' (J.Pournelle) Ciba Geigy AG, R1241.1.01, Postfach CH4002 Basel, Switzerland Internet: bpistr@cgch.uucp Phone: (+41) 61 697 6155 Bitnet: bpistr%cgch.uucp@cernvax.bitnet Fax: (+41) 61 697 2435 From US: cgch!bpistr@mcsun.eu.net Date: Tue, 20 Feb 90 17:15:22 EET From: MCGDAKI@CMS.MANCHESTER-COMPUTING-CENTRE.AC.UK Subject: Domestic Burglar Alarm. To: security@FINHUTC I am considering doing a domestic system and the inertia sensors coupled with an analyser appeals to me for perimeter protection. Has anyone had experience using these and how good are they for reliability and immunity to false alarms? A.Kirk Date: 20 Feb 90 16:15:49 GMT From: ssr@cos.com (Dave Kucharczyk) Subject: Re: Toyota Masters To: misc-security@uunet.uu.net the same goes for most older datsun/nissan cars and trucks. you can make a key that will open/start a majority of the cars out there. i think it's mostly a combination of bad design and sloppy tolerances rather than anything toyota/nissan intended to do. there was an article in the national locksmith or locksmith ledger a while back about this 'problem'. the locks are so bad that i can use my friends toyota key to get into and start some nissans even though it's the wrong blank and just a regular key... dave Date: Wed, 21 Feb 90 12:36:09 EST From: cs4i03ab@maccs.dcss.mcmaster.ca (Don Bork) Subject: Re: Computer Forged Documents To: misc-security@gpu.utcs.utoronto.ca A recent introduction here in Canada has been a small foil rectangle glued onto the face of the bill. If you look at it from one angle it's a golden colour, but from a different angle it's greenish. So far it's on the 50 dollar bill only. The security in this is that this patch is difficult and expensive to duplicate, so far no problems reported with it. -- Don Bork BORKD@SCIVAX.MCMASTER.CA "Don't let school get in the way of an education" -Stoker '88-89 Date: Thu, 15 Feb 90 11:22 MDT From: "David D. Grisham" Subject: ACF2 query To: security@ubvm WE are planning to implement ACF2 on our 3081-9370 setup. I am in the preliminary stages of the project and already see lots of problems. My two biggest problems are converting three (1 way) encrypted password files to one that ACF2 can use and establishing a common UID or LogonID from multiple operating systems which have different standards. Would anyone who has recently installed or coordinated an installation be willing to share some of the problems and solutions to getting this package up in a university environment? Thanks in advance. dave Dave Grisham, Security Administrator, CIRT Phone (505) 277-8032 University of New Mexico USENET DAVE@hydra.UNM.EDU Albuquerque, New Mexico 87131 BITNET DAVE@UNMB Date: Wed, 21 Feb 90 13:13:03 CST From: kevin@ferris.cray.com (Kevin Bluml) Subject: Re: criminal intelligence To: security-request@rutgers.edu At least in Minnesota (and I'd bet elsewhere) the police have NO Information on what you have - Operation ID merely gets you a number for reference that YOU put on your items of value - The ONLY time you give info to the police is IF you lose something (burglary, robbery) and want them to know about it, list it with the appropriate databases etc.. Sorry, couldn't let it pass, Operation ID is a good program, but it won't work if people don't understand how it functions.. -- From: Kevin V. Bluml - Cray Research Inc. 612-681-3036 USmail - 1440 - Northland Drive Mendota Heights, MN 55120 Internet - kevin@ferris.cray.com UUCP - uunet!cray!ferris!kevin Date: Mon, 19 Feb 90 19:17:17 -0500 (EST) From: Christopher Gene Behanna Subject: Honda motorcycle keys To: security@pyrite.rutgers.edu Recently, a friend of mine bought a 1983 Honda Shadow 750. He tried his key in my 1985 Honda Shadow 700, and was able to unlock the forks as well as turn on the ignition circuit. Ditto my key in his bike. For laughs, we tried our keys on his roommate's 1983 Honda CB1000, and we were both able to turn the parking light on (we couldn't turn the cylinder the rest of the way to "on"). Now, what I want to know is, does Honda consider this a feature or a bug? IMHO, selling a bike that any owner of a similar bike can come along and steal (for parts or otherwise), is a great act of irresponsibility on the part of the manufacturer. I'm not terribly worried--I have an enormous folding steel lock that I use on my front wheel, but folks who don't have an extra $50 lying around to buy a similar lock SHOULD worry. Chris BeHanna behanna@reagan.psc.edu Date: Mon, 19 Feb 90 06:54 CST From: douglas@ddsw1.mcs.com (Douglas Mason) Subject: Re: tapes and x-ray machines To: misc-security@rutgers.edu If this makes you sleep any better (ha!) I became paranoid about my film going through x-ray machines and purchased a 'lead film bag'. Since I have had it, I have been through Heathrow airport in London three times now, and have NEVER had it checked. I put it in with my carry-on and every time I watch myself as it goes through 2 different x-ray machines every time I depart and saw for myself that it shows up as a completely solid object - you can't see anything inside at all. Isn't Heathrow supposed to have beefed up their security? I was there over Christmas when the big hype of a bomb was at it's peak -- still didn't check. These bags are about the size of an average lunch sack. On the other hand, Chicago's O'Hare airport has checked it EVERY time that I have gone through there, and I frequent that place! -Douglas Mason -- Douglas T. Mason | douglas@ddsw1.UUCP or dtmason@m-net | Date: 21 Feb 90 07:27:52 PST (Wednesday) From: "chaz_heritage.WGC1RX"@xerox.com Subject: Them Locks Are Easy To: security-request@pyrite.rutgers.edu Ford locks have long been notorious for this sort of thing (hence the line above from Alexei Sayle's song). My kid brother once went to a rock festival where he was able to open and start seven Fords using the fish descaler on his Swiss knife (the owners were suitably surprised on waking to find their cars apparently eager to depart before the main event). Moaning at car manufacturers for providing rotten security is unlikely to succeed. They make so much money selling people parts to replace things smashed by thieves that it's hardly worth their while improving matters. And, if someone's whole car goes AWOL, well, that's another new car sale for them, isn't it? Better to rely on one's own (preferably vicious and devious) ingenuity. I have some ideas, if anyone's interested, since I'm currently building a new car. Expensive electronic gadgets aren't necessarily the answer. Mechanical solutions seem to be the best. Regards, Chaz Date: Tue, 20 Feb 90 19:11:04 GMT From: ehrlich@psuvax1.cs.psu.edu (Daniel Ehrlich) Subject: Re: Cardkey locks To: security@pyrite.rutgers.edu We are using an insertion card key reader lock from MagTek, MT-215232. It comes in three different models depending on which track(s) you want to read off of the magnetic stripe. The MT-215232 comes with an RS-232 interface but no power supply or housing. The units are inexspensive (~$150/each) and after have our hardware tech whip up the neccessary power supply and interface hard ware it came to about $280 per door. This includes the electric striker for the door and associated realays and electronics. MagTek also makes `swipe' style card readers like the ones used to read you credit card when a store needs to have a purchase authorized. I beleive that these come with a power supply, et al. MagTek's address and phone number are: MAG-TEK, Inc. 20725 South Annalee Avenue Carson, CA 90746 +1 213 631 8602 They also make magnetic card programmers. The security implications of having one of these is mind blowing. -- Dan Ehrlich Voice: +1 814 863 1142 FAX: +1 814 865 3176 Date: 21 Feb 90 11:02:13 PST (Wednesday) From: "Court_K_Packer.wbst845"@xerox.com Subject: Re: Security Digest To: security-request@pyrite.rutgers.edu I'm told by a friend that ignition keys can be made for Volvos and Saabs by just having the last three digits of the VIN number. If this is true, what prevents someone from getting the VIN number through the windshield and going to a dealer and having a key cut? Would the dealer ask to see some proof of ownership? Date: 21 Feb 90 09:26:42 EST (Wed) From: simsong@prose.cambridge.ma.us (Simson L. Garfinkel) Subject: tapes and x-ray machines To: MFOWLER@gtri01.bitnet Cc: security@pyrite.rutgers.edu For the record, X-ray machines will not damage film less than 1000 speed. Most film used is 200 or 400. I also sent all my (exposed and unexposed) film through the X-ray machines in multiple airports with no problems. This is not strictly true. Modern X-ray machines will not damage film of 400 or less. In Europe and the third world you will find many X-ray machines that will blow away 100 ISO film. Date: 21 Feb 90 15:26:52 GMT From: piet@cs.ruu.nl (Piet van Oostrum) Subject: Article from Computers and security To: misc-security@hp4nl.nluug.nl I am looking for the following article: Ben. F. Barton & Marthalee S. Barton, User-friendly password methods for computer-mediated information systems, Computers and Security 3, 3 (Aug 1984), pp. 186-195. Just an indication (abstract) of the techniques used would be enough, although a fax copy would be appreciated. We don't have the mag in the library here. -- Piet* van Oostrum, Dept of Computer Science, Utrecht University, Padualaan 14, P.O. Box 80.089, 3508 TB Utrecht, The Netherlands. Telephone: +31-30-531806 Uucp: uunet!mcsun!hp4nl!ruuinf!piet Telefax: +31-30-513791 Internet: piet@cs.ruu.nl (*`Pete') Date: 22 Feb 90 23:41:07 GMT From: kgdykes@watmath.waterloo.edu (Ken Dykes) Subject: Re: Computer Forged Documents - money To: misc-security@watmath.waterloo.edu >Dutch paper currency is produced with state-of-the-art printing techniques. Canada is much the same way. In fact, our new $50 bill release about 6 months ago now features a metallicized "hologram" patch similar to those used on major credit cards. (but much more flexible/durable) i like to see a colour photocopier reproduce a metalicized effect! Our bill designs from the last few years also feature MACHINE READABLE serial numbers for nifty swift banking machine sorting, etc. Technology in money! The USofA amazes me, it's got the largest market to make a counterfeit worthwhile, and yet probably the oldest "active" currency technology... -ken -- - Ken Dykes, Software Development Group, UofWaterloo, Canada [43.47N 80.52W] kgdykes@watmath.waterloo.edu [129.97.128.1] kgdykes@waterloo.csnet kgdykes@water.bitnet watmath!kgdykes postmaster@watbun.waterloo.edu B8 s+ f+ w t e m r Date: Wed, 21 Feb 1990 10:24:56 MST From: GAVRON@mpx0.lampf.lanl.gov (Ehud Gavron@lampf.lanl.gov, gavron@lampf.bitnet) Subject: RE: Misuse of Address To: security@pyrite.rutgers.edu There are always going to be people of poor ethics who abuse whatever information be it from .sig files, the phone book, a campus directory, etecetera. What would be nice is if these places that accept orders would 1) request a phone number to call back and confirm the order. 2) Take down a credit card number to charge if problems occur (and verify it online). 3) Store all that info interactively until you make your first payment on the subscription or whatever. Asbsetos: Yes, I realize that this will increase the cost of handling. But it's about time the $4.95 shipping and HANDLING was used for something other than "added dealer profit" :-) ------------------------------------------------------------------- | Ehud Gavron, System Manager gavron@lampf.lanl.gov (internet)| | Los Alamos National Laboratory gavron@lampf (bitnet) | | Meson Physics Division DAC cmcl2!lanl!eg (uucp) | | (505)665-1131/667-9288 1029::55295::GAVRON (SPAN) | ------------------------------------------------------------------- Date: 23 Feb 90 02:51:15 GMT From: kelly@uts.amdahl.com (Kelly Goen) Subject: Re: RE: Home Alarm Installations, R.S. Setups To: misc-security@ames.arc.nasa.gov Let us not forget Ademco here with the vista-xm systems both polling , wireless and hardwired zones available.... and you can run duplex receivers for those difficult setups... cheers kelly Date: Thu, 1 Mar 90 19:38:02 MST From: jimkirk@outlaw.uwyo.edu (James Kirkpatrick) Subject: Medeco vs Keso vs Kaba To: security@pyrite.rutgers.edu Any opinions of the Medeco lock versus the Seargent Keso versus the Kaba lock? The application would be on a safe door, and one consideration beyond security against picking or destructive entry would be vandalism by a frustrated burglar, which could lock out the legitimate owner. The Keso and Kaba seem very similar apart from the angle of the Kaba's cuts, but I don't know how much better/worse they might be compared against Medeco. [for theurious, Keso and Kaba keys are flat with "dimples" of varying depth which match opposing rows of pins in the cylinder; the key is not one that can be easily duplicated, and with up to 20 pins it is difficult to pick open!] Date: 23 Feb 90 22:12:32 GMT From: brian@ucsd.edu (Brian Kantor) Subject: Re: cop detectors To: misc-security@ucsd.edu On the other hand, a good quality scanner will hear the local oscillator on some of the older police radios in this town for more than a block or two. That's far enough away to slow down! Typically if you know the brand and model of radio, and the dispatch frequencies, you can easily figure the LO freq and there you are. - Brian Date: 23 Feb 90 18:41:46 GMT From: parnass@cbnewse.att.com (Bob Parnass, AJ9S) Subject: Re: cop detectors To: misc-security@att.att.com I can tell when an Illinois State Trooper is nearby -- I hear his low power, in-car mobile repeater on 155.505 MHz, a frequency I monitor using my scanner when I'm on the highway. Other states and some counties and towns use similar equipment. -- ============================================================================ Bob Parnass, AJ9S - AT&T Bell Laboratories - att!ihuxz!parnass (708)979-5414 Date: Wed, 28 Feb 90 15:25:30 est From: Pete_Simpson@dgc.mceo.dg.com Subject: Re: cop detectors To: misc-security@ames.arc.nasa.gov CEO summary: When I'm in my car, I always have the 2-meter ham radio tuned to 145.27 Mhz. The state interdepartmental cop frequency is 158.97 Mhz. Whenever I drive through 2 towns in the area, I get an intermittent signal which will break my squelch. It only happens outside the PD or near a cruiser. They all have scanning receivers and the frequency difference is 13.7 Mhz, close enough to IF frequency for me. Apparently, there's enough local oscillator leakage out the antenna of some of the radios they're using to be detectable a block or so away. With the new wideband synthesised radios, the filtering is not tight enough to knock down the local oscillator signal enough (remember, it's only 10.7 Mhz away from the RX freq. and the band runs from 150 - 170 Mhz). Date: 23-FEB-1990 00:04:31.53 From: geek Subject: Police repeater detection To: security@pyrite.rutgers.edu Due to a leaky memory, I do not recall all details, but about a month or two ago I spotted an item in a "yuppie catalog" that purported to detect patrol cars up to away by picking up their repeater signals. The device was designed to be vehicle mounted (so as to pick up police using radar that is only turned on when you are in sight). Of course, it relies on the supposition that the officers left their repeaters on while in the vehicle [they acknowledged this but claimed that most do in fact leave their repeaters on]. The device did not broadcast what it received, it only indicated that something was being broadcast. Anybody seen anything similar? Any comments on range/feasability/other problems? -kevin krainier@eagle.wesleyan.edu krainier@wesleyan.bitnet Date: 3 Mar 90 03:58:26 GMT From: kelly@uts.amdahl.com (Kelly Goen) Subject: Re: Home security To: misc-security@ames.arc.nasa.gov >Regarding window grates, what are the options these days in security >versus being able to get out from the inside quickly in case of fire AGREED... Window grates are hazradous.... Try 3/16" GE UV Stabilized LEXAN plastic...remember to use Epoxy based putties when replacing the glass in the window frame.... the plastic will take more impact than the iron bars and doesnt give you a feeling of being behind bars.... REMEMBER to UPGRADE the Window Locking System as this is the weakest part beside the glass on most windows....you might ask if its tough enough MY side shed window Aluminum Frame took 27 impacts with a 15 lb sledge before the 2x4 frame the window frame was attached to splintered... the Iron bars I tested fell prey with 10 seconds to a 7 ft wrecking bar... Give me LEXAN every TIME!!! cheers kelly Date: 23 Feb 90 23:56:52 GMT From: kodak!ornitz@cs.rochester.edu (Barry Ornitz) Subject: Re: cop detectors To: misc-security@rutgers.edu Actually, ignoring the other radios might be a trivial task if they operate on different frequencies than the police. The problem is that while a police department might only operate on a small number of frequencies, they can use any number of different brands and models of radios each having different intermediate frequencies. Thus, a number of local oscillator frequencies might have to be monitored. It might be possible in any given area for two different models of radios operating on two different frequencies to have the same local oscillator frequency, but it is not likely. Unfortunately, a first intermediate frequency of 10.7 MHz is standard for a large number of VHF radios. In this case the number of local oscillator frequencies is greatly reduced. Older models of many radios typically did not standardize on the IFs in common use today. A much more difficult problem is the issue of sensitivity. By FCC rules, local oscillator radiation must be attenuated to low levels. These levels are so low that detection would be nearly impossible over any useful range with today's radios. This was not the case with most receivers before the mid-1950s or so (the ones with the radiating local oscillators - RF amplifier stages were often not used ahead of the first mixer in early days). While the sensitivity of the detecting receivers has increased over the years, it has been inadequate to keep up with the decreasing amplitude of radiated LO signals. To conclude, I believe this to be a non-problem with equipment available to the ordinary burgler. While a pocket scanner might receive all of the local oscillator frequencies used by the local police, its detection range would likely be less than a hundred feet. ----------------- | ___ ________ | Dr. Barry L. Ornitz WA4VZQ | | / / | | UUCP: ....rutgers!rochester!kodak!ornitz | | / / | | Eastman Kodak Company | |< < K O D A K| | Eastman Chemical Company Research Laboratories | | \ \ | | P. O. Box 1972, Building 167B | |__\ \________| | Kingsport, TN 37662 615/229-4904 | | INTERNET: ornitz@kodak.kodak.com ----------------- Date: Fri, 02 Mar 90 09:59:55 -0900 From: "ROBYN L ROBERTSON" Subject: Re: Home security To: security@pyrite.rutgers.edu >Regarding window grates, what are the options these days in security >versus being able to get out from the inside quickly in case of fire I solved a similar problem with a set of exploding security bolts. I have not seen these in the U.S., but I expect they are available. They are available in varying diameters and treads, with shear points set at the level desired for the given application. Detonation is accomplished by running a fairly low voltage current of a minimum amperage determined by the number and type of explosive shear bolts used(the electrical line activating the detonation should have a predicted resistance, depending upon the type of shear bolts, and whether they are wired in series or parallel: CAUTION: UNDER NO CIRCUMSTANCES USE A NORMAL VOM OR DVM TO CHECK LINE RESISTANCE, USE ONLY A 'BLASTING OHM-METER') through the detonation curcuit. In event of a compromise of electrical power to the shear bolt system, it is customary to include a back-up power supply, the design and implimentation of which I leave as an exercise to the student. In practice, this sort of emergency escape route is an escape route of 'last resort'. You do not want such a pathway, in extremis, to be compromised. I might note that in the applications where I have seen such bolts used, there has been very narrow access to the area under security, and so casual visitors setting off the escape-route shear bolts was a non-existant problem. In a residence, I would suggest that it might be appropriate to add a fast (perhaps three digit?) number-pad lock on each emergency exit so armed. I also warn that the heads of the bolts, which contain one wire(the bolt body providing 'ground'), should be installed in a manner to preclude tampering. Finally, if detonation will allow explosion debris(very minimal, in most cases) or the security grate to intrude upon property not under the owner's control, there may be legal implications should someone be injured. I have no particular expertise in this area, but I can easily envision, at least in the litigious U.S, some creatin of a felon, minus three fingers on one hand, standing in court beside his equally mercenary American attorney, filing for damages sufferred when your security grate blew up in his face while the gentleman was otherwise occupied attempting to cut through one of the shear bolts holding said security grate in place. Robyn Robertson BITNET: FSRLR@ALASKA Internet: fsrlr@acad3.fai.alaska.edu P.S. Normal precautions re isolation and segmentation of the overal system into descrete sub-units should obtain here, as one would expect. It does no good to have a fancy system to blow all thirty-five windows in a structure free of security grates if a fire on the first floor burns the insulation off critical connections, leading to a short which disables the entire system. Date: 24 Feb 90 06:13:45 GMT From: kelly@uts.amdahl.com (Kelly Goen) Subject: Re: Who (Specificly) has Morris' Worm Code? To: misc-security@ames.arc.nasa.gov the Internet worm code is also available from 2600 Magazine... as mr. spafford says it really isnt THAT special.... cheers kelly Date: 23 FEB 90 00:17:43 CDT From: MARK KINSLER Subject: Slim jims To: I bought one at a store in the Strip District of Pittsburgh. I think Buffalo or some other fine tool manufacturer stamps them out. Check at one of these semi-permanent flea market tool stands where they sell a lot of duct tape and Taiwanese torque wrenches and you'll probably have some luck. You'd think that the sort of auto parts store that sell lots of chrome-plated hood locks and gearshift knobs would have them, but they don't. , U of Southern Mississippi, Gulf Coast Date: Thu, 01 Mar 90 00:05:41 CST From: Mark Parr Subject: Re: Computer Abuse / Product Liability / Criminal Statutes / ECPA To: security@pyrite.rutgers.edu > What is Hacking? Is it what people did in the late 70's with Apple II >computers or Macs? Is it righting efficient code (theres plenty of people, With the different stuff happening over that last few years -- Internet Worm, viruses, computer fraud, etc. -- the almighty PRESS has given the term "HACKER" a bad rap.......it's about time they, as well as others, come up with new terms other than "hacker(s)" to describe these actions. [Moderator add-on: "Crackers" has been suggested many times. This is the press we're talking about, though... _H*] Date: 26 Feb 90 16:20:24 GMT From: trwacs!epstein@uunet.uu.net (Jeremy Epstein) Subject: Re: Answerback To: misc-security@uunet.uu.net I worked on one system that used answerbacks to automatically log users in (i.e., you dialed in, the system queried for the answerback code, and logged you in appropriately based on your answerback value). The reason was that TERMINALS were licensed, not USERS. Making the user log in was (a) worthless (since they would tape the login and password on the terminal), (b) aggravating to the naive users, and (c) a competitive disadvantage, since others in the same market didn't require it. In short, that particular customer would be VERY upset if answerback facilities were removed. Falsifying answerbacks wasn't a big problem, since they were picked randomly from a large universe of possible values. -- Jeremy Epstein epstein@trwacs.uu.net TRW Systems Division 703-876-4202 Date: 2 Mar 90 03:59:45 GMT From: Doug Gwyn Subject: Re: Answerbacks / Vendor Liability To: misc-security@rutgers.edu >Would not a simpler rule be "Commit a felony: go to jail"? Why involve >computers in the discussion? Right on! Every time lawmakers try to spell out details, they end up with loopholes, simply because specificity implies lack of coverage. There is nothing magic about computers, or guns for that matter; whether or not an act is a crime should not depend on the tools used. >> FINAL COMMENT: The INTERNET virus should be treated as a product liability >> question. In my opinion, DEC and SUN should pay the cost of the cleanup I've never seen any claims by DEC, Sun, or more to the point, UCB that their UNIX-based operating systems were secure; have you? What is the point of making innocent manufacturers responsible for some person's malicious abuse of their products? You're trying to punish the wrong people.. Date: Wed, 28 Feb 90 09:27 EST From: Subject: Bank card tricks in Toronto To: SECURITY@pyrite.rutgers.edu Here in Toronto about a year ago there was a story in the paper about a fellow who had the technology to make bank machine cards; ie, a card blank and a mag stripe recorder. He looked over people's shoulders at bank machines and memorized their access numbers, then picked up their receipt slips which they left on top of the garbage pile or threw on the floor. The slips have the card number on them; that's all he needed to make a duplicate. Since he knew each person's access code, you can guess the rest. (The story detailed his conviction, by the way; someone, somehow, convinced their bank that they weren't making these withdrawals.) What this means is that there needs to be no extra information on the card, just the account number (and the access code?). I always figured that each card itself had, essentially, its own access code, to convice the bank that it was valid, but I guess I overestimated the banks... Does anyone know if the access code is, in fact, also on the mag stripe? I always also assumed it wasn't (oh hopeful me) but some people claim it is. Chip Campbell Toronto Bitnet: campbell@utoroci Date: 1 Mar 90 13:02:33 GMT From: randall@uvaarpa.virginia.edu (Randall Atkinson) Subject: Re: Answerbacks / Vendor Liability To: misc-security@uunet.uu.net Larry Kilgallen's note implied that DEC's sendmail as distributed was trustworthy. This is not the case. DEC's Ultrix (port of 4.2 BSD) has different bugs and different security holes from the standard UCB distribution. In my experience, it has not been any more or less trustworthy than pure BSD. Although the recent note from CERT about problems in sendmail only referenced SunOS, the problem was in fact present in other vendors sendmail as well (including Ultrix 3). One of the disconcerting things about AT&T's UNIX System V, Release 4 is that it is capable of running many (most ?) BSD sources without conversion. One problem with portable software and standardising OS behaviour is that something that is a problem on one machine is also likely to be a problem on another machine. This makes networks more susceptible to worms and virii just as with humans when a group is genetically homogeneous they are more susceptible to plagues and such. I should note here that I am a very strong supporter of most standardisation issues and strongly believe that the combination of POSIX efforts and the recent ANSI C standard are both very desirable. I just want to point out that there are mixed blessings to it all. In general, electronic security and trusted systems are a very subtle business. The more one learns, the less certain one becomes of anything. Randall Atkinson randall@Virginia.EDU Date: Fri, 23 Feb 90 12:25:13 -0900 From: "ROBYN L ROBERTSON" Subject: RE: cordless privacy To: security@pyrite.rutgers.edu > I notice the same thing that Jim had mentioned, what criminals take >advantage of are people/organizations who often do stupid things that >allow crimes to be committed ie: leaving car keys in car; open windows; I think that criminals in general tend to look for the easy sting, you are right about this in my view. >I hate people who goes around yelling about intelligence levels of any group; >in my book; getting caught committing the crime is stupidity. Come, come now! Surely you do not mean this part where you say, "I hate people who goes around yelling about intelligence levels of any group." Since I think I started this 'criminal intelligence' pilpul, I feel obligated to respond to this remark. First of all, if I was, "...yelling..." about the respective intelligence of criminals, I did not mean to be so shrill. As for the hate, ma yesh ma? Bad news, so lets kill the messenger? Absurd. As far as DETECTED criminals being somewhat lowbrow, I believe clear statistics demonstrate that my opinion is not just some sort of slur against a minority(criminals), merely a statement of obvious fact. In general, I believe WAIS tests average out at a statistically significant measure below the norm, and that general wealth of knowledge tends to be obviously below normal among criminals. Of course, my universe of discourse is restricted to DETECTED criminals. If there exists a significant subset of criminals that are undetected, data on them is largely unavailable, or tends to be so soft it is virtually worthless. I also feel obligated to exclude criminals like Lincoln Savings and Loan's Mr. Keating, since the wealth of such people as a rule (though not always), places them **outside** of the laws people with lesser incomes must face. I think it was Heinlin who wrote that anyone demanding justice must be either very wealthy or very desperate. Nu, any highbrow criminals out there in netland that want to address this issue? ============================================================================ Robyn Robertson Internet: gsrlr@alaska.fai.alaska.edu BITNET: GSRLR@ALASKA Date: 1 Mar 90 09:05 EST From: EVERHART@arisia.dnet.ge.com Subject: RE: Answerbacks / Vendor Liability To: SECURITY@pyrite.rutgers.edu Re the mail vulnerability being fixed in VMS VAXmail, it was also fixed several years earlier by the Software Tools mail, which also filtered control characters. This fix is now ~10 years old. Unfortunately, answerbacks can be triggered all too easily and have on occasion represented serious problems. We had a situation many years ago now where someone set the answerback on one of a small number of terminals connected to a shared VAX to DEL *.*;* when someone left the terminal logged in for an extended period. Naturally this caused consternation all around. It seemed that in addition to control-E triggering the answerback, sometimes nulls might do so also. (I no longer recall what terminal type this was.) In this case, the factor that saved the day was sufficiently paranoid systems people: they had daily backups and could restore the lost files. I believe that this is what is called for, rather than appeals to finding fault with manufacturers or even than finding fault with careless experimenters. (I know of some network meltdowns that have clearly been due to errors while attempting what should have been legitimate activities. The Morris case might have been similar, as well.) Who hasn't experienced accidental deletion of files? If we are to benefit from computing, we maximize that benefit by sharing information. It is everyone's responsibility to take adequate care while doing so. More than ever, regular and adequate backups are an essential part of this. This issue should be considered before buying a computer of any type, and in any use of same. Our VAXen are backed up regularly; my home machine and office pc's have nothing on hard disk that isn't on floppies also. This confers some safety. I consider the office pc a prime candidate for disaster though, as backups are difficult enough to be rare, and disks do crash now and then. Hopefully our next generation of appliance computers will contain backup devices of some sort. If they do not, it is the purchaser who is to blame for losses caused by damage FROM WHATEVER CAUSE to that data. The same applies to shared systems. Glenn Everhart Date: 2 Mar 90 23:04:31 GMT From: Doug Gwyn Subject: Re: thermal lances (was: vault doors) To: misc-security@rutgers.edu Anyone who hasn't seen one of these in action is advised to check out the movie "Thief" (starring James Caan) at your local video rental store. Date: Fri, 2 Mar 90 22:11:01 -0500 From: owen blevins Subject: NATIONAL SECURITY ARCHIVES To: -v@silver.ucs.indiana.edu, security@ohstvma.bitnet Anyone dealth with the NSA? What are they? What research materials do they provide? any and all information would be greatly appreciated! thanks. blevinso@silver.ucs.indiana.edu Date: Fri, 2 Mar 90 10:19:07 PST From: rex@isdmnl.menlo.usgs.gov (Rex Sanders) Subject: RE: Security Auditing To: security@pyrite.rutgers.edu A few years ago, I wrote and distributed a program named "cfs" (check file status) that can run around a system recording & checking file stats. Cfs made it onto one of the last Usenix tapes, and might be somewhere on uunet. Cfs runs fast (compared to shell scripts) - checks stats on over 1000 files in about 45 seconds on a wheezing old VAX 750. If you can't find cfs in some local Unix sources archive, let me know. -- Rex Sanders, US Geological Survey rex@isdmnl.menlo.usgs.gov Date: 3 Mar 90 04:05:31 GMT From: kelly@uts.amdahl.com (Kelly Goen) Subject: Re: Fire Sprinkler Cameras To: misc-security@ames.arc.nasa.gov >They are built into regular sprinkler heads which have been slightly >modified to fit a small mirror assembly.... >The company there that was marketing the things is Visual Methods, in >Westwood NJ. _H*] Yehah I checked on this one.... Friends those $500.00 sprinkler fixture are overpriced PLASTIC(RIGHT 500.00 for plastic) JUNK... out of 6 ordered 4 failed during installtion and setup....all were sent back to the distributor... have to wait until a better one is available... cheers kelly p.s. There are much better hidden cameras on the market just check any issue of CCTV Magazine... Date: 2 Mar 90 09:45 EST From: EVERHART@arisia.dnet.ge.com Subject: RE: Re: Field service spying? To: SECURITY@pyrite.rutgers.edu Apparently this sw_inventory.com thing was from one of the local offices; the general DEC field people in my area know nothing of it but took a copy from me to see if they can find where it came from. Seems it's got problems with their corporate policy too. In DEC's defense they have tried to make it clear that the field account should be DISUSERed except when in use. The procedure will ONLY tell about dec images; it looks for .exe images in default locations; at least that's what it did on VMS 4.7 where I tested it; that can be sensitive, but there's nothing there that would tell anything about non-dec images unless they happen to live in the same places the DEC ones do, with the same logicals and same filenames. The procedure was not run by field here. Glenn Everhart Date: Thu, 1 Mar 90 19:18:33 EST From: wcs@erebus.att.com (William Clare Stewart) Subject: Re: cordless privacy To: misc-security@att.att.com ]I am no lawyer, but I think you ony need the consent of one of the ]parties in order to legally record a phone conversation - at least Well, first of all, Canada and the US have different laws. In the US, a court decision a couple years back decided that cordless phones, unlike wire-based phones, do not give you a legal right to privacy for the segment of the connection that is broadcast between the handset and the base (though I suppose the connection from the base to the wall and beyond is protected.) Second, just because the people have reasonable expectations of a right of privacy against government eavesdropping, that doesn't mean that the *government* respects those rights, and the courts have been supporting the government rather than the people in a lot of recent cases. Bill -- # Bill Stewart AT&T Bell Labs 4M312 Holmdel NJ 201-949-0705 erebus.att.com!wcs # Fax 949-4876. Sometimes found at Somerset 201-271-4712 # He put on the goggles, waved his data glove, and walked off into cyberspace. # Wasn't seen again for days. Date: 23 Feb 90 23:58:46 GMT From: wales@cs.ucla.edu (Rich Wales) Subject: Re: Computer Forged Documents To: misc-security@uunet.uu.net The new Canadian $50 note includes a small metallic patch that changes color from gold to green, depending on the viewing angle. I assume the Bank of Canada (the government agency responsible for the money supply) plans eventually to introduce these feature on smaller notes as well. The current series of Canadian bank notes also use quite a bit of extremely small printing that presumably cannot be copied well. For example, the front central portion of the note contains line after line repeatedly saying "BANK OF CANADA 50 BANQUE DU CANADA 50" (substitute the appropriate number in place of "50" for other denominations). Also, there is a large field of wavy lines in a range of pastel colors; the lines themselves are made up of tiny "50"s (or whatever number corres- ponds to the value of the note). Additionally, Canadian bank notes are printed using an intaglio (raised relief) technique -- creating a texture that can be felt on all but very old notes, and which presumably cannot be duplicated by a copier. -- Rich Wales // UCLA Computer Science Department 3531 Boelter Hall // Los Angeles, CA 90024-1596 // +1 (213) 825-5683 "Then they hurl heavy objects. . . . And claw at you. . . ." Date: Thu, 1 Mar 90 19:20:12 MST From: jimkirk@outlaw.uwyo.edu (James Kirkpatrick) Subject: Digital Signature in business? To: security@pyrite.rutgers.edu Does anybody know if Digital Signature is still in business? They used to make a package called CryptMaster (RSA and an RSA/DES hybrid), but directory assistance in Chicago does not have a listing for them. Did they move or did they fold? Date: Fri, 02 Mar 90 10:20:06 GMT From: MCGDAKI@cms.manchester-computing-centre.ac.uk Subject: Domestic burglar alarms... To: security@pyrite.rutgers.edu I am considering doing a domestic system and the inertia sensors coupled with an analyser appeals to me for perimeter protection. Has anyone had experience using these and how good are they for reliability and immunity to false alarms? Arnold Kirk Date: Sat, 3 Mar 90 15:01:49 EST From: eichin@mit.edu (Mark W. Eichin) Subject: Re: Who (Specificly) has Morris' Worm Code? To: reynhout@wpi.wpi.edu Cc: misc-security@husc6.harvard.edu What I've been wondering (since reading the early Cornell report) is Did Morris actually use Unix crypt(1) to protect his files? And (as the Cornell report claimed) given that they were able to break them, did they make use of Bob Baldwin's Crypt Breaker's Workshop? _Mark_ Date: Sat, 3 Mar 90 13:01 EST From: David Hoelzer Subject: Cameras To: security@ohstvma I've helped to design a number of camera boxes, including a converted slide projector, emergency fire lights, and thermostats.. I'll tell you the truth .. Dont bother trying to tell the difference.. We had a camera in full view on top of a vending machine.. We set some other stuff up there too (like boxes and wires.. just junk)... The first two days, everyone just looked at it.. The chairman of the company asked what it was doing there.. Well.. We told him, and later that night one of the security guards, who had seen this camera sitting there, walked out of the building with a few boxes of paper... Needless to say, he was shocked when he saw the footage.. He claimed, "How'd you get that!!! That Camera is broken!!". People assume what they like.. No one has yet realized what the thermostat is, nor the fire box.. The slide projector has caught ten people... One of them even tried to steal it, until they realized that it was hooked into the wall... DSH Date: 03 Mar 90 09:27:41+0100 From: Joseph C. Pistritto Subject: Re: Home security To: kelly@uts.amdahl.com Cc: misc-security@ames.arc.nasa.gov Well, there ARE other techniques that work against LEXAN. In particular heating it up will make it bend, allowing sheets to be bent and popped from the window frame. They used LEXAN in the 'escape-proof' new jail in Towson, Maryland several years ago. Took the inmates about 3 months to figure away to make a blowtorch from an aerosol can, point at lexan, heat for several minutes, kick out panel. They put bars in after that... With suitable reinforcing, and by keeping the panes small enough, this problem could possibly be avoided. An interesting possibility is making those 'colonial' style windows where the panes are about 8 inches by 12 inches, with the panes being Lexan and the normally wood barriers between pains being made instead from steel would probably work nicely, without even having the 'look' of security, if that's what you want. ====================================================================== Joseph C. Pistritto HB9NBB N3CKF 'Think of it as Evolution in Action' (J.Pournelle) Ciba Geigy AG, R1241.1.01, Postfach CH4002 Basel, Switzerland Internet: jcp@brl.mil Phone: (+41) 61 697 6155 Bitnet: bpistr%cgch.uucp@cernvax.bitnet Fax: (+41) 61 697 2435 Also: cgch!bpistr@mcsun.eu.net Date: Mon, 5 Mar 90 8:11:07 CST From: "Mark D. McKamey IM SA" Subject: Video camera devices To: security@pyrite.rutgers.edu Hello All, I've recently seen a number of "trick" video camera devices demonstrated on TV. The teddy bear with a video camera in its belly, and the TV that video ta tapes the TV viewer while he/she watches the TV. I am trying to find out who sells devices such as these, and is there any illegal implications of using one of these devices to video tape how a babysitter treats a child while the parents are out of the house? Mark mark@ria-emh2.army.mil Date: 1 Mar 90 20:42:12 GMT From: hollombe%sdcsvax@ttidca.tti.com (The Polymath) Subject: Re: Credit Card Fraud... To: misc-security@sdcsvax.ucsd.edu }... a couple of students were able to get a hold of a credit-card }magnetic stip recorder somehow. ... There needn't be any "somehow" about it. You can build one with less than $50 worth of parts from Radio Shack. The requirements are defined in an ANSI standard, right down to the magnetic flux density of the mag-stripe recording, and available as public information. Scary, isn't it? -- The Polymath (aka: Jerry Hollombe, hollombe@ttidca.tti.com) Illegitimis non Citicorp(+)TTI Carborundum 3100 Ocean Park Blvd. (213) 450-9111, x2483 Santa Monica, CA 90405 {csun | philabs | psivax}!ttidca!hollombe Date: 02 March 1990 05:34 CST From: "Grant Hoover" Subject: Caller ID To: security@pyrite.rutgers.edu > Now that Bell is providing caller id service in some areas I > was wondering if I could capture the number of the caller and Before you get out your soldering iron, keep in mind the bill that Congress might pass that would require the local phone companies to offer blocking. Once this option is in place, the people attacking your BBS will probably use it, and you won't get the chance to capture any numbers. ____ _____ ___ __ __ ______ / | _ \ / \ | \| | |__ __| . . | ___ | < / ^ \ | | | | . \____/ |__|\__| /_/---\_\ |__|\__| |__| \___/ Grant Hoover * University of Illinois at Chicago Bitnet u26264@uicvm * CompuServe 76370,314 Internet u26264@uicvm.cc.uic.edu * GEnie G.HOOVER6 Date: Mon Mar 05 01:10:28 CEST 1990 From: rop@neabbs.UUCP (HACK-TIC) Subject: Re: Computer Abuse / Product Liability / Criminal Statutes / ECPA To: hp4nl!misc-security@relay.eu.net Maybe a good definition of a hacker: A hacker is someone who is too busy doing weird things using technology to concern him/herself with defining the term 'hacker'. I don't mean to kill a good discussion here, I just feel that discussions about the definition of the term 'hacker' tend to get boring and predictable after two or three messages. Much more interesting (reffering to the 2nd of March message) is the question wether playing a game on a computer 20.000 miles away isn't a much more efficient way of learning something than going to school in the first place. Rop Gonggrijp, editor of Hack-Tic, a magazine for Dutch hackers.... Date: Sun, 4 Mar 90 16:41:37 GMT From: jik@athena.mit.edu (Jonathan I. Kamens) Subject: Re: Who (Specificly) has Morris' Worm Code? To: security@pyrite.rutgers.edu Just how easy do you think it is to disassemble a program from machine language into source code form? Granted, Morris made it a little bit easier by failing to strip off the symbol tables before "letting loose" the binaries (There are hypotheses that he did so because he was "in a hurry"...), but he made it harder by XOR'ing all the strings in the entire binary. Yes, it was POSSIBLE to reverse engineer from the binary to the source code. However, I wouldn't say that it only takes "a little reverse-engineering" to do so. I'd say it takes more "reverse-engineering" than most system administrators have the knowledge, time or desire to put into it. Jonathan Kamens USnail: MIT Project Athena 11 Ashford Terrace jik@Athena.MIT.EDU Allston, MA 02134 Office: 617-253-8495 Home: 617-782-0710 Date: 6 Mar 90 19:30:21 GMT From: Irving Chidsey Subject: Re: Wireless Home Security Systems To: misc-security@rutgers.edu Date: 6 Mar 90 20:49:40 GMT From: spaf@cs.purdue.edu (Gene Spafford) Subject: Contest announcement To: misc-security@gatech.edu The National Center for Computer Crime Data notes with interest the considerable controversy engendered by the trial and guilty verdict in the case of Robert T. Morris. In order to expand and focus the conversation, we announce the "If I were the Robert Morris case judge" essay contest. We will award $100 to the best essay of 250 words or less suggesting the appropriate sentence for Mr. Morris. Security Magazine has agreed to publish the winning essay in its May issue. Contestants need not be familiar with the federal guidelines for sentencing, but should assume, for the purpose of their essay, that the judge can impose any sanctions he or she thinks reasonable. All essays must be received by the National Center for Computer Crime Data, 1222-B 17th Avenue, Santa Cruz, CA, 95062 by March 28, 1990. J.J. Buck BloomBecker, Esq. Director [The real sentencing for Mr. Morris will be May 4. I am not affiliated in any way with the NCCCD --spaf] -- Gene Spafford NSF/Purdue/U of Florida Software Engineering Research Center, Dept. of Computer Sciences, Purdue University, W. Lafayette IN 47907-2004 Internet: spaf@cs.purdue.edu uucp: ...!{decwrl,gatech,ucbvax}!purdue!spaf Date: Wed, 7 Mar 90 10:36:00 -0500 From: nitrex!rbl@uunet.uu.net Subject: Re: Opening an old safe? To: security@pyrite.rutgers.edu There is a locksmith in the small Ohio town where my wife just opened a retail jewwelry store. His ex-wife walked up to a locked circa-1910 safe and proceeded to open it --- the combination was unknown. Her comment: "I have a stethoscope in my fingers." If the old Victor safe is anywhere nearby southeastern Ohio/PA/WV, we could arrange a contact. Rob Lake BP Research rbl@BP.COM Date: Wed, 7 Mar 90 09:55 EST From: "And now, #1, The Larch" Subject: Mutilated Currency (was Re: Bill Changers) To: SECURITY@OHSTVMA > Easy -- chop the big numbers off the corners of a $20 bill, past them > onto the corners of a $1 bill. Pass this as a $20 bill. This works. As a former bank teller at a commercial bank in Buffalo, I recall a teller actually taking one. If you must pass them off, though, don't do it at a bank - they're much to careful, and know enough to look at the *portrait* when receiving money. > Turn in the mutilated $20 for a fresh one. Yes, well...um-- mutiliated currency must have one side intact (if I recall the rules correctly). Hence it is necessary to do this dastardly deed with *two* 20's, using first one side on the first bill, and the opposite side on the other. > (no, I am not advocating the practice) Me neither. The FBI and the Treasury department do not take kindly to this practice. Try this in a bank (either with funny twenties or bringing in lots of mutilated -- you are likely to get your picture taken by those lovely cameras on the wall. Jeffrey Fordham University AEWALSH@FORDMURH Date: 3 Mar 90 10:57:29 GMT From: astieber@csd4.csd.uwm.edu (Anthony J Stieber) Subject: What IS a thermal lance (Re: vault doors, was: locks) To: misc-security@uunet.uu.net Exactly what is a thermal lance? I've seen several references to these but have been unable to figure it out from context. -- <-:(= Tony Stieber astieber@csd4.csd.uwm.edu att!uwm!uwmcsd4!astiebe