- Email: [email protected]
B1 and C2 security certification for Informix database
Computer Audit Update
tortuous break-in route", said David Gurr, SCO's UK market development manager. The flaw was originally discovered by a user on the Internet and not as a result of unauthorized entry. SCO has published a full description of the problem.
Users who need to check their systems integrity should contact their SCO support provider or ring their national SCO support.
Millions feared lost in holiday crash A combination of human error and faulty software is believed to be behind a major holiday disaster in the UK. The smouldering wreckage however belonged not to a downed Airbus, but to holiday company Airtours' Space reservation system. According to a report in Computer Weekly, estimated lost sales from the crash amount to £5 million. A company source said: "You could count the noughts dropping off Airtours' profits by the minute". The size of the losses were due in large measure to the unfortunate timing of the crash, as it coincided with with the launch of Airtours' 1994 holiday brochure. As a result, 7 000 travel agents were unable to make bookings on the system and gave their business to competitors. Airtours has played down the impact of the system failure. "Over the past 12 months the availability of this particular system has been in excess of 99%. Our track record is among the best in the industry and any further problems are extremely unlikely", said the firm's sales director Anita McErlean. If a 'black box' holding the key to the crash was found amongst the remnants of the system, the company is very reluctant to divulge its contents. Airtours has limited itself to stating that the failure was due to "an u n f o r t u n a t e combination of operator and software faults". The root of the problem however, is believed to have been in the Data General proprietary MV system, in which an operator's error corrupted the database.
18
October 1993
B1 and C2 security certification for Informix database Informix has a n n o u n c e d that its OnLine/Secure database has been recognized by the National Computer Security Centre (NCSC) as the first database to comply with B1 and C2 security levels. The company has also submitted the product for evaluation by the NCSC at the B2 level of security. "With the proliferation of client/server and distributed computing environments, the need for security, especially in commercial markets, is becoming a critical issue", said Ken Coulter, Informix's senior vice president for Europe, the Middle East and Africa. In Europe, Informix has put forward OnLine/Secure for evaluation under the IT Security Evaluation Criteria (ITSEC) level E3/F-B1 and E3/F-C2. Admiral Management Services Ltd is undertaking the evaluation as one of the four European Community Commercial Licensed Evaluation Facilities (CLEF). Tom Craig, CLEF evaluator at Admiral, commented, "Ministry of Defence system developments are creating an increasing demand for evaluated products. Products which have already been certified to the ITSEC provide a lower risk, lower cost approach to developing secure systems".
Hacker fined for university break-in A former Princeton student has been fined $500 after pleading guilty to unauthorized entry of the University computer system, according to a report in the New York Times. Luo-qi Chen, a 23-year old former doctoral student in physics, could have faced six months in jail and a fine of US$1000. By pleading guilty he was guaranteed no prison sentence. In his defence, he claimed he had hacked into the network only out of 'intellectual curiosity'. He has also been expelled from the University, although he is not to be deported to his native country, China.
@1993 Elsevier Science Publishers Ltd
tortuous break-in route", said David Gurr, SCO's UK market development manager. The flaw was originally discovered by a user on the Internet and not as a result of unauthorized entry. SCO has published a full description of the problem.
Users who need to check their systems integrity should contact their SCO support provider or ring their national SCO support.
Millions feared lost in holiday crash A combination of human error and faulty software is believed to be behind a major holiday disaster in the UK. The smouldering wreckage however belonged not to a downed Airbus, but to holiday company Airtours' Space reservation system. According to a report in Computer Weekly, estimated lost sales from the crash amount to £5 million. A company source said: "You could count the noughts dropping off Airtours' profits by the minute". The size of the losses were due in large measure to the unfortunate timing of the crash, as it coincided with with the launch of Airtours' 1994 holiday brochure. As a result, 7 000 travel agents were unable to make bookings on the system and gave their business to competitors. Airtours has played down the impact of the system failure. "Over the past 12 months the availability of this particular system has been in excess of 99%. Our track record is among the best in the industry and any further problems are extremely unlikely", said the firm's sales director Anita McErlean. If a 'black box' holding the key to the crash was found amongst the remnants of the system, the company is very reluctant to divulge its contents. Airtours has limited itself to stating that the failure was due to "an u n f o r t u n a t e combination of operator and software faults". The root of the problem however, is believed to have been in the Data General proprietary MV system, in which an operator's error corrupted the database.
18
October 1993
B1 and C2 security certification for Informix database Informix has a n n o u n c e d that its OnLine/Secure database has been recognized by the National Computer Security Centre (NCSC) as the first database to comply with B1 and C2 security levels. The company has also submitted the product for evaluation by the NCSC at the B2 level of security. "With the proliferation of client/server and distributed computing environments, the need for security, especially in commercial markets, is becoming a critical issue", said Ken Coulter, Informix's senior vice president for Europe, the Middle East and Africa. In Europe, Informix has put forward OnLine/Secure for evaluation under the IT Security Evaluation Criteria (ITSEC) level E3/F-B1 and E3/F-C2. Admiral Management Services Ltd is undertaking the evaluation as one of the four European Community Commercial Licensed Evaluation Facilities (CLEF). Tom Craig, CLEF evaluator at Admiral, commented, "Ministry of Defence system developments are creating an increasing demand for evaluated products. Products which have already been certified to the ITSEC provide a lower risk, lower cost approach to developing secure systems".
Hacker fined for university break-in A former Princeton student has been fined $500 after pleading guilty to unauthorized entry of the University computer system, according to a report in the New York Times. Luo-qi Chen, a 23-year old former doctoral student in physics, could have faced six months in jail and a fine of US$1000. By pleading guilty he was guaranteed no prison sentence. In his defence, he claimed he had hacked into the network only out of 'intellectual curiosity'. He has also been expelled from the University, although he is not to be deported to his native country, China.
@1993 Elsevier Science Publishers Ltd