- Email: [email protected]
Operation Sundevil convicts a suspect
May 1992
Operation Sundevil convicts a suspect The US Department of Justice announced the completion of its first prosecution in the Operation Sundevil investigation. Twenty-one year old Robert Chandler pleaded guilty in San Diego federal court to possessing and using 15 access codes in order to make toll-free telephone calls. Chandler faces a maximum penalty of ten years imprisonment although prosecutors will probably recommend probation. Operation Sundevil raids were carried out on 7 and 9 May 1990, and Justice Department officials have received criticism both fortrampling on the First and Fourth Amendment rights of those targeted in the raid, and for the delay in carrying out prosecutlo ts. At the end of last year, Arizona law enforcers convicted two hackers who were swept up in the Sundevil raids, one of whom is still doing time in a halfway house after spending six months in 'shock incarceration'.
Internet board sets SNMP security rules A set of specifications which are under consideration by the Internet Advisory Board, promises to provide security features for Simple Network Management Protocol (SNMP). The specifications are designed to prevent unauthorized personnel from getting hold of the codes that determine access rights to an SNMP management system, or interfering with the SNMP management process. The lack of security reflects the manner in which the original SNMP specification was developed in 1988. "We could not get a consensus from the standards community on howto make it secure, so we made it insecure and got it out the door", said Jeff Case, president of SNMP Research Inc. SNMP security has become particularly important to scientific, government and academic organizations which are frequent users of TCP/IP which SNMP was designed to manage. Although finalization of the specifications is still several months away, a number of vendors have committed to
©1992 Elsevier Science Publishers Ltd
Computer Fraud & Security Bulletin
implementing the protocols in their SNMP systems, including: HP, IBM, DEC, Novell, Ungermann-Bass and Hughes LAN Systems. The security specifications will provide the following features: a data encryption standard-based specification to encrypt messages between the SNMP manager and agent; origin authentication; replay protection and message integrity.
Toronto Stock Exchange brought down A software glitch caused the closure of the Toronto Stock Exchange for four hours after traders noticed dramatic irregularities in quoted shares. One order to buy 20 000 shares in Teck Corp at £17.37 a share appeared on the computer as a bid for 3339 shares at $279.50 a share. The software also failed to print tickets to confirm completed trades, leaving many traders unsure whether their deals had been completed or not. The problems appeared after the TSE changed its software over the weekend to delete the 30 second 'pause and delay' rule, which enabled the traders to delay orders entering the exchange from brokers' offices. Under the old system, partly filled orders that were automatically traded were rare. But the sudden flood of automatic trades caused the program to overwrite some data, such as prices, with incorrect information. The TSE has reverted to functioning under the old rules and software, pending fuller testing of the modified code. Don Unruh, a former TSE vice president who helped to develop the system eight years ago said that the problems run deeper that the recent malfunction. A patchwork of different software and hardware has built up over the years, he said, and he recommended that the whole system be scrapped and a new one developed.
3
Operation Sundevil convicts a suspect The US Department of Justice announced the completion of its first prosecution in the Operation Sundevil investigation. Twenty-one year old Robert Chandler pleaded guilty in San Diego federal court to possessing and using 15 access codes in order to make toll-free telephone calls. Chandler faces a maximum penalty of ten years imprisonment although prosecutors will probably recommend probation. Operation Sundevil raids were carried out on 7 and 9 May 1990, and Justice Department officials have received criticism both fortrampling on the First and Fourth Amendment rights of those targeted in the raid, and for the delay in carrying out prosecutlo ts. At the end of last year, Arizona law enforcers convicted two hackers who were swept up in the Sundevil raids, one of whom is still doing time in a halfway house after spending six months in 'shock incarceration'.
Internet board sets SNMP security rules A set of specifications which are under consideration by the Internet Advisory Board, promises to provide security features for Simple Network Management Protocol (SNMP). The specifications are designed to prevent unauthorized personnel from getting hold of the codes that determine access rights to an SNMP management system, or interfering with the SNMP management process. The lack of security reflects the manner in which the original SNMP specification was developed in 1988. "We could not get a consensus from the standards community on howto make it secure, so we made it insecure and got it out the door", said Jeff Case, president of SNMP Research Inc. SNMP security has become particularly important to scientific, government and academic organizations which are frequent users of TCP/IP which SNMP was designed to manage. Although finalization of the specifications is still several months away, a number of vendors have committed to
©1992 Elsevier Science Publishers Ltd
Computer Fraud & Security Bulletin
implementing the protocols in their SNMP systems, including: HP, IBM, DEC, Novell, Ungermann-Bass and Hughes LAN Systems. The security specifications will provide the following features: a data encryption standard-based specification to encrypt messages between the SNMP manager and agent; origin authentication; replay protection and message integrity.
Toronto Stock Exchange brought down A software glitch caused the closure of the Toronto Stock Exchange for four hours after traders noticed dramatic irregularities in quoted shares. One order to buy 20 000 shares in Teck Corp at £17.37 a share appeared on the computer as a bid for 3339 shares at $279.50 a share. The software also failed to print tickets to confirm completed trades, leaving many traders unsure whether their deals had been completed or not. The problems appeared after the TSE changed its software over the weekend to delete the 30 second 'pause and delay' rule, which enabled the traders to delay orders entering the exchange from brokers' offices. Under the old system, partly filled orders that were automatically traded were rare. But the sudden flood of automatic trades caused the program to overwrite some data, such as prices, with incorrect information. The TSE has reverted to functioning under the old rules and software, pending fuller testing of the modified code. Don Unruh, a former TSE vice president who helped to develop the system eight years ago said that the problems run deeper that the recent malfunction. A patchwork of different software and hardware has built up over the years, he said, and he recommended that the whole system be scrapped and a new one developed.
3