- Email: [email protected]
SCO patches
January 1995
Computer Fraud & Security Bulletin
INDUSTRY NEWS
World Institute for Security Enhancement
SCO patches
In Greensboro, North Carolina, USA, the World Institute for Security Enhancement (WISE) has been established. The Institute aims to provide training and consultation in a wide variety of disciplines for industry and government agencies. Areas concentrated on include safety, security, investigations and loss prevention. The Institute focuses on specialized training, research and development, promotes safety and security issues and serves as a 'think tank'. Initial reactions have been very enthusiastic and support from manufacturers, in the provision of training materials and state-of-the-art equipment, has exceeded expectations. Courses will commence from this month at the Greensboro campus or, upon request, at company or government agency locations. Some of the courses available will include: Protection of Computers and Proprietary Data, Protection of Documents and Proprietary Information, Security Management, Bomb Threat Planning/ Management etc. The Institute looks at all aspects of security, not just that of computers. For further information contact WISE on +1 910 993 7419.
The Santa Cruz Operation (SCO) is dispatching binary 'patches' to mend security flaws discovered in its Unix operating system. During December, SCO found flaws in five of its Unix system products, and, to its credit, promptly notified users of both the problem and the patches. "As the result of testing we do all the time, we became aware of some security holes for authorized users", said Mr Mark Yahiro, SCO's director of strategic marketing. "We issued a notice to CERT ( C o m p u t e r E m e r g e n c y Response Team), which sent out a bulletin to customers." The bulletin notifies users of flaws which have been found in SCO Unix System v/386 Release 3.2, versions 4.0, 4.1 and 4.2, Open Desktop Lite Release 3.0, Open Desktop Release 3.0 and 2.0, Open Server Network System Release 3.0 and Open Server Enterprise System Release 3.0. The CERT bulletin advocates SCO's patches, consisting of a set of binaries, which will secure the programs and are available free of charge. The security holes in the SCO Unix operating system would allow users with system log-in authorization to obtain unauthorized root access by utilizing any of the flawed programs. Because of security considerations, neither SCO or CERT will say exactly how the programs couid be breached. "You would have to have a log-in and very experienced knowledge of the system, more at the experienced systems administrator level", said Mr Yahiro. "The average person would have no idea, and there are no problems for people without log-ins." Patches can be obtained via FTP at ftp.sco.com or through the World Wide Web at ftp://www.sco.com or downloaded from the SCO Online Support bulletin board. Lisa Armstrong
©1995 Elsevier Science Ltd
MARKETPLACE JPY Ltd have announced a major new version of DataLock their network file encryption software for VAX/VMS. DataLock version 4.0 offers transparent encryption to the US Bureau of Standards Data Encryption Standard. DataLock can be used with any VMS layered product to achieve file security-- independent of the user's privilege. The advancement over the previous versions include: Key-holder file sharing, enhanced key management and new installation. Key-holder file sharing allows several key-holders to share access to individual encrypted files. Shared access to encrypted data requires each user to know the encryption key. Users key databases are now automatically encrypted and password protected. The use of
5
Computer Fraud & Security Bulletin
INDUSTRY NEWS
World Institute for Security Enhancement
SCO patches
In Greensboro, North Carolina, USA, the World Institute for Security Enhancement (WISE) has been established. The Institute aims to provide training and consultation in a wide variety of disciplines for industry and government agencies. Areas concentrated on include safety, security, investigations and loss prevention. The Institute focuses on specialized training, research and development, promotes safety and security issues and serves as a 'think tank'. Initial reactions have been very enthusiastic and support from manufacturers, in the provision of training materials and state-of-the-art equipment, has exceeded expectations. Courses will commence from this month at the Greensboro campus or, upon request, at company or government agency locations. Some of the courses available will include: Protection of Computers and Proprietary Data, Protection of Documents and Proprietary Information, Security Management, Bomb Threat Planning/ Management etc. The Institute looks at all aspects of security, not just that of computers. For further information contact WISE on +1 910 993 7419.
The Santa Cruz Operation (SCO) is dispatching binary 'patches' to mend security flaws discovered in its Unix operating system. During December, SCO found flaws in five of its Unix system products, and, to its credit, promptly notified users of both the problem and the patches. "As the result of testing we do all the time, we became aware of some security holes for authorized users", said Mr Mark Yahiro, SCO's director of strategic marketing. "We issued a notice to CERT ( C o m p u t e r E m e r g e n c y Response Team), which sent out a bulletin to customers." The bulletin notifies users of flaws which have been found in SCO Unix System v/386 Release 3.2, versions 4.0, 4.1 and 4.2, Open Desktop Lite Release 3.0, Open Desktop Release 3.0 and 2.0, Open Server Network System Release 3.0 and Open Server Enterprise System Release 3.0. The CERT bulletin advocates SCO's patches, consisting of a set of binaries, which will secure the programs and are available free of charge. The security holes in the SCO Unix operating system would allow users with system log-in authorization to obtain unauthorized root access by utilizing any of the flawed programs. Because of security considerations, neither SCO or CERT will say exactly how the programs couid be breached. "You would have to have a log-in and very experienced knowledge of the system, more at the experienced systems administrator level", said Mr Yahiro. "The average person would have no idea, and there are no problems for people without log-ins." Patches can be obtained via FTP at ftp.sco.com or through the World Wide Web at ftp://www.sco.com or downloaded from the SCO Online Support bulletin board. Lisa Armstrong
©1995 Elsevier Science Ltd
MARKETPLACE JPY Ltd have announced a major new version of DataLock their network file encryption software for VAX/VMS. DataLock version 4.0 offers transparent encryption to the US Bureau of Standards Data Encryption Standard. DataLock can be used with any VMS layered product to achieve file security-- independent of the user's privilege. The advancement over the previous versions include: Key-holder file sharing, enhanced key management and new installation. Key-holder file sharing allows several key-holders to share access to individual encrypted files. Shared access to encrypted data requires each user to know the encryption key. Users key databases are now automatically encrypted and password protected. The use of
5