September
Computer Fraud & Security Bulletin
1993
‘Protection failure’ leads to weekend computer system shutdown An American Hospital Association, based in Chicago, Illinois, has been forced to shut its entire computing operation down over a weekend because of the apparent leak of confidential employee data. A list of 42 employees due to be laid-off a week later was left unprotected in a word processing file in a Unix server in the Association’s Human Relations Department. (The Department employee involved, reportedly, did not know how to protect such a file.) Copies of the list subsequently were posted anonymously on bulletin boards throughout the Association’s offices. Most of the affected employees had not been notified officially of the impending layoff. Fearing possible employee retaliation, the Association sent them home for the remainder of the day - which was Friday and combed its system thoroughly over the weekend for possible security violations. Belden Menkus
E-mail protection
program created
Monroe Community College students and their professor have created a program to protect electronic mail. As reported in the Democrat & Chronic/e, debate was stimulated on how secure E-mail is, following two articles in MacWorld. The program takes a plain ASCII format and changes the characters around so that they cannot be read. Each letter in the text code will be encoded separately, therefore in a word with two Es both will have aseparate code letter. Between the time the message is sent and received it is stored in a virtually indecipherable form. The longer the password, the more scrambled the E-mail will become and the more secure the message. The product is currently being tested by two companies in Rochester, New York, USA and the group is drawing up a partnership agreement. They have copyrighted the program and are investigating ways of marketing it, for example including it as premium for a vendor who sells E-mail software.
01993
Elsevier Science Publishers
Ltd
Concern over copyright law proposal The US software industry has expressed its concern over possible modifications to Japanese copyright law, which could make it easier to legally reverse engineer original software, it has been reported in the Nikkei Weekly. The Japanese Agency for Cultural Affairs has set up an advisory committee of academics, lawyers and computer company executives to clarify copyright laws regarding reverse engineering. American industry officials fear that a loosening of the legal definition of reverse engineering will make it easier for companies to copy competitors’ products and will compound the existing piracy problem. Pirated software currently accounts for 92% of software sales in Japan, representing a loss of US$3 billion to the software industry. The Japanese authorities have said that they are only seeking to bring their laws into line with those of other nations and encourage the development of common software standards. The Business Software Alliance (BSA) has joined the fray arguing strongly against the need for any revision of the legal position on reverse engineering and they have initiated an aggressive anti-piracy campaign. In October, the BSA is to organize a seminar in Japan for industry executives to highlight the problem of software piracy. A ‘hot line’ may also be set up to give company employees the opportunity to report copyright violations. Law suits against transgressors are also to be considered.
Further debate over posting viruses From Congress
to the deepest
recesses
of
the underground hacker community, debate is raging over whether electronic bulletin boards should be allowed to post and disseminate virus source code. According to the Lan Times, the debate follows an anonymous complaint about tax money being used for, “unethical, immoral and possibly illegal activities”. The same source has also complained about Kim Clancy, manager of AIS Security and an AIS BBS system operator, who has contacts with the hacker community. Clancy was ordered to remove all hacker files from the AIS BBS, but faced no disciplinary
3