- Email: [email protected]
Random bits & bytes
Computers
& Security,
10 (1991) 586-600
Random Bits & Bytes Dr. Harold Joseph Editor-in-Chief
Public-key
Highland,
Emeritus
Cryptography
T
hc National Institute of Standards and Tcchnology announced this past summer that it would issue a public-key (PK) standard late in 1991. In Scptcmbcr NIST released their proposed Digital Signature Algorithm (DSA). As cxpcctcd they supported the El Gamal scl~cmc of PK cncryption and not the KSA. Public-Key
FIGS
Systems
classical cryptography the emphasis was on sccrccy. The key was kept sccrct and known only to the scndcr and rcceivcr, technically known as a one-key schcmc. The widely used DES is a classical cipher system using the one-key schcmc. hi
the other private (which is kept sccrct). PK systems make it possible to attain both encryption of data and authentication. The RSA, dcvclopcd in 1078 by It L. Rivet, A. Shamir and L. Adlernan, is probably the best known of the PK systems. It is by no means the only one. There arc the Knapsack systems (which have more or less been abandoned bccausc they have been easily broken), the El Gamal signature schcmc proposed by T. El Gamal in 1985, MEMO (MITIE Encrypted Mail Office) system of 1980, the ISDN (Intcgratcd Scrviccs Digital Network) dcvclopcd by Bell-Northern Rcscarch in 1987, and the IS0 Authentication framework proposed in I987 for X.505 networks.
The Current In the modern electronics age the need for authcnticity has rivaled that for secrecy. Classical cncryption methods do not address the riced for authentication. A few rcccnt modifications have been rclcascd to solve that problem but have not been standardized or officially accepted. The need for authentication is more easily solved by the USC of PK cryptographic systems. The conccpt of PK encryption was introduced in 1976 by W. Diffic and M. E. Hclman. Unlike the one-key systems used in classical cryptography PK systems arc two-key or asymmetric systems. With PK systems thcrc is no longer a need for a siqlc sccrc’t key but instead one of the two keys is public and OCotnpulit,
586
Inc., 199 I. All rights
rcm-wd.
Scene
Sclccting the KSA as a standard might have created a problem since that algorithm has been patcntcd. One govcrnmcnt encryption specialist indicated that sclccting IES, which is in public domain, was originally a version of Lucifer, an IBM product. Howcvcr, IBM gave LIP its rights to the program when it was acccptcd as a standard. To muddy the water further thcrc arc reports that the National Security Agency (NSA) has approved
0167-4048/92/$3.50
0 1991, Elsevier Science Publishers
Ltd.
Computers and Security, Vol. 70, No. 7
NIST’s selection of the El Gamal algorithm. It is stated that this was done because NSA felt that it was easier for it to crack that algorithm than the RSA. Here WC go again with the rumors and reports that accompanied the introduction of the DES. Then it was alleged that the wcakcr form of DES with a shorter key was promoted by NSA. Based on our discussions with scvcral sources WC discount NSA’s role in this sclcction. We understand that boards are available in Europe with the RSA or a variation in hardware form. WC now have a combination PK and DES board from Canada which dots PK digital signaturc/authentication via an cnhanccd El Gamal schcmc. The board, produced by Mobius Encryption Tcchnologics of Mississauga, Canada, will bc rcvicwcd in our next column.
Comments about El Gamal In April 1991 NIST rclcased an excellent publication cntitlcd Public-Key Cryptography (NIST Special Publication 800-2) by J ames Nechvatal. It is highly mathematical with 16 appendices covering such items as: l
introduction
l
algorithms
to zero-knowledge and architecture
0 classical theory of computation l
breaking
knapsacks
l
birthday
attacks
l
modular
arithmetic
l
Euclid’s algorithm
and Galois fields
WC include the following quotation from this volume in its explanation of the El Gamal signature sc11c111c.
“ln comparing this scheme to RSA, we note that both employ exponentiation, so that their speeds of encryption/decrypting slrould be comparable. Generating keys in the two methods is similar;jhding appropriate primes is the main step in either. “Security of El Gamal is more dl$,%xdt to assess. The major attack against RSA, i.e. factorization, is a problem which has been studied for centuries. It is safe to say that far less time has been invested in attempts to cryptanalyze the El Gamalscheme. “Cryptanalytically, the last attack (varyins r and s simultaneously) may 1lave a complexity substantially lower than factoring or discrete lo~aritlim; hence security oJ‘E1 Garnal is at best no better than RSA, and possibly mud in$rior, with respect to secrecy oj‘components (it must be emphasized that this is a conservative characterization; it could also turn out that no substantial advantage isgained by varyir;q r and s sirnultancously). “The use of niess‘~‘se-~ep~l~l~t~nt portions of romponents is a plus and minus: it increases bookkeeping and makes it more d@cult filr a hid party to adjudicate a dispute. On the o&r hand, it mayproduce greater security against certain types ofattacks. h j&t tile k above could be cllosen dgerently j& block (font> message.”
Anti-Virus
Programs
‘Sorry but only the products that have been reviewed in depth in this column after an extensive testing or those noted with favorable comments sl~~uld be considered as worthwhile to investigate by our readers-hjli. Bccausc of the long lead time bctwccn our writing this column and its rcccipt by rcadcrs, WC send prepublication e-mail topics to selected readers, some companics and govcrnmcnt agencies with which of the AntiWC work. The copy, “The Maturing Virus Product Market”, which appeared in the 10, Number 5), was sent August issue (Volume
587
H. J. Highland/Random
Bits and Bytes
early in May along with some additional dependent notes to the sclcctcd list.
timc-
In that article WC wrote: “Now big-time marketers have entcrcd this lucrative, growing market. Early in 1991 Tile Norton AntiVirus program and Central Point Anti-Virtis program were introduced. Copies of these programs arc being promoted by large computer rctailcrs and mail order houses in the States at discount prices. This action will probably cncouragc more organizations to USC scan programs because of the familiarity of the producer’s names and the cstablishmcnt of their carlicr u&tics.” Late in June upon our return after dclivcring a kcynote speech at the Computer Security Institute’s Dcnvcr meeting, WC found numerous c-mail notes questioning our recommrnding thcsc products. WC thcrcforc assume that many of the Journal rcadcrs intcrpretcd our comments about “big name” companics as an cndorscmcnt of the products. It was not an cndorscmcnt. We were merely pointing out that anti-viral products are now big business.
longer than 63K bytes and any files containing their own self-checking system. Also when installed the program created BOOT.CPS as a hidden file. Thcrc was no mention of this in the manual, something WC frown upon. WC also noted that the anti-virus program was one developed earlier: “Turbo Anti-Virus”, by Carmcl Software Engineering of Israel. WC rcpcatedly tested this product for more than a year and wcrc not too plcascd with some of its operation. WC used CVIG in sccurc mode with our 1 10 mcgabytc disk; WC‘ aborted scanning after 15 min. A Note from
Dr. Jon David, in preparation of a report that will bc published in a later issue of the Journal, did more cxhaustivc testing. Ncithcr of us is in any way financially involved with any anti-virus product; WC can take an objective view of anti-virus programs’. His e-mail note to us, prcparcd for this column, is included.
Security Products
Received
but Tested
Later
Although WC rcccivcd version 6 of Tire Norton Ufilifkx and version 7 of PC Tools in May, WC had not tested them. We did in June and it did not take long to discover that testing would bc abandoned because of serious weaknesses. l The Norton program had a READ.ME tile that was 35K bytes to supplement the printed manual. The manual was undoubtedly written bcforc the product was fully tcstcd. Also the lack of protection of the Master Boot Record was immediately cvidcnt. Furthermore failure to provide even clcmcntary checksumming made it evident that the program would rely solely on scan proccdurcs, and at best only for those signatures in the program. l PC Tools, WC found, could not protect f&s containing overlays, any .COM
588
any .EXE programs
Dr. David
Directors
Gullible
Gcncral McArthur. in a famous svccch bcforc the U.S. Congress, noted that “old slldicrs ncvcr die, they just fade away”. What happens to old hackers? Well three members of the Legion of Doom have formed a new Tiger team, a security consulting firm known as Comscc Data Security, Inc. The ink on the ncwspapcr pages about their announccmcnt wasn’t cvcn dry yet when a few computer security directors wound up with red facts. At least six cxpcrts acknowledged, according to Michael Alcxandcr of CompterWorld, that they had been conned.
Computers and Security, Vol. 70, No. 7
Dr. Jon David’s Anti-Virus Notes Viruses have been a serious threat for some time, and this threat has evolved into a serious with depressing rapidity. actual problem Pcoplc now recognize the need for (or at least feel obligated to get) anti-virus protection, but often do not know where to turn. IBM offers a scan program which has proven to be excellent in the real world, but this contains none of the fancy fcaturcs offered by many of the commercial “full” anti-virus packages. Until recently, IBM was the only “name” vendor providing virus protection. Now, two well-known companies, Norton (actually, Symantec) and Central Point Software (the PC offer anti-virus products. Tools pcoplc) Although it is somewhat reassuring to have a name behind a product, the success of these companies in the general utility areas no more recommends them to do anti-virus work than being a top brain surgeon recommends one for playing football or being a concert pianist. One can hardly pick up a trade publication these days without finding a picture of Peter Norton, mask and all, announcing his virus protection. Using the package though, one finds it does not come near the quality one associates with, say, Norton Utilities. l For cxamplc, the file change feature (the innoculatc option) crcatcs hundreds of hidden files of length 77 bytes. Because of the way DOS stores these f&s each takes 4K to 8K bytes; it costs disk megabytes. Adding insult to injury, the program ncithcr prevented nor detected changes during my tests of the product. l The “log all virus activity” option produced a log with less than all virus activity. Should you ignore the advice given in “Random Bits and Bytes” time and time again (to wipe
infected files and replace them with clean originals) but instead opt for the automatic rcmovc option, you will discover that the package only removes one virus per pass. With prcvalcnt viruses (such as the Jerusalem) that infect files a hundred times or more, and with each removal pass using the Norton option easily taking more than 10 minutes, you may wish you had paid more attention to what was recommended often in these columns. The Central Point product would not even install easily on my system; it rcpcatcdly hung my system time and time again. It could not be installed until the cache driver was removed from the CONFIG.SYS file. l Furthermore, the file protect fcaturc (immunize) did more than protect many files; it prefrom running! vented them Ironically, PCTOOLS.OVL, a file maintained by an older version of Central Point’s PC Tools (when used in resident mode); changes each time the system is booted or the program is run. This caused the new version of the Central Point package considerable heartache.
0 Processing the same infcctcd diskcttc multiple times (write protected, of course), produced inconsistent results: one virus was called by different names; a second (the Jcrusalcm) was spotted sometimes and other times not. l The automatic removal age was not clean.
feature
of the pack-
Final Note: If you want protection from a “name” vendor, and IBM is not enough for you, you had better learn some new names quickly. (Dr. David’s note about LE3M should not interpreted as an unqualified endorsement the IBM product-hjh.)
bc of
589
H. J. Highland/Random
Bits and Bytes
Comscc had contacted thcnl under an assumed company name. They provided their contacts with a supposed vice president of their company who “was prcparcd to conduct a security audit and needed the information to sell the idea to upper management”. The address to which the information was to bc sent turned out to bc the home of two of Con~scc’s founders. The tclcphonc nunlbcr was the tclcphone company’s test number for a busy signal. The tcchniquc of posing as a prospcctivc customer is sotnctinm used in industry but unfortunately Comscc Data Security violated business ethics by using an actual company’s name. Masquerading as a prospective custonm is a tcchniquc used by hackers to obtain information from employees of a company that might bc useful in pcnctrating the company’s system.
tional, trade seminars?
Security
In this clcctronic communications age with c-mail and the numerous networks and information security publications, arc you intcrcstcd in: l Obtaining abstracts of information security articles that appear in over 190 international trade publications and newspapers? Searching through articles by specific topic! l Having access to current and past issues of items appearing on the Virus-L bulletin board and CEKT’s computer virus alerts? Getting dctailcd information about computer viruses in gcncral or a specific virus or rccolnnlcndations to clirniuatc a particular virus? l Reading the Computer Underground IXgcst? Gaining access to computer underground databases? Looking through The Orange Book or any of the other volun~cs of the Rainbow series? Having an events calendar of professional organiza-
590
vendor
confcrcnccs,
shows
and
l Possessing a personal c-mail mailbox on Internet to access UUnct, BITnct and USEnct worldwide? l Gazing at and/or starching for security product information and rclatcd topics appearing in ISPNcws? Participating in forums that contain topical discussions by industry leaders aud others auditing etc.? Joining on-line conon security, fcrcnccs on specific topics?
Now you can do this and much more on a single bulletin board. National Security Associates, Inc.” offers a comprchensivc and currcut compilation of information on its “On-Line security-specific Inforniatioii Security Service”, ?‘lle Computer Securiry CoflNL'CtioM
Getting
On-Line Information System
and
(CSC).
on the Network
NSAi offers potential users one hour fret to bccomc acquainted with its offerings. WC must congratulate thcni for their cxtcnsivc testing since the turu of the year bccausc cvcn those who have ncvcr had to access a network will find the proccdurc extremely easy. The instructions for the initial access arc and complete. It is ncccssary, howcvcr, to this information and an agrccrncnt number comnunicating with NSAi by telephone, mail.
sirnplc obtain first by fax or
I)uring the sign-on scssiou the user must cntcr the answers to a scrics of questions, including: Full Name, Title, Mailstop, Company Name, Department or Division, Street Address, City, State, Zip Code, Business Tclcpl~onc Number aud FAX Number. Unfortunately at this stage input is
L12Y3.5Oak Law~nPlncc, Hcrndon. VA 2207 I, U.S.A. telephone: + 1 703-758-8333 fax: + 1 703-758-8338 c-mail: tnbrsvcs2 ~incomscc.org
Computers and Security, Vol. IO, No. 7
rcquircd for each answer. We typed a zero (0) where WC did not wish to provide non-existent information; this dcfcct should be correct by the time you read this article. After cntcring these data, the user enters a specific login name he/she will use and a password. CSC offers the user a choice of cithcr a user-selected or a computer-gencratcd password. If the user wishes to select his or her own password, the next screen provides dctailcd information about choosing a password. Once the login name and a password arc selected, the user is disconnected from the network. Now the normal sign-on procedure is used to access the network.
Sign-on
as a User
The next and subsequent times a user signs onto the network the host name remains scsc. After the welcome notice the user enters the name and password sclccted in the initial sign-on. Figure 1 shows the first screen of announcements highlighting the latest changes on the system. The next screen after the user has acccsscd the system is shown in Fig. 2; it contains key articles listed during the past week on the Research Database. It is possible to view any or all of these. The user always has the choice of looking through this database for recent articles or searching by topic. Of course one can ignore the new abstracts and get to the main menu that is shown in Fig. 3. There arc
******************************t*******************?******4*** l ********** l ****i***** ANNOUNCEMENTS *************************************************************
HACKer database is open (for those who have sent their Disclaimers in) See 112 on the Main Menu, then submenu selection X4.
IN-HOUSE ReSEARCH now open.
See t6 on Main Menu.
"GOTCHA" challenge found under 117 on Main Menu.
TUTORIALS
"Quicky" guides to E-mail and Research under t8 on Main Menu.
NEW FORUM SUBJECTS: Tandem Computers / Guardian. DO YOU HAVE A SUBJECT YOU WOULD LIKE OPENED FOR DISCUSSION?
R8 (HELP) option t3 gives explanation of all Main Menu options.
NEW! The File Transfer System (FTS) will be open soon. Send us your best files!
Press ENTER to continue... Fig.
1
591
H. J. HighlandlRandom
Bits and Bytes
18 choices. Help screens are always available. WC strongly recommend downloading the help file during the first session to become familiar with Internet c-mail procedures. What WC particularly liked on CSC was the ability to backtrack at any point merely by pressing the letter q. It was always easy to return to the main menu. Entering any of the menu choices is easy since the system provides help along the way. For example, if a user sclectcd item 5, forums and confcrenccs,
from the main menu, the screen shown in Fig. 4 permits a choice of cithcr topic or a return to the previous menu. Sclccting the forums and calendar of cvcnts option in Fig. 4 would product a new screen shown in Fig 5. Note that a tutorial is available for those not familiar with the system. Material is available under seven diffcrcnt headings.
Costs of the Service CompuScrvc is a gateway to the network, and the user in the continental U.S.A. does not pay any fee for this scrvicc. The user pays only for the local tclcphonc call.
Fig,. 2.
MAIN MENU GENERAL TOPICS: --------------[ll NEW ENTRIES in last 7 days [21 BULLETINS (CERT alerts, Virus-l, etc) C3l IN-THE-NEWS (review 1st screen) [41 FILE TRANSFER SYSTEM [51 FORUMS & CONFERENCES [61 IN-HOUSE ReSEARCH (we do it for you) 171 E-MAIL (No mail waiting)
ReSEARCH (by keyword!) TOPICS: ______________________________ 1141 LIST all DATABASES [151 ReSEARCH any database in 614 [161 VENDOR PRODUCTS
1171 "Gotcha!" HELP h MAINTENANCE: __-_______-___-__-[El HELP (Main Menu, Tutorials and other detailed Help) 191 FEEDBACK Cl01 Change PASSWORD and TERMINAL TYPE [ill CSC ANNOUNCEMENTS and SCHEDULES [121 CSC INFO (Agreements, policies, Q&A, prices) [Gloodbye - LOGOFF CSC Select option from above by number! Fig.3
592
Computers and Security, Vol.
70, No.
7
COMPUTER SECURITY CONNECTION FORUMS Board #0 (TOP) Last Msg 8'464 Manager: SYSOP ___---___----___--__~~--~~~~--~~~~--~~~~~-~~~~~--~~~~-~~~~~-~~~~~-~~~~~~~~~~~~ Please use the tutorial if you are not familiar with this area. l+ 2 3 4 5 6 :
+ + + + + + +
CSC Forum Tutorial + Computer Crime + Disaster Recovery + Virus Discussion Forum + Computer Security + Communication Security + EDP Auditing + Calendar of Events +
Fig. 5.
Access cost to the system is U.S. $12.50 per hour with an initial registration fee of U.S. $30.00. It is possible to have multiple users within a company on a single account with a single billing to the corporation. Outside the continental U.S.A. there is a U.S. $4.00 surcharge by CompuServe for access from Canada, Alaska, Hawaii and Puerto Rico. All users outside the areas mentioned should communicate with their local PTT which will provide access and issue invoices for that connection.
Virus Simulations Most recipients arc as intringucd as Dave Powell, Senior Editor of Networking Management, when they get a promotion letter for Virus Clean3 along with a disk of demonstration programs dcsigncd to illustrate the catastrophic effects of several viruses. Dave Powell wrote his reactions to the demo disk in his “The Editor’s Notes”. WC have repeatedly rcccived rcqucsts from corporate security training specialists for two or three sample viruses they can use in their awareness and
jThis program by Joe Hirstwillbc revicwcd in thiscolutnn in a fururcissueoftheJournal.
training programs. Naturally WC‘have not shipped any live virus to them. Now thcrc is a chance to obtain a demonstration disk. For years in our lectures as part of the ACM Lectureship Program and in our virus seminars WC have included demonstrations of viruses in action. The audicnccs loved it since many had little or no direct cxperiencc with a virus attack. It did require our using a floppy disk microcomputer system with one virus per disk and a cold reboot after a two to three minute wait. For the past year WC have been using the same disk that Dave Powell rcccivcd. It is the Virus Simulation Suite written by Jot Hirst4. These non-infecting virus programs simulate the visual and aural effects of some of the PC viruses. The disk contains a total of 17 programs to illustrate nine viruses which include two versions of the Jerusalem virus. The complete set of programs
4Hritish Computer Virus &scarch Ccntre, 12 Guildford Street, Brighton, East Sussex, UN1 3LS, U.K. Tel: + 44-273-26105. Fax: + 44-273-023700. BBS: + 44-273-609720. In the U.S.A. communicate with Computer Consulting Group, 1 130 Old Highway 90 South, Ashland, OK 97520. Tel: 503-488-3237. There is a small fee for duplicating righted freeware disk.
and shipping
of this copy-
593
H. J. Highland/Random
currently
consists of. Syslock (2) (Advent) virus (tune and display) Cascade virus (standard activation) Cascade virus (display only) Devil’s 11ancc virus Devil’s Dance virus (single shot display) Denzuk virus (single shot display) Jerusalem (2) (Fu Manchu) virus Jcrusalcm (2) (Fu M an&u) virus (single shot display) Jcrusalcm (2) (Fu M an&u) virus (cc’nsorcd) Italian virus (standard activation) Italian virus (display only) Jerusalem (1) virus Music virus Music virus (minimum delay) Yankee Doodle virus (standard activation) Yankee Doodle virus (tune only)
ADVN-SIM.COM CASC-SIM.COM CSC-SIMX.COM DDAN-SIM.COM DDN-SIMD.COM DENZ-SIM COM FUMN-SIM.COM FUM-SIMD COM FUM-SIMX.COM ITAL-SIM .COM ITL-SIMX.COM JEW-SIM.COM OROP-SIM .COM ORO-SIMX.COM YANK-SIM .COM YNK-SIMX.COM
Program
Bits and Bytes
Execution
and Control Special
All of the programs check their own length bcforc cxccuting, and perform a checksum test for corruption. If cithcr of thcsc tests fail the program will refuse to cxccutc. Many of the virus simulation programs arc TSRs. The user is warned to rcmovc the program from memory by the (ALT)( -) key combination. Some of the programs have a programmable builtin delay permitting the user to sclcct a numeric parameter bctwccn 1 and 30 inclusive. The number represents the delay in minutes before displaying the simulation cffcct. Furthcrmorc the simulation in many casts can be switched off, and the delay reset with the (ALT)( + ) key combination. The ( + ) and ( - ) keys arc the gray keys on the numeric keypad. For kcyboards without numeric keypads, alternative key combinations can bc used. The disk includes simulated.
594
a brief description
of each virus
Warning
Dave Powell when “playing with virus& disconncctcd his corn utcr from the network; a proccdurc WC hig P11y rccommcnd. Hc made the mistake of not deactivating the viruses bcforc he left the disk and rcturncd to DOS. When hc started using his word processor, “the devil danced, my article crumbled down the screen, and Margaret Thatcher once more received heaps of verbal abuse”. If you get a copy of this simulation disk, pleuse deactivate each virus after it has been demonstrated. It is lots of fun to have many in memory to do their dirty work. WC do this at lectures, burr WC shut off the machine to clear the viruses out of 111c1110ry.
Faulty Software-Not
a Virus
Late in June and early in July, U.S. t&phone nets wcrc struck with massive shutdowns. Local tclcphone services in the Washington, DC-Baltimore-northern Virginia arca went down
Computers and Security, Vol. IO, No. 7
simultaneously with the Los Angclcs area in California. San Francisco and Pittsburgh wcrc also hit. Mom than 10 million telephone users (including networks and computers) were without communication facilities for six to nine hours. Immediately some members of the press and television wcrc out for a good story-a computer virus strikes tclcphone company. A few reports were from industry security published with quotes experts indicating that a virus could do the dama c. When WC wcrc called WC told reporters that t1 c chances of a virus being rcsponsiblc was one in a million. WC believed that since the same software was used in thcsc diffcrcnt areas, it was most likely to be a bug in a program. We recalled the time a number of years ago when a rocket, valued at scvcral millions of dollars with its payload, had to be dcstroycd immcdiatcly after takeoff. The post mortem found that a grammatical error, a comma used in place of a period in a command lint, made either in writing the program or data entry had caused the rocket to veer off course. DSC Communications Corporation of Plano, Texas, the writers of the AT&T software, were able to replicate the breakdown in the laboratory. At a Congressional hearing on this disaster, the company noted that the problem had been traced to a recent upgrade in its software which had not been thoroughly tcstcd for hidden flaws. Comprchcnsive program testing appears to bc going the way of the old sailing boats. Even high tech cornpanics arc rushing new and improved vcrsions to market without lengthy, exhaustive testing. Yet WC know the problem well. In 1961 WC wrote
a series of 26 statistical programs for analysis, which LBM added to the users library and distributed to universities and busincsscs. Marc than 900 sets of programs were shipped and presumably used. Fifteen years later when our wife
decided to use thcsc programs statistics. we found a bug.
in her teaching
of
Maybe living with a computer nut taught her never to accept computer output. She calculated all output with paper and pencil. One program produced an answer that failed to match after the second decimal place. Reluctantly WC’checked her penciland-paper calculations and found that she was correct. Wc traced the error to the use of a plus sign instcad of a minus sign in the correction factor in one equation. Maybe the original printout, when the program was prcparcd by LBM, was smudged. The data entry clerk used + and not - in preparing the program, and we _f&ikd to dctcct the substitution in our proofreading.
Items in the News As we browse through the many publications WC‘ rcccive and the articles which our fortner Managing Editor clips for us from a myriad of magazines and newspapers, we conic across intcrcsting items. Some are brief four or five hnc fillers; others are lengthy, somctimcs technically detailed, pieces. We like to share some of these with our readers. Some arc bright spots for the day and others arc food for thought. l Computer Virlrses Near 1000: Professor l)r. Klaus Brunnstcin of the Department of Informatics at the University of Hamburg (Germany) announced in the mid-summer that the number of DOS computer viruses has hit a new milestone. His report, “Index of Known Malicious Software: MsDos with the cooperation of Systems”, was prepared David Chess, Yisracl Radai, Alan Solomon, Padgett Pctcrson and others.
Hc was deeply now: l 120 virus families:
deprcsscd
families
to report
(strains)
with
that there
59 more
arc
sub-
H. J. Highland/Random
with 744 viruses, variants
Bits and Bytes
and clones
we bc guided by the programs, products and procedures that arc in common use in companies in their fields.
viruses
At first it appeared to be sound advice. But both speakers emphasized that industy practice must be the foundation for a company’s program. They repeatedly noted that collcctivc industry judgment was the route to go, recommending a “do not rock the boat” policy. Their conclusion was that a sccurity program should be based on concurrence and acceptance in an industry.
plus 7 trojans, and 228 single (non-strain) plus 19 trojans The good doctor, after releasing his report, left for a month on a sailing trip on his schooner, the “Arcthusa”, which is a small replica of “Blucnosc”. l Security Note: Going through our e-mail recently WC found a note from Robert Sladc of the Vancouver Institute for Rcscarch in User Security. In it he added Richard’s 2nd Law ofData Security:
“If you buy a computer,
don’t turn it on!”
Can’t remember Richard’s 1st Law; will know when WC hear from Robert.
let you
l Freedom
ofinj&mation, U.S.A.: One of our favorite magazines, 2600: The Hacker Quarterly, contained an interesting tidbit. TRW, a credit information scrvice, offers individuals a chance to subscribe so that they can learn what their credit information contains and who has made inquiries about them. (We have had about five solicitations for this scrvicc in the past six months.)
To get information about the service, according to 2600, TRW uses a 900 number; there is a fee for calling that number and that fee is added to the caller’s tclcphonc bill. A subscriber interested in obtaining a FAX copy of a his/her credit report is charged $15.00 ($25.00 if it is sent overnight) or $2.00 for the first minute (and $1.00 for each additional minute) to have the credit report read over the phone. This practice got the hackers upset as it has many others. l Follow the Herd: We read two speeches in recent sets of confcrcncc proceedings where the authors, in explaining the setting up and evaluation of a corporate computer security policy, suggested that
596
It is, of course, prudent to learn what others arc doing. Following others is often the easiest thing to do; after all there is safety in numbers. But is that the system your company really needs? WC can learn from others but do we have to follow their mistakes? l End r?f‘arz Era: The Free Software Foundation in Cambridge, MA, is a group that believes in the programmer’s utopia, a world in which all programs and information are freely exchanged. They permitted anyone to access their bull&n board and download anything they liked.
That era is now ended. It seems that hackers rcpcatcdly destroyed files. It was also felt that network vandals used their system to attack other computer systems. They have now locked their system. The foundation was started by Richard Stalhnan who has championed the free exchange of programs and ideas to encourage programmers in their development. An entire community exists which believes in this free exchange and will regret the passing of the Free Foundation’s free access. We talked with some of our friends in the security field, particularly one who is a terrorism specialist. He raised an interesting question. Under totalitarian governments, thcrc are often unofficial death squads to climinatc the opposition. Could this attack have been planned and perpetrated by a “right wing” hit squad?
Computers and Security, Vol. IO, No. 7
NTIS Volumes of Interest The National Technical Information Service (NTIS) is a self-supporting agency of the U.S. Department of Commerce. It provides access to the results of both U.S. and foreign governmcnt-sponsorcd research and development and engineering activities. For copies of any of the publications WC consider of intcrcst to computer security directors and personnel, you can communicate with: U.S. Department of Commcrcc National Technical Information 5285 Port Royal Road Springfield, VA 22 16 1 Orders: Telex:
Service
+ 1 703 487-4650 89-9405 or 646 17 Fax: + 1 703 32 l-8547
Methodologyfor Analysing Human and ComputerRelated Issues in Secure Systems J. E. Dobson, Newcastle upon Tync University (U.K.), March 1990,22 pp. TRS-307, PB91120774/‘WCC.
The paper describes work being carried out at the Universities of Newcastle and York which is developing conceptual and logical models of nonfunctional requirements such as “security”, whose meaning derives from the organizational cnvironmcnt of a computer system. The work brings together two novel approaches to the problem of deciding whcthcr or not a system is “secure”: (i) a recently-developed framework based on modelling principles for evaluating enterprise whether a system is fit for its purpose in some given organizational context; and (ii) a logic based on speech act theory for evaluating the conversation structures in which the term “secure” is defined and ascribed as a property of a computing system.
SRI International:Improving the Security ofYour UNLX System E. Roback and D. A. Curry, National Inst. of Standards and Technology, Gaithersburg, MD, November 1990,57 pp., NISTIR-4453. The report provides various suggestions for improving the security of those systems operating under the UNIX operating system. Following an introduction explaining the rising concern for security, specific techniques arc discussed for protecting account security, network security, and file system security, User responsibilities are included. Mechanisms available to system operators to monitor security arc also resented. There is also an ovcrvicw of the wealt L of sofrwarc that has been developed to improve UNIX systems, much of which is freely available; sources for obtaining this software arc included. Finally the document includes reference sources, such as where to obtain the latest information about problems, suggested reading, and a security checklist. Comparison of Password Techniques M. G. Bcedenbcnder, Naval Postgraduate School, Montcrcy, CA, March 1990, 85 pp., XN-NPS, AD-A226 597/3/‘WCC. Passwords arc normally composed of a meaningful detail, such as the name of a person or a sequence of numbers such as a birth date. Any person attempting to gain unauthorized access to a system might need only to look at a personnel record or associate with the person holding the desired password in order to discover the password. Therefore, there is a compromise between user memorability and security of a system. Exploration into other methods of user authentication and access control is desired to discover a better altcrnativc to the traditional password system. The alternatives arc system-generated passwords, pronounceable passwords, passphrascs, cognitive passwords and authentication by word association. Thcsc methods arc discussed and cxamincd. The results from this study show that cognitive passwords and authentication by word association arc superior to other methods in access control.
597
H. J. Highland/Random
Bits and Bytes
Proceedings oj‘the Fourth IFII-’ WG 11.3 Works/lop on Database Security Held in Halgax, U.K., on 18-21 September I 990 Johns Hopkins University, Laurel, MD, Chemical Propulsion Information Agency, 2 1 September 1990,399 pp. Partial Contents: Computer Security in a Clinical Environment; Mental Health II&very, A Multilcvcl Formal Specification of a Mental Health Care Database; Discretionary Access Control in Objcctoriented Databases; Multilcvcl Security for Multimedia Database Systems; A Trusted Basis for Database Controls; Separation of Duties in Information Systems; Shared Sensitivity Labels; Update Semantics for a Multilevel Relational Database; Database, Aggregation, and Security Algebra; A Research and Dcvclopmcnt Program for Trusted Distributed Database Systems. Riblic;qraplry cfSclected Computer Security Publications, January lB(tOctober 1989 R. Turn and L. E. Bassham, National Inst. of Standards and Technology (NCSL), Gaithcrsburg, MI), Dcccmbcr 1990, 220 pp., NIST/SP-800/l. The bibliography cites sclectcd books and articles on computer security published from January 1980 through October 1989. To have been selected, an article had to bc substantial in content to have been published in professional or technical iournals, magazines or conference proceedings. Only very substantial articles from the Douular or trade Dress wcrc included. English IaAg;age articles hom foreign journals were also included. The citations are listed under nine categories. A tenth category of prc- 1980 publications is also provided, as well as an appendix containing addresses of all journals and magazines referenced in the bibliography. I
1
CERTS;A Comparative Evaluation Methodjh Management Methodologies and Tools W. M. Garrabrants and A. W. Ellis, Naval Postgraduate School, Monterey, CA, March 12 1 pp., AD-A229 021/5AVCC.
598
J
Risk
1990,
This thesis dcvclops a comparative evaluation method for computer security risk management methodologies and tools. The subjective biases inhcrcnt in current comparison practices arc rcduccd by measuring unique characteristics of computer security risk managcmcnt mcthodologics. Standard&cd criteria are cstablishcd and described by attributes which in turn arc defined by metrics tlrat measure the characteristics. The suitability of a method or tool to a particular organization can then bc analyzed objectively. Additionally, the evaluation method facilitates the comparison of methodologies and tools with each other. As a demonstration of its effcctivcncss, the method is applied to four distinct risk management mcthodologics and four risk management tools. Alternative models for utilizing the evaluation method arc presented as well as possible directions for their application. Without an adcquatc means of comparing and evaluating risk management decision-making mcthodologics, the sclcction of a risk management method or tool bccomcs arbimaking inappropriate sclcctrary and capricious, tions more likely. Selection of an inappropriate method or tool could lead to excessive costs, misdirected efforts and the loss of assets. The systcmatic and standard comparison method developed in this thesis resolves this problem. Network Stability under Viral Attack-A Game Entitled “God and the Devil” S. C. Gicss, Royal Signals and Radar Establishment, Malvcrn (U.K.), July 1990, 23 pp., RSRE-MEMO4405, DRIC-BR-115 188, AD-A229 274/6/WCC. The problem of viral attacks on communications networks is cxplorcd with an emphasis on the time taken for network recovery. The problem is studied by means of a garnc which allows for different initial states of the network followed by state evolution according to a fixed rule-set. It is found that only a small percentage of nodes in the network need bc equipped with countcrmcasurc software for a near-asymptotic recovery time to bc achieved.
Computers and Security, Vol. 70, No. 7
Secure resource management: Speci$iy and testing secure operating systems M. Archer, D. A. Frincke and K. Levitt, Lawrence Livermore National Lab., CA, 10 April 1990, 76 pp., UCRL-CR- 105098, DE9 100713WWCC.
planning, specialized to achieve goals concerned with information flow. The tools are dcmonstratcd with respect to a simple operating system specification developed by Millen.
Much work has been devoted to developing spccifications for an operating system that arc vex&cd to be secure. Before the verification is attempted, the specifications should be tested. This paper presents tools that can assist in the security testing of spccifications.
Data and Information Integrity in a Distributed Environment D.C. Abcrnethy, Air War College, Maxwell AFB, AL, May 1990,50 pp., AD-A229 949/3/‘WCC.
The first tool is based on the Final Algebra Spccification and Execution (FASE) system and would be used to test specifications with real input values. FASE is an executable specification language which is operational in style, in which entities arc rcprescntcd in terms of their observable behavior. To facilitate the testing of an operating system (and its spcciflcation) we have specified a Secure Resource Manager (SRM), a generic template of an operating system. The SRM specification can be spccializcd to a specification of a particular operating system; the SRM is quite general and handles most fcaturcs of modern nondistributcd operating systems. The second tool, the PLANNER, is used to derive a scquencc of operations that exhibit a security flaw, most often a covert channel for information flow. The PLANNER is based on classical methods of AI
The author notes that the 1990s will bc the era of Information Management in Computer Processing. Information Management demands the integrity of data and information that is processed and handled. “As we move into this new age, WC arc losing the ability to ensure integrity in a distributed proccssing environment. This is due in part to the proliferation of terminals, workstations and the advent of networking as we move from a ccntralizcd approach to data processing and databasing.” Integrity, the author explains, is more than a security issue. It cncompasscs accuracy, correctness and validity of data. Database dcvclopmcnt, database management systems, networking of terminals and systems, and the distributed cnvironmcnt of software and information compound the integrity concerns. “Until WC rccognizc that information is our most precious resource, WC will ignore the importance of integri concerns and their impact on the computer worl a;.”
599
H. J. Highland/Random
Bits and Bytes
Professor Harold Joseph Highland, FICS is Managing Director of Compulit, Inc. (Elmont, NY, U.S.A.) and heads its Microcomputer Security Laboratory. He is Chairman of IFIP/ WIG1 1.8 on information security education and training and is also an Associate of the Information Security Research Centre of Queensland University of Technology (Brisbane, Australia). He retired a decade ago as Distinguished Professor University of New York. He is also the founding Editor-in-Chief Emeritus of Cotnpu~ea GSecurity. In addition in Cowptrn writes:
of the State editor and
to his “Random Bits & Bytes” column that appears G Security and other writings, Professor Highland
l a column for CVIG AJcws, a monthly publication of the Computer Virus Information Group of the Information Sccurity Research Centrc of Queensland University of Technology, Brisbane, Australia, and
0 an electronic mation security
newsletter on computer security bulletin board in the States.
for an infor-
Professor Highland is counsel to the Computer Security Technical Committee of the Chinese Computer Federation (Beijing, PKC) and to other government agencies in the U.S.A. and abroad. Hc serves as the Public Information Officer of the International Federation for Information Processing’s Technical Committee 1 1 on information security. A Fellow of the Irish Computer Society, Professor Highland is also a member of the Association for Computing (ACM), the LEEE’s Computer Society, the New York Academy of Sciences, Am&can Association for the Advancement of Science, Computer Professionals for Social Responsibility and the Society for lrrcproducible Kcsults.
600
& Security,
10 (1991) 586-600
Random Bits & Bytes Dr. Harold Joseph Editor-in-Chief
Public-key
Highland,
Emeritus
Cryptography
T
hc National Institute of Standards and Tcchnology announced this past summer that it would issue a public-key (PK) standard late in 1991. In Scptcmbcr NIST released their proposed Digital Signature Algorithm (DSA). As cxpcctcd they supported the El Gamal scl~cmc of PK cncryption and not the KSA. Public-Key
FIGS
Systems
classical cryptography the emphasis was on sccrccy. The key was kept sccrct and known only to the scndcr and rcceivcr, technically known as a one-key schcmc. The widely used DES is a classical cipher system using the one-key schcmc. hi
the other private (which is kept sccrct). PK systems make it possible to attain both encryption of data and authentication. The RSA, dcvclopcd in 1078 by It L. Rivet, A. Shamir and L. Adlernan, is probably the best known of the PK systems. It is by no means the only one. There arc the Knapsack systems (which have more or less been abandoned bccausc they have been easily broken), the El Gamal signature schcmc proposed by T. El Gamal in 1985, MEMO (MITIE Encrypted Mail Office) system of 1980, the ISDN (Intcgratcd Scrviccs Digital Network) dcvclopcd by Bell-Northern Rcscarch in 1987, and the IS0 Authentication framework proposed in I987 for X.505 networks.
The Current In the modern electronics age the need for authcnticity has rivaled that for secrecy. Classical cncryption methods do not address the riced for authentication. A few rcccnt modifications have been rclcascd to solve that problem but have not been standardized or officially accepted. The need for authentication is more easily solved by the USC of PK cryptographic systems. The conccpt of PK encryption was introduced in 1976 by W. Diffic and M. E. Hclman. Unlike the one-key systems used in classical cryptography PK systems arc two-key or asymmetric systems. With PK systems thcrc is no longer a need for a siqlc sccrc’t key but instead one of the two keys is public and OCotnpulit,
586
Inc., 199 I. All rights
rcm-wd.
Scene
Sclccting the KSA as a standard might have created a problem since that algorithm has been patcntcd. One govcrnmcnt encryption specialist indicated that sclccting I
0167-4048/92/$3.50
0 1991, Elsevier Science Publishers
Ltd.
Computers and Security, Vol. 70, No. 7
NIST’s selection of the El Gamal algorithm. It is stated that this was done because NSA felt that it was easier for it to crack that algorithm than the RSA. Here WC go again with the rumors and reports that accompanied the introduction of the DES. Then it was alleged that the wcakcr form of DES with a shorter key was promoted by NSA. Based on our discussions with scvcral sources WC discount NSA’s role in this sclcction. We understand that boards are available in Europe with the RSA or a variation in hardware form. WC now have a combination PK and DES board from Canada which dots PK digital signaturc/authentication via an cnhanccd El Gamal schcmc. The board, produced by Mobius Encryption Tcchnologics of Mississauga, Canada, will bc rcvicwcd in our next column.
Comments about El Gamal In April 1991 NIST rclcased an excellent publication cntitlcd Public-Key Cryptography (NIST Special Publication 800-2) by J ames Nechvatal. It is highly mathematical with 16 appendices covering such items as: l
introduction
l
algorithms
to zero-knowledge and architecture
0 classical theory of computation l
breaking
knapsacks
l
birthday
attacks
l
modular
arithmetic
l
Euclid’s algorithm
and Galois fields
WC include the following quotation from this volume in its explanation of the El Gamal signature sc11c111c.
“ln comparing this scheme to RSA, we note that both employ exponentiation, so that their speeds of encryption/decrypting slrould be comparable. Generating keys in the two methods is similar;jhding appropriate primes is the main step in either. “Security of El Gamal is more dl$,%xdt to assess. The major attack against RSA, i.e. factorization, is a problem which has been studied for centuries. It is safe to say that far less time has been invested in attempts to cryptanalyze the El Gamalscheme. “Cryptanalytically, the last attack (varyins r and s simultaneously) may 1lave a complexity substantially lower than factoring or discrete lo~aritlim; hence security oJ‘E1 Garnal is at best no better than RSA, and possibly mud in$rior, with respect to secrecy oj‘components (it must be emphasized that this is a conservative characterization; it could also turn out that no substantial advantage isgained by varyir;q r and s sirnultancously). “The use of niess‘~‘se-~ep~l~l~t~nt portions of romponents is a plus and minus: it increases bookkeeping and makes it more d@cult filr a hid party to adjudicate a dispute. On the o&r hand, it mayproduce greater security against certain types ofattacks. h j&t tile k above could be cllosen dgerently j& block (font> message.”
Anti-Virus
Programs
‘Sorry but only the products that have been reviewed in depth in this column after an extensive testing or those noted with favorable comments sl~~uld be considered as worthwhile to investigate by our readers-hjli. Bccausc of the long lead time bctwccn our writing this column and its rcccipt by rcadcrs, WC send prepublication e-mail topics to selected readers, some companics and govcrnmcnt agencies with which of the AntiWC work. The copy, “The Maturing Virus Product Market”, which appeared in the 10, Number 5), was sent August issue (Volume
587
H. J. Highland/Random
Bits and Bytes
early in May along with some additional dependent notes to the sclcctcd list.
timc-
In that article WC wrote: “Now big-time marketers have entcrcd this lucrative, growing market. Early in 1991 Tile Norton AntiVirus program and Central Point Anti-Virtis program were introduced. Copies of these programs arc being promoted by large computer rctailcrs and mail order houses in the States at discount prices. This action will probably cncouragc more organizations to USC scan programs because of the familiarity of the producer’s names and the cstablishmcnt of their carlicr u&tics.” Late in June upon our return after dclivcring a kcynote speech at the Computer Security Institute’s Dcnvcr meeting, WC found numerous c-mail notes questioning our recommrnding thcsc products. WC thcrcforc assume that many of the Journal rcadcrs intcrpretcd our comments about “big name” companics as an cndorscmcnt of the products. It was not an cndorscmcnt. We were merely pointing out that anti-viral products are now big business.
longer than 63K bytes and any files containing their own self-checking system. Also when installed the program created BOOT.CPS as a hidden file. Thcrc was no mention of this in the manual, something WC frown upon. WC also noted that the anti-virus program was one developed earlier: “Turbo Anti-Virus”, by Carmcl Software Engineering of Israel. WC rcpcatedly tested this product for more than a year and wcrc not too plcascd with some of its operation. WC used CVIG in sccurc mode with our 1 10 mcgabytc disk; WC‘ aborted scanning after 15 min. A Note from
Dr. Jon David, in preparation of a report that will bc published in a later issue of the Journal, did more cxhaustivc testing. Ncithcr of us is in any way financially involved with any anti-virus product; WC can take an objective view of anti-virus programs’. His e-mail note to us, prcparcd for this column, is included.
Security Products
Received
but Tested
Later
Although WC rcccivcd version 6 of Tire Norton Ufilifkx and version 7 of PC Tools in May, WC had not tested them. We did in June and it did not take long to discover that testing would bc abandoned because of serious weaknesses. l The Norton program had a READ.ME tile that was 35K bytes to supplement the printed manual. The manual was undoubtedly written bcforc the product was fully tcstcd. Also the lack of protection of the Master Boot Record was immediately cvidcnt. Furthermore failure to provide even clcmcntary checksumming made it evident that the program would rely solely on scan proccdurcs, and at best only for those signatures in the program. l PC Tools, WC found, could not protect f&s containing overlays, any .COM
588
any .EXE programs
Dr. David
Directors
Gullible
Gcncral McArthur. in a famous svccch bcforc the U.S. Congress, noted that “old slldicrs ncvcr die, they just fade away”. What happens to old hackers? Well three members of the Legion of Doom have formed a new Tiger team, a security consulting firm known as Comscc Data Security, Inc. The ink on the ncwspapcr pages about their announccmcnt wasn’t cvcn dry yet when a few computer security directors wound up with red facts. At least six cxpcrts acknowledged, according to Michael Alcxandcr of CompterWorld, that they had been conned.
Computers and Security, Vol. 70, No. 7
Dr. Jon David’s Anti-Virus Notes Viruses have been a serious threat for some time, and this threat has evolved into a serious with depressing rapidity. actual problem Pcoplc now recognize the need for (or at least feel obligated to get) anti-virus protection, but often do not know where to turn. IBM offers a scan program which has proven to be excellent in the real world, but this contains none of the fancy fcaturcs offered by many of the commercial “full” anti-virus packages. Until recently, IBM was the only “name” vendor providing virus protection. Now, two well-known companies, Norton (actually, Symantec) and Central Point Software (the PC offer anti-virus products. Tools pcoplc) Although it is somewhat reassuring to have a name behind a product, the success of these companies in the general utility areas no more recommends them to do anti-virus work than being a top brain surgeon recommends one for playing football or being a concert pianist. One can hardly pick up a trade publication these days without finding a picture of Peter Norton, mask and all, announcing his virus protection. Using the package though, one finds it does not come near the quality one associates with, say, Norton Utilities. l For cxamplc, the file change feature (the innoculatc option) crcatcs hundreds of hidden files of length 77 bytes. Because of the way DOS stores these f&s each takes 4K to 8K bytes; it costs disk megabytes. Adding insult to injury, the program ncithcr prevented nor detected changes during my tests of the product. l The “log all virus activity” option produced a log with less than all virus activity. Should you ignore the advice given in “Random Bits and Bytes” time and time again (to wipe
infected files and replace them with clean originals) but instead opt for the automatic rcmovc option, you will discover that the package only removes one virus per pass. With prcvalcnt viruses (such as the Jerusalem) that infect files a hundred times or more, and with each removal pass using the Norton option easily taking more than 10 minutes, you may wish you had paid more attention to what was recommended often in these columns. The Central Point product would not even install easily on my system; it rcpcatcdly hung my system time and time again. It could not be installed until the cache driver was removed from the CONFIG.SYS file. l Furthermore, the file protect fcaturc (immunize) did more than protect many files; it prefrom running! vented them Ironically, PCTOOLS.OVL, a file maintained by an older version of Central Point’s PC Tools (when used in resident mode); changes each time the system is booted or the program is run. This caused the new version of the Central Point package considerable heartache.
0 Processing the same infcctcd diskcttc multiple times (write protected, of course), produced inconsistent results: one virus was called by different names; a second (the Jcrusalcm) was spotted sometimes and other times not. l The automatic removal age was not clean.
feature
of the pack-
Final Note: If you want protection from a “name” vendor, and IBM is not enough for you, you had better learn some new names quickly. (Dr. David’s note about LE3M should not interpreted as an unqualified endorsement the IBM product-hjh.)
bc of
589
H. J. Highland/Random
Bits and Bytes
Comscc had contacted thcnl under an assumed company name. They provided their contacts with a supposed vice president of their company who “was prcparcd to conduct a security audit and needed the information to sell the idea to upper management”. The address to which the information was to bc sent turned out to bc the home of two of Con~scc’s founders. The tclcphonc nunlbcr was the tclcphone company’s test number for a busy signal. The tcchniquc of posing as a prospcctivc customer is sotnctinm used in industry but unfortunately Comscc Data Security violated business ethics by using an actual company’s name. Masquerading as a prospective custonm is a tcchniquc used by hackers to obtain information from employees of a company that might bc useful in pcnctrating the company’s system.
tional, trade seminars?
Security
In this clcctronic communications age with c-mail and the numerous networks and information security publications, arc you intcrcstcd in: l Obtaining abstracts of information security articles that appear in over 190 international trade publications and newspapers? Searching through articles by specific topic! l Having access to current and past issues of items appearing on the Virus-L bulletin board and CEKT’s computer virus alerts? Getting dctailcd information about computer viruses in gcncral or a specific virus or rccolnnlcndations to clirniuatc a particular virus? l Reading the Computer Underground IXgcst? Gaining access to computer underground databases? Looking through The Orange Book or any of the other volun~cs of the Rainbow series? Having an events calendar of professional organiza-
590
vendor
confcrcnccs,
shows
and
l Possessing a personal c-mail mailbox on Internet to access UUnct, BITnct and USEnct worldwide? l Gazing at and/or starching for security product information and rclatcd topics appearing in ISPNcws? Participating in forums that contain topical discussions by industry leaders aud others auditing etc.? Joining on-line conon security, fcrcnccs on specific topics?
Now you can do this and much more on a single bulletin board. National Security Associates, Inc.” offers a comprchensivc and currcut compilation of information on its “On-Line security-specific Inforniatioii Security Service”, ?‘lle Computer Securiry CoflNL'CtioM
Getting
On-Line Information System
and
(CSC).
on the Network
NSAi offers potential users one hour fret to bccomc acquainted with its offerings. WC must congratulate thcni for their cxtcnsivc testing since the turu of the year bccausc cvcn those who have ncvcr had to access a network will find the proccdurc extremely easy. The instructions for the initial access arc and complete. It is ncccssary, howcvcr, to this information and an agrccrncnt number comnunicating with NSAi by telephone, mail.
sirnplc obtain first by fax or
I)uring the sign-on scssiou the user must cntcr the answers to a scrics of questions, including: Full Name, Title, Mailstop, Company Name, Department or Division, Street Address, City, State, Zip Code, Business Tclcpl~onc Number aud FAX Number. Unfortunately at this stage input is
L12Y3.5Oak Law~nPlncc, Hcrndon. VA 2207 I, U.S.A. telephone: + 1 703-758-8333 fax: + 1 703-758-8338 c-mail: tnbrsvcs2 ~incomscc.org
Computers and Security, Vol. IO, No. 7
rcquircd for each answer. We typed a zero (0) where WC did not wish to provide non-existent information; this dcfcct should be correct by the time you read this article. After cntcring these data, the user enters a specific login name he/she will use and a password. CSC offers the user a choice of cithcr a user-selected or a computer-gencratcd password. If the user wishes to select his or her own password, the next screen provides dctailcd information about choosing a password. Once the login name and a password arc selected, the user is disconnected from the network. Now the normal sign-on procedure is used to access the network.
Sign-on
as a User
The next and subsequent times a user signs onto the network the host name remains scsc. After the welcome notice the user enters the name and password sclccted in the initial sign-on. Figure 1 shows the first screen of announcements highlighting the latest changes on the system. The next screen after the user has acccsscd the system is shown in Fig. 2; it contains key articles listed during the past week on the Research Database. It is possible to view any or all of these. The user always has the choice of looking through this database for recent articles or searching by topic. Of course one can ignore the new abstracts and get to the main menu that is shown in Fig. 3. There arc
******************************t*******************?******4*** l ********** l ****i***** ANNOUNCEMENTS *************************************************************
HACKer database is open (for those who have sent their Disclaimers in) See 112 on the Main Menu, then submenu selection X4.
IN-HOUSE ReSEARCH now open.
See t6 on Main Menu.
"GOTCHA" challenge found under 117 on Main Menu.
TUTORIALS
"Quicky" guides to E-mail and Research under t8 on Main Menu.
NEW FORUM SUBJECTS: Tandem Computers / Guardian. DO YOU HAVE A SUBJECT YOU WOULD LIKE OPENED FOR DISCUSSION?
R8 (HELP) option t3 gives explanation of all Main Menu options.
NEW! The File Transfer System (FTS) will be open soon. Send us your best files!
Press ENTER to continue... Fig.
1
591
H. J. HighlandlRandom
Bits and Bytes
18 choices. Help screens are always available. WC strongly recommend downloading the help file during the first session to become familiar with Internet c-mail procedures. What WC particularly liked on CSC was the ability to backtrack at any point merely by pressing the letter q. It was always easy to return to the main menu. Entering any of the menu choices is easy since the system provides help along the way. For example, if a user sclectcd item 5, forums and confcrenccs,
from the main menu, the screen shown in Fig. 4 permits a choice of cithcr topic or a return to the previous menu. Sclccting the forums and calendar of cvcnts option in Fig. 4 would product a new screen shown in Fig 5. Note that a tutorial is available for those not familiar with the system. Material is available under seven diffcrcnt headings.
Costs of the Service CompuScrvc is a gateway to the network, and the user in the continental U.S.A. does not pay any fee for this scrvicc. The user pays only for the local tclcphonc call.
Fig,. 2.
MAIN MENU GENERAL TOPICS: --------------[ll NEW ENTRIES in last 7 days [21 BULLETINS (CERT alerts, Virus-l, etc) C3l IN-THE-NEWS (review 1st screen) [41 FILE TRANSFER SYSTEM [51 FORUMS & CONFERENCES [61 IN-HOUSE ReSEARCH (we do it for you) 171 E-MAIL (No mail waiting)
ReSEARCH (by keyword!) TOPICS: ______________________________ 1141 LIST all DATABASES [151 ReSEARCH any database in 614 [161 VENDOR PRODUCTS
1171 "Gotcha!" HELP h MAINTENANCE: __-_______-___-__-[El HELP (Main Menu, Tutorials and other detailed Help) 191 FEEDBACK Cl01 Change PASSWORD and TERMINAL TYPE [ill CSC ANNOUNCEMENTS and SCHEDULES [121 CSC INFO (Agreements, policies, Q&A, prices) [Gloodbye - LOGOFF CSC Select option from above by number! Fig.3
592
Computers and Security, Vol.
70, No.
7
COMPUTER SECURITY CONNECTION FORUMS Board #0 (TOP) Last Msg 8'464 Manager: SYSOP ___---___----___--__~~--~~~~--~~~~--~~~~~-~~~~~--~~~~-~~~~~-~~~~~-~~~~~~~~~~~~ Please use the tutorial if you are not familiar with this area. l+ 2 3 4 5 6 :
+ + + + + + +
CSC Forum Tutorial + Computer Crime + Disaster Recovery + Virus Discussion Forum + Computer Security + Communication Security + EDP Auditing + Calendar of Events +
Fig. 5.
Access cost to the system is U.S. $12.50 per hour with an initial registration fee of U.S. $30.00. It is possible to have multiple users within a company on a single account with a single billing to the corporation. Outside the continental U.S.A. there is a U.S. $4.00 surcharge by CompuServe for access from Canada, Alaska, Hawaii and Puerto Rico. All users outside the areas mentioned should communicate with their local PTT which will provide access and issue invoices for that connection.
Virus Simulations Most recipients arc as intringucd as Dave Powell, Senior Editor of Networking Management, when they get a promotion letter for Virus Clean3 along with a disk of demonstration programs dcsigncd to illustrate the catastrophic effects of several viruses. Dave Powell wrote his reactions to the demo disk in his “The Editor’s Notes”. WC have repeatedly rcccived rcqucsts from corporate security training specialists for two or three sample viruses they can use in their awareness and
jThis program by Joe Hirstwillbc revicwcd in thiscolutnn in a fururcissueoftheJournal.
training programs. Naturally WC‘have not shipped any live virus to them. Now thcrc is a chance to obtain a demonstration disk. For years in our lectures as part of the ACM Lectureship Program and in our virus seminars WC have included demonstrations of viruses in action. The audicnccs loved it since many had little or no direct cxperiencc with a virus attack. It did require our using a floppy disk microcomputer system with one virus per disk and a cold reboot after a two to three minute wait. For the past year WC have been using the same disk that Dave Powell rcccivcd. It is the Virus Simulation Suite written by Jot Hirst4. These non-infecting virus programs simulate the visual and aural effects of some of the PC viruses. The disk contains a total of 17 programs to illustrate nine viruses which include two versions of the Jerusalem virus. The complete set of programs
4Hritish Computer Virus &scarch Ccntre, 12 Guildford Street, Brighton, East Sussex, UN1 3LS, U.K. Tel: + 44-273-26105. Fax: + 44-273-023700. BBS: + 44-273-609720. In the U.S.A. communicate with Computer Consulting Group, 1 130 Old Highway 90 South, Ashland, OK 97520. Tel: 503-488-3237. There is a small fee for duplicating righted freeware disk.
and shipping
of this copy-
593
H. J. Highland/Random
currently
consists of. Syslock (2) (Advent) virus (tune and display) Cascade virus (standard activation) Cascade virus (display only) Devil’s 11ancc virus Devil’s Dance virus (single shot display) Denzuk virus (single shot display) Jerusalem (2) (Fu Manchu) virus Jcrusalcm (2) (Fu M an&u) virus (single shot display) Jcrusalcm (2) (Fu M an&u) virus (cc’nsorcd) Italian virus (standard activation) Italian virus (display only) Jerusalem (1) virus Music virus Music virus (minimum delay) Yankee Doodle virus (standard activation) Yankee Doodle virus (tune only)
ADVN-SIM.COM CASC-SIM.COM CSC-SIMX.COM DDAN-SIM.COM DDN-SIMD.COM DENZ-SIM COM FUMN-SIM.COM FUM-SIMD COM FUM-SIMX.COM ITAL-SIM .COM ITL-SIMX.COM JEW-SIM.COM OROP-SIM .COM ORO-SIMX.COM YANK-SIM .COM YNK-SIMX.COM
Program
Bits and Bytes
Execution
and Control Special
All of the programs check their own length bcforc cxccuting, and perform a checksum test for corruption. If cithcr of thcsc tests fail the program will refuse to cxccutc. Many of the virus simulation programs arc TSRs. The user is warned to rcmovc the program from memory by the (ALT)( -) key combination. Some of the programs have a programmable builtin delay permitting the user to sclcct a numeric parameter bctwccn 1 and 30 inclusive. The number represents the delay in minutes before displaying the simulation cffcct. Furthcrmorc the simulation in many casts can be switched off, and the delay reset with the (ALT)( + ) key combination. The ( + ) and ( - ) keys arc the gray keys on the numeric keypad. For kcyboards without numeric keypads, alternative key combinations can bc used. The disk includes simulated.
594
a brief description
of each virus
Warning
Dave Powell when “playing with virus& disconncctcd his corn utcr from the network; a proccdurc WC hig P11y rccommcnd. Hc made the mistake of not deactivating the viruses bcforc he left the disk and rcturncd to DOS. When hc started using his word processor, “the devil danced, my article crumbled down the screen, and Margaret Thatcher once more received heaps of verbal abuse”. If you get a copy of this simulation disk, pleuse deactivate each virus after it has been demonstrated. It is lots of fun to have many in memory to do their dirty work. WC do this at lectures, burr WC shut off the machine to clear the viruses out of 111c1110ry.
Faulty Software-Not
a Virus
Late in June and early in July, U.S. t&phone nets wcrc struck with massive shutdowns. Local tclcphone services in the Washington, DC-Baltimore-northern Virginia arca went down
Computers and Security, Vol. IO, No. 7
simultaneously with the Los Angclcs area in California. San Francisco and Pittsburgh wcrc also hit. Mom than 10 million telephone users (including networks and computers) were without communication facilities for six to nine hours. Immediately some members of the press and television wcrc out for a good story-a computer virus strikes tclcphone company. A few reports were from industry security published with quotes experts indicating that a virus could do the dama c. When WC wcrc called WC told reporters that t1 c chances of a virus being rcsponsiblc was one in a million. WC believed that since the same software was used in thcsc diffcrcnt areas, it was most likely to be a bug in a program. We recalled the time a number of years ago when a rocket, valued at scvcral millions of dollars with its payload, had to be dcstroycd immcdiatcly after takeoff. The post mortem found that a grammatical error, a comma used in place of a period in a command lint, made either in writing the program or data entry had caused the rocket to veer off course. DSC Communications Corporation of Plano, Texas, the writers of the AT&T software, were able to replicate the breakdown in the laboratory. At a Congressional hearing on this disaster, the company noted that the problem had been traced to a recent upgrade in its software which had not been thoroughly tcstcd for hidden flaws. Comprchcnsive program testing appears to bc going the way of the old sailing boats. Even high tech cornpanics arc rushing new and improved vcrsions to market without lengthy, exhaustive testing. Yet WC know the problem well. In 1961 WC wrote
a series of 26 statistical programs for analysis, which LBM added to the users library and distributed to universities and busincsscs. Marc than 900 sets of programs were shipped and presumably used. Fifteen years later when our wife
decided to use thcsc programs statistics. we found a bug.
in her teaching
of
Maybe living with a computer nut taught her never to accept computer output. She calculated all output with paper and pencil. One program produced an answer that failed to match after the second decimal place. Reluctantly WC’checked her penciland-paper calculations and found that she was correct. Wc traced the error to the use of a plus sign instcad of a minus sign in the correction factor in one equation. Maybe the original printout, when the program was prcparcd by LBM, was smudged. The data entry clerk used + and not - in preparing the program, and we _f&ikd to dctcct the substitution in our proofreading.
Items in the News As we browse through the many publications WC‘ rcccive and the articles which our fortner Managing Editor clips for us from a myriad of magazines and newspapers, we conic across intcrcsting items. Some are brief four or five hnc fillers; others are lengthy, somctimcs technically detailed, pieces. We like to share some of these with our readers. Some arc bright spots for the day and others arc food for thought. l Computer Virlrses Near 1000: Professor l)r. Klaus Brunnstcin of the Department of Informatics at the University of Hamburg (Germany) announced in the mid-summer that the number of DOS computer viruses has hit a new milestone. His report, “Index of Known Malicious Software: MsDos with the cooperation of Systems”, was prepared David Chess, Yisracl Radai, Alan Solomon, Padgett Pctcrson and others.
Hc was deeply now: l 120 virus families:
deprcsscd
families
to report
(strains)
with
that there
59 more
arc
sub-
H. J. Highland/Random
with 744 viruses, variants
Bits and Bytes
and clones
we bc guided by the programs, products and procedures that arc in common use in companies in their fields.
viruses
At first it appeared to be sound advice. But both speakers emphasized that industy practice must be the foundation for a company’s program. They repeatedly noted that collcctivc industry judgment was the route to go, recommending a “do not rock the boat” policy. Their conclusion was that a sccurity program should be based on concurrence and acceptance in an industry.
plus 7 trojans, and 228 single (non-strain) plus 19 trojans The good doctor, after releasing his report, left for a month on a sailing trip on his schooner, the “Arcthusa”, which is a small replica of “Blucnosc”. l Security Note: Going through our e-mail recently WC found a note from Robert Sladc of the Vancouver Institute for Rcscarch in User Security. In it he added Richard’s 2nd Law ofData Security:
“If you buy a computer,
don’t turn it on!”
Can’t remember Richard’s 1st Law; will know when WC hear from Robert.
let you
l Freedom
ofinj&mation, U.S.A.: One of our favorite magazines, 2600: The Hacker Quarterly, contained an interesting tidbit. TRW, a credit information scrvice, offers individuals a chance to subscribe so that they can learn what their credit information contains and who has made inquiries about them. (We have had about five solicitations for this scrvicc in the past six months.)
To get information about the service, according to 2600, TRW uses a 900 number; there is a fee for calling that number and that fee is added to the caller’s tclcphonc bill. A subscriber interested in obtaining a FAX copy of a his/her credit report is charged $15.00 ($25.00 if it is sent overnight) or $2.00 for the first minute (and $1.00 for each additional minute) to have the credit report read over the phone. This practice got the hackers upset as it has many others. l Follow the Herd: We read two speeches in recent sets of confcrcncc proceedings where the authors, in explaining the setting up and evaluation of a corporate computer security policy, suggested that
596
It is, of course, prudent to learn what others arc doing. Following others is often the easiest thing to do; after all there is safety in numbers. But is that the system your company really needs? WC can learn from others but do we have to follow their mistakes? l End r?f‘arz Era: The Free Software Foundation in Cambridge, MA, is a group that believes in the programmer’s utopia, a world in which all programs and information are freely exchanged. They permitted anyone to access their bull&n board and download anything they liked.
That era is now ended. It seems that hackers rcpcatcdly destroyed files. It was also felt that network vandals used their system to attack other computer systems. They have now locked their system. The foundation was started by Richard Stalhnan who has championed the free exchange of programs and ideas to encourage programmers in their development. An entire community exists which believes in this free exchange and will regret the passing of the Free Foundation’s free access. We talked with some of our friends in the security field, particularly one who is a terrorism specialist. He raised an interesting question. Under totalitarian governments, thcrc are often unofficial death squads to climinatc the opposition. Could this attack have been planned and perpetrated by a “right wing” hit squad?
Computers and Security, Vol. IO, No. 7
NTIS Volumes of Interest The National Technical Information Service (NTIS) is a self-supporting agency of the U.S. Department of Commerce. It provides access to the results of both U.S. and foreign governmcnt-sponsorcd research and development and engineering activities. For copies of any of the publications WC consider of intcrcst to computer security directors and personnel, you can communicate with: U.S. Department of Commcrcc National Technical Information 5285 Port Royal Road Springfield, VA 22 16 1 Orders: Telex:
Service
+ 1 703 487-4650 89-9405 or 646 17 Fax: + 1 703 32 l-8547
Methodologyfor Analysing Human and ComputerRelated Issues in Secure Systems J. E. Dobson, Newcastle upon Tync University (U.K.), March 1990,22 pp. TRS-307, PB91120774/‘WCC.
The paper describes work being carried out at the Universities of Newcastle and York which is developing conceptual and logical models of nonfunctional requirements such as “security”, whose meaning derives from the organizational cnvironmcnt of a computer system. The work brings together two novel approaches to the problem of deciding whcthcr or not a system is “secure”: (i) a recently-developed framework based on modelling principles for evaluating enterprise whether a system is fit for its purpose in some given organizational context; and (ii) a logic based on speech act theory for evaluating the conversation structures in which the term “secure” is defined and ascribed as a property of a computing system.
SRI International:Improving the Security ofYour UNLX System E. Roback and D. A. Curry, National Inst. of Standards and Technology, Gaithersburg, MD, November 1990,57 pp., NISTIR-4453. The report provides various suggestions for improving the security of those systems operating under the UNIX operating system. Following an introduction explaining the rising concern for security, specific techniques arc discussed for protecting account security, network security, and file system security, User responsibilities are included. Mechanisms available to system operators to monitor security arc also resented. There is also an ovcrvicw of the wealt L of sofrwarc that has been developed to improve UNIX systems, much of which is freely available; sources for obtaining this software arc included. Finally the document includes reference sources, such as where to obtain the latest information about problems, suggested reading, and a security checklist. Comparison of Password Techniques M. G. Bcedenbcnder, Naval Postgraduate School, Montcrcy, CA, March 1990, 85 pp., XN-NPS, AD-A226 597/3/‘WCC. Passwords arc normally composed of a meaningful detail, such as the name of a person or a sequence of numbers such as a birth date. Any person attempting to gain unauthorized access to a system might need only to look at a personnel record or associate with the person holding the desired password in order to discover the password. Therefore, there is a compromise between user memorability and security of a system. Exploration into other methods of user authentication and access control is desired to discover a better altcrnativc to the traditional password system. The alternatives arc system-generated passwords, pronounceable passwords, passphrascs, cognitive passwords and authentication by word association. Thcsc methods arc discussed and cxamincd. The results from this study show that cognitive passwords and authentication by word association arc superior to other methods in access control.
597
H. J. Highland/Random
Bits and Bytes
Proceedings oj‘the Fourth IFII-’ WG 11.3 Works/lop on Database Security Held in Halgax, U.K., on 18-21 September I 990 Johns Hopkins University, Laurel, MD, Chemical Propulsion Information Agency, 2 1 September 1990,399 pp. Partial Contents: Computer Security in a Clinical Environment; Mental Health II&very, A Multilcvcl Formal Specification of a Mental Health Care Database; Discretionary Access Control in Objcctoriented Databases; Multilcvcl Security for Multimedia Database Systems; A Trusted Basis for Database Controls; Separation of Duties in Information Systems; Shared Sensitivity Labels; Update Semantics for a Multilevel Relational Database; Database, Aggregation, and Security Algebra; A Research and Dcvclopmcnt Program for Trusted Distributed Database Systems. Riblic;qraplry cfSclected Computer Security Publications, January lB(tOctober 1989 R. Turn and L. E. Bassham, National Inst. of Standards and Technology (NCSL), Gaithcrsburg, MI), Dcccmbcr 1990, 220 pp., NIST/SP-800/l. The bibliography cites sclectcd books and articles on computer security published from January 1980 through October 1989. To have been selected, an article had to bc substantial in content to have been published in professional or technical iournals, magazines or conference proceedings. Only very substantial articles from the Douular or trade Dress wcrc included. English IaAg;age articles hom foreign journals were also included. The citations are listed under nine categories. A tenth category of prc- 1980 publications is also provided, as well as an appendix containing addresses of all journals and magazines referenced in the bibliography. I
1
CERTS;A Comparative Evaluation Methodjh Management Methodologies and Tools W. M. Garrabrants and A. W. Ellis, Naval Postgraduate School, Monterey, CA, March 12 1 pp., AD-A229 021/5AVCC.
598
J
Risk
1990,
This thesis dcvclops a comparative evaluation method for computer security risk management methodologies and tools. The subjective biases inhcrcnt in current comparison practices arc rcduccd by measuring unique characteristics of computer security risk managcmcnt mcthodologics. Standard&cd criteria are cstablishcd and described by attributes which in turn arc defined by metrics tlrat measure the characteristics. The suitability of a method or tool to a particular organization can then bc analyzed objectively. Additionally, the evaluation method facilitates the comparison of methodologies and tools with each other. As a demonstration of its effcctivcncss, the method is applied to four distinct risk management mcthodologics and four risk management tools. Alternative models for utilizing the evaluation method arc presented as well as possible directions for their application. Without an adcquatc means of comparing and evaluating risk management decision-making mcthodologics, the sclcction of a risk management method or tool bccomcs arbimaking inappropriate sclcctrary and capricious, tions more likely. Selection of an inappropriate method or tool could lead to excessive costs, misdirected efforts and the loss of assets. The systcmatic and standard comparison method developed in this thesis resolves this problem. Network Stability under Viral Attack-A Game Entitled “God and the Devil” S. C. Gicss, Royal Signals and Radar Establishment, Malvcrn (U.K.), July 1990, 23 pp., RSRE-MEMO4405, DRIC-BR-115 188, AD-A229 274/6/WCC. The problem of viral attacks on communications networks is cxplorcd with an emphasis on the time taken for network recovery. The problem is studied by means of a garnc which allows for different initial states of the network followed by state evolution according to a fixed rule-set. It is found that only a small percentage of nodes in the network need bc equipped with countcrmcasurc software for a near-asymptotic recovery time to bc achieved.
Computers and Security, Vol. 70, No. 7
Secure resource management: Speci$iy and testing secure operating systems M. Archer, D. A. Frincke and K. Levitt, Lawrence Livermore National Lab., CA, 10 April 1990, 76 pp., UCRL-CR- 105098, DE9 100713WWCC.
planning, specialized to achieve goals concerned with information flow. The tools are dcmonstratcd with respect to a simple operating system specification developed by Millen.
Much work has been devoted to developing spccifications for an operating system that arc vex&cd to be secure. Before the verification is attempted, the specifications should be tested. This paper presents tools that can assist in the security testing of spccifications.
Data and Information Integrity in a Distributed Environment D.C. Abcrnethy, Air War College, Maxwell AFB, AL, May 1990,50 pp., AD-A229 949/3/‘WCC.
The first tool is based on the Final Algebra Spccification and Execution (FASE) system and would be used to test specifications with real input values. FASE is an executable specification language which is operational in style, in which entities arc rcprescntcd in terms of their observable behavior. To facilitate the testing of an operating system (and its spcciflcation) we have specified a Secure Resource Manager (SRM), a generic template of an operating system. The SRM specification can be spccializcd to a specification of a particular operating system; the SRM is quite general and handles most fcaturcs of modern nondistributcd operating systems. The second tool, the PLANNER, is used to derive a scquencc of operations that exhibit a security flaw, most often a covert channel for information flow. The PLANNER is based on classical methods of AI
The author notes that the 1990s will bc the era of Information Management in Computer Processing. Information Management demands the integrity of data and information that is processed and handled. “As we move into this new age, WC arc losing the ability to ensure integrity in a distributed proccssing environment. This is due in part to the proliferation of terminals, workstations and the advent of networking as we move from a ccntralizcd approach to data processing and databasing.” Integrity, the author explains, is more than a security issue. It cncompasscs accuracy, correctness and validity of data. Database dcvclopmcnt, database management systems, networking of terminals and systems, and the distributed cnvironmcnt of software and information compound the integrity concerns. “Until WC rccognizc that information is our most precious resource, WC will ignore the importance of integri concerns and their impact on the computer worl a;.”
599
H. J. Highland/Random
Bits and Bytes
Professor Harold Joseph Highland, FICS is Managing Director of Compulit, Inc. (Elmont, NY, U.S.A.) and heads its Microcomputer Security Laboratory. He is Chairman of IFIP/ WIG1 1.8 on information security education and training and is also an Associate of the Information Security Research Centre of Queensland University of Technology (Brisbane, Australia). He retired a decade ago as Distinguished Professor University of New York. He is also the founding Editor-in-Chief Emeritus of Cotnpu~ea GSecurity. In addition in Cowptrn writes:
of the State editor and
to his “Random Bits & Bytes” column that appears G Security and other writings, Professor Highland
l a column for CVIG AJcws, a monthly publication of the Computer Virus Information Group of the Information Sccurity Research Centrc of Queensland University of Technology, Brisbane, Australia, and
0 an electronic mation security
newsletter on computer security bulletin board in the States.
for an infor-
Professor Highland is counsel to the Computer Security Technical Committee of the Chinese Computer Federation (Beijing, PKC) and to other government agencies in the U.S.A. and abroad. Hc serves as the Public Information Officer of the International Federation for Information Processing’s Technical Committee 1 1 on information security. A Fellow of the Irish Computer Society, Professor Highland is also a member of the Association for Computing (ACM), the LEEE’s Computer Society, the New York Academy of Sciences, Am&can Association for the Advancement of Science, Computer Professionals for Social Responsibility and the Society for lrrcproducible Kcsults.
600