- Email: [email protected]
Students crack classwork computer
May 1990
Computer Fraud & Security Bulletin
ALLOCATE. Before any I/O operation occurs in TSO, the file must be allocated. To preserve data integrity, a file must be allocated exclusively to a user or program, so the ALLOCATE command must be called before any TSO commands can be used.
Software Theft (FAST), has helped UK police in a raid on the premises of a Surrey software dealer, during which police seized illegal copies of materials and software. This particular raid was a follow-up to the recent raids in Barcelona, Spain, which we reported on in the March issue of CFS.
Using this command, and TSO user can allocate any non-VSAM data set to his or her exclusive use, regardless of whether the user is authorized to access those files. This is done using the following one-line TSO command: ALLOCATE DATASET (data-set-name) OLD The OLD qualifier prevents other users from accessing the data set and gives the perpetrator exclusive use of it. Only the user or the program that allocated the dataset can access it; the MVS system excludes access by all other TSO users, including started tasks, batch jobs and the operating system itself. This command can be used on such sensitive files as the SMF records, the TSO log-on procedure lists, the ISPF user profiles and the production and test program libraries. Once a user is logged into TSO, there are several ways a malicious user can deny service to others, but ALLOCATE is a command which is not controlled by security software such as ACF-2 or RACF. Such security packages are designed to interface with the operating system only when a high level command - such as READ, WRITE or DELETE - is entered. The ALLOCATE command is so fundamental to the effective use of TSO that fixing the problem would require extensive modification to the MVS operating system. Despite the absence of a absolute solution, Opaska recommends reducing the risk by increasing security awareness and applying strict controls on the use of TSO IDS.
UK BUSINESSES
GIVEN WARNING
The Business Software Association (BSA), in conjunction with the Federation Against
01990
Elsevier Science Publishers Ltd
Three earlier raids, which all took place within weeks of each other, were against a computer dealer in Manchester, a print firm in Hertfordshire and a computer consultancy in Hampshire. In a typical piece of British understatement, FAST officials claim that the police have hauled in “a rather large amount of counterfeit material.” Bob Hay, chief executive of FAST, confirm& that there were several further cases under investigation. Fox Borgerhofl Mulder, the lawyer for Lotus Corp, commented, “The successful raids should serve as a warning to other firms that the software industry is winning the war against software piracy. Lotus is working with associations like the BSA and FAST to stamp out all forms of software piracy.”
STUDENTS CRACK CLASSWORK COMPUTER Up to 200 students at the University of Tennessee are facing charges after hacking into the part of the university computer system which contained their course assignments and scheduled their classes. Phil Scheurer, the vice chancellor of the university, said that the students are being charged with violating the university’s code of conduct, and that penalties could range from written reprimands to suspension. Scheurer said that he does not know how the students obtained the password which enabled them to access the system, but he did confirm that the students had been freely re-arranging their schedules and adding or dropping courses for more than a year. They were finally caught by a university employee who monitors the system.
Computer Fraud & Security Bulletin
Scheurer
maintains
May 1990
that no other university
computer systems were hacked by the students, and that no grades were compromised
by the
incident.
MARKETPLACE An
Australian-based
Communitron
(Aust)
Pty
Australia
have announced
controller
that can store
passwords
and can specify
company, Ltd,
and
a dial-back
Telcom modem
up to 200 different times and days of
access for each valid user. The device also keeps an audit trail of the user’s name, time and date of log-on, duration of call, what options were used
and
entered. attempts.
what
management
levels
were
It also records any failed log-on For more information call John Price
tel: +44-(0)71-438-8260. Goal Systems International has announced a new software security package for IBM mainframes called Alert. Alert uses menu-driven facilities for defining all security levels, It claims to incorporate a powerful online reporting function for monitoring system activity and attempted violations, and to easily be able to format the logged information into a report. It is available for a free 30 day trial, prior to purchase. For more information contact: Jill Wilkin tel: +44-(0)727-41231. The
UK Data
Protection
Howe, has produced
Registrar,
Eric
a booklet decribing
what
members of the public can do to check their own data and have errors corrected. Howe comments that his office is dealing number of cases where
with an increasing computer data is
seriously wrong. “There are still too many people who only have a vague idea of their rights, of what we can do to help them and what they can do to help themselves.” Copies of the booklet entitled If there’s a mistake on a computer about you.. . are available free from the Office of the Data
Protection
Registrar;
tel:
+44-(0)625-
A new ‘plating on plastics’ process has been announced by Shipley Europe for electromagnetic radiation shielding. Called Omnishield SST, it claims to provide greater than 60dB of shielding effectiveness, over a frequency range of 1 to 1000 MHz, with a copper deposit of only 2 microns. The average cost of manufacturing a shielded VDU housing (based on a production run of 10 000 ABS units) using Omnishield SST is estimated to be around f 12, including raw materials, set up, mould and machine costs. For more information contact: Philip Hunter tel: +44-(0)203-457203. lncoms Systems has announced the Spectrum and Ergo-vision ranges of VDU filters, along with Ergo-cover which is designed to block emissions from the back and sides of monitors. Prices start from f20 for Ergo-vision, f50 for Spectrum and f90 for Ergo-cover. For more information Brian contact: Green tel: +44-(0)81-740-9703. UK-based Program Systems has introduced the Multi-Function access control card, which was originally designed for a multinational pharmaceutical company. The Multi-Function card has Wiegand, magnetic strip and bar code facilities to provide information on access control, time and attendance records. Identification and other personal data can be added using colour lasing etching. For more information contact Ed Watters tel: +44-(0)81748-6336. Two ‘new’ anti-viral products have been announced this month. PC lmmunise II is sold by S A Software and retails for around f40, upgrades from the previous version are available for f 25. Meanwhile Virus Exterminator has been released by MSS Technology, and consists of two programs - a hard disk manager and a memory resident virus monitor. The programs run on MS-DOS and are menu-driven. For more details on Virus Exterminator contact Richard King; tel: +44-(0)61-926-0669, and for PC lmmunise II contact: S. Ajina tel: +44-(0)81998-2351.
535777.
01990
Elsevier Science
Publishers
Ltd
Computer Fraud & Security Bulletin
ALLOCATE. Before any I/O operation occurs in TSO, the file must be allocated. To preserve data integrity, a file must be allocated exclusively to a user or program, so the ALLOCATE command must be called before any TSO commands can be used.
Software Theft (FAST), has helped UK police in a raid on the premises of a Surrey software dealer, during which police seized illegal copies of materials and software. This particular raid was a follow-up to the recent raids in Barcelona, Spain, which we reported on in the March issue of CFS.
Using this command, and TSO user can allocate any non-VSAM data set to his or her exclusive use, regardless of whether the user is authorized to access those files. This is done using the following one-line TSO command: ALLOCATE DATASET (data-set-name) OLD The OLD qualifier prevents other users from accessing the data set and gives the perpetrator exclusive use of it. Only the user or the program that allocated the dataset can access it; the MVS system excludes access by all other TSO users, including started tasks, batch jobs and the operating system itself. This command can be used on such sensitive files as the SMF records, the TSO log-on procedure lists, the ISPF user profiles and the production and test program libraries. Once a user is logged into TSO, there are several ways a malicious user can deny service to others, but ALLOCATE is a command which is not controlled by security software such as ACF-2 or RACF. Such security packages are designed to interface with the operating system only when a high level command - such as READ, WRITE or DELETE - is entered. The ALLOCATE command is so fundamental to the effective use of TSO that fixing the problem would require extensive modification to the MVS operating system. Despite the absence of a absolute solution, Opaska recommends reducing the risk by increasing security awareness and applying strict controls on the use of TSO IDS.
UK BUSINESSES
GIVEN WARNING
The Business Software Association (BSA), in conjunction with the Federation Against
01990
Elsevier Science Publishers Ltd
Three earlier raids, which all took place within weeks of each other, were against a computer dealer in Manchester, a print firm in Hertfordshire and a computer consultancy in Hampshire. In a typical piece of British understatement, FAST officials claim that the police have hauled in “a rather large amount of counterfeit material.” Bob Hay, chief executive of FAST, confirm& that there were several further cases under investigation. Fox Borgerhofl Mulder, the lawyer for Lotus Corp, commented, “The successful raids should serve as a warning to other firms that the software industry is winning the war against software piracy. Lotus is working with associations like the BSA and FAST to stamp out all forms of software piracy.”
STUDENTS CRACK CLASSWORK COMPUTER Up to 200 students at the University of Tennessee are facing charges after hacking into the part of the university computer system which contained their course assignments and scheduled their classes. Phil Scheurer, the vice chancellor of the university, said that the students are being charged with violating the university’s code of conduct, and that penalties could range from written reprimands to suspension. Scheurer said that he does not know how the students obtained the password which enabled them to access the system, but he did confirm that the students had been freely re-arranging their schedules and adding or dropping courses for more than a year. They were finally caught by a university employee who monitors the system.
Computer Fraud & Security Bulletin
Scheurer
maintains
May 1990
that no other university
computer systems were hacked by the students, and that no grades were compromised
by the
incident.
MARKETPLACE An
Australian-based
Communitron
(Aust)
Pty
Australia
have announced
controller
that can store
passwords
and can specify
company, Ltd,
and
a dial-back
Telcom modem
up to 200 different times and days of
access for each valid user. The device also keeps an audit trail of the user’s name, time and date of log-on, duration of call, what options were used
and
entered. attempts.
what
management
levels
were
It also records any failed log-on For more information call John Price
tel: +44-(0)71-438-8260. Goal Systems International has announced a new software security package for IBM mainframes called Alert. Alert uses menu-driven facilities for defining all security levels, It claims to incorporate a powerful online reporting function for monitoring system activity and attempted violations, and to easily be able to format the logged information into a report. It is available for a free 30 day trial, prior to purchase. For more information contact: Jill Wilkin tel: +44-(0)727-41231. The
UK Data
Protection
Howe, has produced
Registrar,
Eric
a booklet decribing
what
members of the public can do to check their own data and have errors corrected. Howe comments that his office is dealing number of cases where
with an increasing computer data is
seriously wrong. “There are still too many people who only have a vague idea of their rights, of what we can do to help them and what they can do to help themselves.” Copies of the booklet entitled If there’s a mistake on a computer about you.. . are available free from the Office of the Data
Protection
Registrar;
tel:
+44-(0)625-
A new ‘plating on plastics’ process has been announced by Shipley Europe for electromagnetic radiation shielding. Called Omnishield SST, it claims to provide greater than 60dB of shielding effectiveness, over a frequency range of 1 to 1000 MHz, with a copper deposit of only 2 microns. The average cost of manufacturing a shielded VDU housing (based on a production run of 10 000 ABS units) using Omnishield SST is estimated to be around f 12, including raw materials, set up, mould and machine costs. For more information contact: Philip Hunter tel: +44-(0)203-457203. lncoms Systems has announced the Spectrum and Ergo-vision ranges of VDU filters, along with Ergo-cover which is designed to block emissions from the back and sides of monitors. Prices start from f20 for Ergo-vision, f50 for Spectrum and f90 for Ergo-cover. For more information Brian contact: Green tel: +44-(0)81-740-9703. UK-based Program Systems has introduced the Multi-Function access control card, which was originally designed for a multinational pharmaceutical company. The Multi-Function card has Wiegand, magnetic strip and bar code facilities to provide information on access control, time and attendance records. Identification and other personal data can be added using colour lasing etching. For more information contact Ed Watters tel: +44-(0)81748-6336. Two ‘new’ anti-viral products have been announced this month. PC lmmunise II is sold by S A Software and retails for around f40, upgrades from the previous version are available for f 25. Meanwhile Virus Exterminator has been released by MSS Technology, and consists of two programs - a hard disk manager and a memory resident virus monitor. The programs run on MS-DOS and are menu-driven. For more details on Virus Exterminator contact Richard King; tel: +44-(0)61-926-0669, and for PC lmmunise II contact: S. Ajina tel: +44-(0)81998-2351.
535777.
01990
Elsevier Science
Publishers
Ltd