Subject: RISKS DIGEST 14.85 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Friday 20 August 1993 Volume 14 : Issue 85 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Child-Prodigy or Prodigy-Child? 14-year-old triggers alarms (Jason Harrison) IRS accounting bugs (Mich Kabay) IRS & security (Mich Kabay) Re: Dorney Park Hercules roller coaster ... (Gary Wright) Accessible answering machines may grant *too much* access (Tsutomu Shimomura) Re: ATM Scam (Gene Spafford) High-speed password matching (Steve Stevenson) Re: Crash of JAS 39 Gripen (Derrick Everett) Risks of coming mass-communication capabilities (Jim Hiller) Re: Computers dialing 911 (Mark) Good news from the front lines (Jeremy Grodberg) Gideon Kunda, Engineering Culture (Phil Agre) Virus Catalog: new edition (Klaus Brunnstein) InfoWar announcement (Mich Kabay) The RISKS Forum is a moderated digest discussing risks; comp.risks is its USENET counterpart. Undigestifiers are available throughout the Internet, but not from RISKS. Contributions should be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to risks@csl.sri.com, with appropriate, substantive "Subject:" line. Others may be ignored! Contributions will not be ACKed. The load is too great. **PLEASE** INCLUDE YOUR NAME & INTERNET FROM: ADDRESS, especially .UUCP folks. PLEASE SEND REQUESTS FOR SUBSCRIPTIONS, archive problems, and other information to risks-request@csl.sri.com (not automated). BITNET users may subscribe via your favorite LISTSERV: "SUBSCRIBE RISKS". Vol i issue j, type "FTP CRVAX.SRI.COMlogin anonymousAnyNonNullPW CD RISKS:GET RISKS-i.j" (where i=1 to 14, j always TWO digits). Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. The COLON in "CD RISKS:" is essential. "CRVAX.SRI.COM" = "128.18.10.1". =CarriageReturn; FTPs may differ; UNIX prompts for username, password. If you are interested in receiving RISKS via fax, please send E-mail to risks-fax@vortex.com, phone +1 (310) 455-9300, or fax +1 (310) 455-2364 for information regarding fax delivery. PLEASE DO NOT USE THOSE NUMBERS FOR GENERAL RISKS COMMUNICATIONS; instead, as a last resort you may try phone PGN at +1 (415) 859-2375 if you cannot E-mail risks-request@CSL.SRI.COM . ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- Date: Fri, 20 Aug 93 12:49:36 -0700 From: harrison@cs.ubc.ca Subject: Child-Prodigy or Prodigy-Child? 14-year-old triggers alarms As a supposed joke, a 14-year-old Seattle-area girl sent a Prodigy message to her boyfriend in New Jersey containing a phony death threat against Baltimore Orioles' shortstop Cal Ripkin, Jr., who is getting ever closer to Lou Gehrig's record for consecutive games. Seattle and Baltimore were playing in the Kingdome in Seattle, and her boyfriend is an avid Orioles' fan. Known for its monitoring of messages, Prodigy alerted the police --- who tightened security at the Kingdome and also camped out waiting for the girl to return home. They apparently reprimanded the girl, but she was not charged. Police said she was ``very embarrassed and apologetic'' and added, ``By the time her [28-year-old] sister got done chewing her out, that was enough.'' [Source: A UPI item datelined Seattle, 19 Aug 93, PGN Excerpting and Extrapolating Service] [The news on 20 Aug 93 noted that Kingdome officials are planning on charging the cost of the extra security assigned to Ripkin to the girl. - Jason] ------------------------------ Date: 18 Aug 93 15:13:41 EDT From: "Mich Kabay / JINBU Corp." <75300.3232@compuserve.com> Subject: IRS accounting bugs See IRS's Books. Color Them Red.; First Audit Ever Uncovers $752 VDT Valued at $5.6 Million By Stephen Barr, Washington Post Staff Writer, Washington Post, 18 Aug 1993 The Internal Revenue Service, which has made many an American anxious over an audit, recently underwent a comprehensive audit of its own - its first. Among the findings: A video display terminal costing $752 was valued in IRS inventory records at $5.6 million. $36,000 was paid for a maintenance contract for a minicomputer that had been idle for three years. 32 duplicate payments and overpayments worth $500,000 were found in a review of 280 payments to vendors, and 112 payments totaling $17.2 million lacked complete supporting documentation. The IRS examples are but a small slice of one of the federal government's most serious problems: financial books that are out of whack, perhaps by tens of billions of dollars." The article goes on to detail a litany of egregious accounting blunders in various parts of the government: "...more than $200 billion in accounting errors by the Army and Air Force,..." "...more than $500 million worth of errors in NASA financial statements...." In addition, the GAO's report was discussed in the Senate's Governmental Affairs Committee chaired by John Glenn (D-Ohio). The Committee was concerned "...about the disclosure that taxpayer privacy had been compromised by an internal breakdown in computer security." Michel E. Kabay, Ph.D., Director of Education, National Computer Security Assn ------------------------------ Date: 20 Aug 93 10:37:39 EDT From: "Mich Kabay / JINBU Corp." <75300.3232@compuserve.com> Subject: IRS & security IRS Computer Revamp Faulted By Study Panel; Privacy, Security Risks Seen In Multibillion-Dollar Program, By Stephen Barr, Washington Post Staff Writer, Washington Post, 20 Aug 1993 The Internal Revenue Service `has shown little progress' in addressing concerns about taxpayer confidentiality as it proceeds with a multibillion-dollar overhaul of its computer systems, a National Research Council panel said yesterday. The Tax Systems Modernization program at IRS "can lead to a wide range of potentially disastrous privacy and security problems for the IRS unless the IRS develops effective, integrated privacy and security policies," the panel said." The article continues to report that the program modernization will cost about $7.8 billion over the next 15 years. Henry H. "Hank" Philcox said that the IRS has been studying security for at least the last 10 months, including both anti-hacker considerations and protection against abuse by employees. Michel E. Kabay, Ph.D., Director of Education, National Computer Security Assn ------------------------------ Date: Wed, 18 Aug 1993 23:51:37 -0400 From: gwright@world.std.com (Gary Wright) Subject: Re: Dorney Park Hercules roller coaster ... (S.D.Walter, RISKS-14.83) > This accident sounds remarkably similar to the accident on the Timber Wolf > roller coaster at Worlds of Fun in Kansas City, on March 31, 1990. The > nature of the accident and the fixes were essentially the same! See > RISKS-9.96. In fact, the Timber Wolf and Hercules were both built in 1989 and designed by the same firm, Curtis D. Summers, Inc. I believe the same construction company was used (Dinn). The material I have only lists designers. (Guide to Ride, American Coaster Enthusiasts, 1991). [By the way, the identity of the original contributor was cited erroneously in RISKS-14.83. He is Steven D. Walter, of Bethlehem PA. Sorry for the error. Thanks to Steve for the SnailMail. PGN] ------------------------------ Date: Thu, 19 Aug 1993 13:34:23 -0700 From: Tsutomu Shimomura Subject: Remotely accessible answering machines may grant *too much* access Many telephone answering machines provide "remote access" features which permit the user to call and retrieve messages from elsewhere, often with the aid of a Touch-Tone(tm) telephone. There are often other functions provided, such as the ability to delete messages, change the outgoing message, and set various operating parameters for the machine. Some minimal degree of security is usually provided, typically a short "security code" to be sent via Touch-Tone to authenticate the user. The short "security code" is justified as a compromise between user convenience and security; after all, the worst thing that might reasonably happen is that someone else might retrieve and delete your messages, right? The ability to change the outgoing message, in combination with the in-band signalling used in analog telephone systems, poses some interesting opportunities beyond the obvious juvenile pranks. If I have "cracked" the "security code", it is likely a simple matter to record an outgoing message which includes in-band signalling information (e.g., Touch-Tones) designed to be sent upon receipt of dialtone. Next, I must arrange for dialtone into which the answering machine can play its message; this can be accomplished by calling the machine and disconnecting just before it answers. We now have a manifestation of the classic telephone line "glare" race condition: the "answerer" does not realize that it is really an "originator", and has just initiated a call. Numerous applications suggest themselves. The simplest are ones involving messages which call revenue-generating numbers (e.g., 1-900 for those of you in the NANP) or long distance call-forwarding for toll fraud purposes. A more interesting possibility is the use of the answering machine as an "anonymous" messaging device. Suppose that the outgoing message is modified to dial a number, pause for an answer, and play a (voice) message? Having delivered its spiel, the machine will dutifully record a message from the called party. The answering machine can then be called in the "usual" manner and the message retrieved and erased. BTW, this *has* actually been tested, and found to work as described. ISDN (out-of-band signalling), anyone? Perhaps we really need auditing and intrusion detection systems for home appliances ... Note: If you work for an RBOC, you aren't allowed to use this note as a sales pitch for your CO-based voice-mail offerings. Oh yeah, and if you're a kidnapper, you can't use this to deliver your ransom note! ;-) Tsutomu Shimomura tsutomu@ucsd.edu +1 619 534 5050 University of California at San Diego/San Diego Supercomputer Center, USA ------------------------------ Date: Fri, 20 Aug 93 16:04:10 -0500 From: Gene Spafford Subject: ATM Scam (RISKS-14.60 to 74) In recent RISKS, there have been some details on the fake ATM being set up in a shopping mall in New Haven. Last week at the 5th FIRST Incident Response Workshop, an agent of the Secret Service regaled the audience with some details of the case: * Several people were arrested * One has admitted everything and is cooperating with authorities * over 300 accounts at over 50 banks were hit by the counterfeit cards * over 100K in fraudulent charges were made with the captured cards This was not an isolated incident, but the latest in a 12-year string of fraud activity that may have netted over 12 million dollars. Included in this past history were computer-assisted forgeries of stocks, bonds, passports, military IDs, and even law enforcement IDs. On several occasions the people involved used forged ID documents to carry guns on-board airplanes. [5th FIRST? Perhaps they drank a 5th FIRST? PGN] ------------------------------ Date: Wed, 18 Aug 93 10:12:33 -0400 From: fpst@hubcap.clemson.edu (Steve Stevenson) Subject: High-speed password matching cross-post request from comp.parallel To: comp-parallel@uunet.UU.NET Newsgroups: comp.risks From: unijbm@uts.uni-c.dk (J|rgen B. Madsen) Subject: World record in password checking Organization: UNI-C, Danish Computing Centre for Research and Education Date: Wed, 18 Aug 1993 11:05:07 GMT Summary: World record in password checking A NEW WORLD RECORD IN PASSWORD CHECKING HAS BEEN SET: Roch Bourbonnais, a Thinking Machines Corporation engineer, has ported and optimized the CM/2 port of the UFC-crypt to a CM/5 system. The UFC-crypt (Ultra Fast Crypt) implementation on the CM/2 Connection Machine (parallel computer) is a UNIX password checking routine (crypt()) ported by Michael Glad at UNI-C. The port, that is written in CM-fortran, utilizes the CM/5 vector units and is partly programmed in cdpeac (vector unit assembly language). The package achieves 1560 encryptions/second/vector unit. This scales to 6,4 million encryptions per second on a large 1024 node machine. 800,000 - - - - - small 128 - - With this impressive performance, all combinations of 6 letters can be tried in less than an hour and all combinations of 6 lower-case letters can be tried in less than one minute. Congratulations, Jorgen Bo Madsen Jorgen Bo Madsen, Security Consultant UNI-C Lyngby, Danish Computing Centre for Research and Education DTH, Building 305, DK - 2800 Lyngby, Phone : +45-45-938355 Telefax: +45-45-930220 E-Mail : Jorgen.Bo.Madsen@uni-c.dk ------------------------------ Date: Fri, 20 Aug 93 21:19:47 DFT From: derrick@dms.corena.no (Derrick Everett) Subject: Re: Crash of JAS 39 Gripen I was in Stockholm the day after the JAS crash and read some of the local papers, which were mostly filled with speculation. The investigative commission has just made public their preliminary findings. I enclose a translation of a local newspaper report. >From Aftenposten (Oslo) 19 August 1993: JAS AIR CRASH: BOTH TECHNICAL AND PILOT ERROR Too rapid deflection in the control system and quick joystick movements by the pilot were the causes of the JAS accident in Stockholm on 8 August. The Crash Investigative Commission into the JAS accident during the Water Festival, with ten thousand spectators around the crash location, presented their provisional report yesterday and have concluded that the technology and the pilot together caused the accident. 'The JAS crash was caused by the control systems high amplification of joystick deflections in combination with the pilots large and rapid joystick movements. This caused margins of stability to be exceeded`, the report says. According to the Commission, 'the pilot flew below the minimum permitted altitude by an insignificant amount during the demonstration and exceeded by some amount the maximum permitted angle of attack.' The aircraft had no technical faults at the time of the accident and the motor continued to function normally right until the plane hit the ground. Everything happened very quickly: from the pilot losing control of the plane to his ejection and parachute descent took only 6.2 seconds. The unthinkable consequences that would have followed if the JAS plane had crashed into the crowd have led to renewed and intense debate both in the political arena and among the Swedish public, about whether the JAS program should continue. It has so far cost 22 billion crowns [3.2 billion dollars]. The Crash Investigative Commission asks the Air Force Chief of Staff to ensure that measures are taken to prevent any future occurrence similar to the JAS accident. When this has been done, the Commission expect there to be no reason for continued grounding of the JAS 39 Gripen, the report adds. But discussion continues about adding some inertia to the control system. The JAS project (JAS stands for search, attack, reconnaisance [jakt, angrep, spaning]) was announced in 1979 as the Swedish Defence Forces pride and an aircraft for the 1990s, even the leading edge of Swedish technological exports in military equipment. Both before and after the first aircraft left the production line this year, everybody from King Carl Gustaf through Prime Minister Carl Bildt to Defence Minister Anders Bjoerck done everything short of walking on their hands to get the plane sold to other countries. The Swedish establishment could hardly have received a more direct smack in the face. In aircraft jargon, what happened to the JAS plane on that fatal Sunday over Vaesterbron in the centre of Stockholm is called, 'Pilot Induced Oscillations (PIO)' - the pilots hand movements led to violent banking [actually, it looked more like pitching] of the plane. During the upswing, the nose of the aircraft came up too far, and so the pilot pushed the joystick forward to level the plane. At this, the nose came down but by more than the pilot had intended, because the control mechanism is so fine-tuned that even the smallest movement gives a large deflection. This has previously been the source of problems in the advanced JAS project. To stop the nose dropping too far, the pilot pulled back the joystick - at the same time as the computer [actually, a set of three processors] had given signals to lift the nose. The combined signals from the computer system and the joystick led to uncontrolled oscillation that became a vicious circle of signals and counter-signals until the aircraft was totally out of control. Because the plane was at a low altitude, there was no time to correct from the instability. A few comments might be added from reading the Swedish newspapers. The JAS 39 Gripen is deliberately unstable. There are no ailerons on the main wings, but instead a pair of smaller wings located forward are used to actively correct the attitude of the aircraft. These are under the control of the three digital computers that presumably co-operate by majority voting. This system has to respond to signals within 200 milliseconds in order to maintain stability. If the digital system is disconnected, an analogue backup system ensures that the plane flies level but it is not then possible to manouevre. Since the centre of gravity lies behind the centre of lift, there is a tendency to lift the nose when control is lost. Derrick Everett, Life*CDM Project Manager. CORENA A/S, Asker, Norway. ------------------------------ Date: Thu, 12 Aug 93 02:47 EDT From: Hiller@DOCKMASTER.NCSC.MIL Subject: Risks of coming mass-communication capabilities After reviewing several of the recent RISKS forum entries (Clipper articles, reports, etc.), I noticed that even these items quickly referenced the upcoming explosions of technology and capability being promised to us by AT&T, Time/Warner, MCI, and others. Along with the general trends coming through fruition of ISDN as well as these various cable and fiber based commercial offerings, which have been well-documented in newspapers and the like, I have been continually searching for a shred of evidence that ANYONE is pausing to look at the security and public policy issues that such offerings are bound to tax to the limit. Through all the various channels, the RISKS forum included, it is clear that there is tremendous risk involved in such implementations. As our society is introduced to such capabilities, we will surely become orders of magnitude more dependent on information technology than we are today. Yet, we are light-years behind the capability curve in terms of protecting ourselves or even pretending to know how. Is anyone, commercially, governmentally, or otherwise looking at these impacts and advising the providers of these services on how to proceed I'd be very interested to find out what sorts of steps anyone is taking, and the rapidity with which they are taking them. Please direct any such information to Hiller@DOCKMASTER.NCSC.MIL . Thanks! Jim Hiller ------------------------------ Date: Tue, 17 Aug 93 20:06:53 EST From: wizard@moz.hookup.net Subject: Re: Computers Dialing 911 (Kabay, RISKS-14.93) In RISKS-14.83, Mich Kabay noted a cordless phone accidentally dialing 911. That reminded me of two incidents I'd like to share here. The first one occurred several years ago. I was doing technical support for a local software company. One of our users had a problem, and we were trying to get her to upload the problem to our BBS, so we could attempt to solve it. She was unfamiliar with telecomunication software, but had copied the directory off of her machine at work. She set up the modem, and the software, and entered the number to dial (1 519 ... ....). Nothing seemed to happen. She tried again, several times. We were talking to her on a second phone line, when there was a loud knock on her door. She answered it, and there were a large number of police at the door! Apparently, the software had been configured to use the PBX at work, and all number's were prefixed with a 9 (for an outside line), and a 1 (for long distance). She had dialed 911 5 or 6 times! The second incident occurred several weeks ago. A friend of mine runs a local BBS, and has set up a Call-Back-Verifier, to assure that people give there real phone number. Some one called in, and gave 911 as his number, hoping the BBS would call it, and bring the cops in. Fortunately, my friend was watching at the time, and has since added 911 to the list of forbidden numbers. Mark ------------------------------ Date: Thu, 19 Aug 1993 03:59:19 GMT From: jgro@netcom.com (Jeremy Grodberg) Subject: Good news from the front lines As we've heard over and over, our Social Security numbers are being used in dangerous ways. One particular example is that they are often used as authenticators in telephone transactions with financial institutions. In the past, it has been difficult to impossible to convince these institutions to use alternate authenticators, but I want to report that I have seen some progress. Two years ago I sent a nastygram to Citibank complaining about them using my SSN to verify my identity in telephone transactions involving my credit card, and was told, in essence, "we don't have any alternative." Recently, I tried again, and found that not only Citibank, but also Chase, AT&T, and Bank of America will all accept alternate authenticators, at least in their credit card operations, in the guise of "Mother's Maiden Name", which can be any single pronounceable codeword. This is progress. As for how I went about establishing this new protection, there were varying degrees of security. Citibank took the codeword over the phone, with only my SSN and account info as verification. BofA also took the new codeword over the phone and only required a little more info than Citibank, but nothing that wasn't on my monthly statement (if memory serves). Chase required the change in writing, required nothing but the account number in the letter, but did mail me a notification that the codeword had been changed. AT&T sent me a form to fill out to authorize the new codeword, although I don't know if they would have accepted a regular letter. For those of you keeping score, IMHO AT&T in general, as in this particular case, seems to have the best security. At least the others are catching on. Jeremy Grodberg jgro@netcom.com ------------------------------ Date: Thu, 19 Aug 1993 15:45:40 -0700 From: pagre@weber.ucsd.edu (Phil Agre) Subject: Gideon Kunda, Engineering Culture Risks readers may be interested in Gideon Kunda's book "Engineering Culture: Control and Commitment in a High-Tech Corporation" (Temple University Press, 1992). It's an ethnographic study of a "corporate culture" program at a real but pseudonymous high-tech firm that Kunda calls "Tech". Immense effort goes into designing the symbolic aspects of work at Tech, including new-employee orientations, the ritual aspects of meetings, slogans and posters, company history, and so forth. Kunda gives many examples of these things and has some fascinating things to say about them, and particularly about the phenomenon of "burnout" among Tech employees. A longer review of Kunda's book is available in issue #4 of the CPSR journal CPU, which can be obtained by ftp to cpsr.org in the directory /cpsr/work. To subscribe, send a message to listserv@cpsr.org with a blank subject and a single line in the body of the message: SUBSCRIBE CPSR-CPU Phil Agre, UCSD ------------------------------ Date: Fri, 20 Aug 1993 16:32:47 +0200 From: Klaus Brunnstein Subject: Virus Catalog: new edition Computer Virus Catalog update July/August 1993 With it's July/August 1993 edition, Computer Virus Catalog describes more forms of Malicious Code = MalCodes (including chain letters, time bombs, trojan horses, viruses and worms) on multiple platforms (IBM and compatible PCs, Macintosh, IBM-MVS/VM, UNIX, Amiga and Atari). Presently, ***340 MalCodes*** have been classified active on 6 platforms: Amiga: 92 Viruses, 1 Trojan, 5 TimeBombs Atari: 20 Viruses Macintosh: 35 Viruses, 2 Trojans MSDOS: 172 Viruses, 6 Trojans, 3 Virus Generators MVS/VM: 1 Chain Letter UNIX: 2 Viruses, 1 Worm Entries for UNIX Internet Worm and IBM-VM CHRISTMA.EXEC are yet experimental (in "old" CVC format 1.2). A generalized format (2.0) for the Computer MalCode Catalog will be available, including descriptions of DEC-VMS worms (Father Christmas, WANK and OILZ), with next edition (planned: December 1993). New CVC entries are available in ASCII, and all entries are available either via CVBASE.EXE (the electronic edition of CVC, for PCs) or as compressed (PKZIPPED) files. See Virus Test Center's FTP site. The July/August 1993 CVC edition describes the following MalCodes: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Macintosh: 3 new viruses: INIT 17, INIT M = WDEF M, MerryXmas Hypercard virus IBM/compatible PCs: 26 new MalCodes: 25 new viruses: (Goddam) Butterflies, Chinese_Fish=Fish Boot, Clone, Dec_Year=Last_Year(.604), Dudley, F-Word, Gnat (1.0), Horns, Invisible, Involuntary, Junior, Little Red, Loren, Mabuhay, Nguyen, No_Int=Stoned.No_Int.A (Stoned Strain), Peter, QRRY, Requires=Requires.981=Demise=Later, RMBD, Runtime=Runtime-err412, Su=Susan, Terminator II, Tonya, Warlock Virus. 1 Virus Generator: PS-MPC G2 Virus Generator Update: Parity_Boot (A-C)=P-Check Virus (Parity_Boot Strain), 14 Minimal viruses renamed Trivial viruses. Amiga: 24 new MalCodes: 19 viruses: AMIGA KNIGHT, CCCP, COMPUPHAGOZYTE 1 (CompuPhagozyte Strain), CRIME'92, DARTH VADER (V1.1), FICA, HOCHOFEN=TRABBI, SADDAM_BOOT, SCA.D&A_dropper=SCA Dos kill=D&A (SCA Virus Strain), TOMATES GENTECHNIC, TURK, VIRCONSET2, WARSHAW AVENGER Virus and the following SADDAM Strain viruses: SADDAM (Hussein)=IRAK=DISK-Validator, SADDAM.ANIMAL, SADDAM_FILE, SADDAM.KICK, SADDAM.LOOM, SADDAM.NATO, SADDAM.RISK, SADDAM.][ Virus 1 Trojan dropper: TURK Color Dropper Trojan 4 (Time) Bombs: EXCREMINATOR_1, STARLIGHT, TIMEBOMB_09, VIRUSTEST_BOMB_936 Bomb UNIX: 1 new virus, 1 worm (experimental): 1 virus: VMAGIC virus 1 worm: INTERNET worm IBM-MVS/VM: 1 chain letter (experimental): CHRISTMA.EXEC (G1,G2) The following files may be downloaded from our ftp site: INDEX.793 (36 kBytes): Overview of CVC entries AMIGAVIR.793 (92 kBytes): new Amiga viruses MACVIR.793 (18 kBytes): new Mac viruses MSDOSVIR.793 (84 kBytes): new MSDOS viruses (part 1) MSDOSVIR.893 (77 kBytes): new MSDOS viruses (part 2) MVSVIR.793 (8 kBytes): CHRISTMA.EXEC chain letter UNIXVIR.793 (11 kBytes): VMAGIC, INTERNET worm The following files contain ALL entries published in the respective domain (since July 1989) in compacted (PKZIPPED) form: AMIGAVIR.ZIP All Amiga viruses ATARIVIR.ZIP All Atari viruses MACVIR.ZIP All Mac viruses MSDOSVIR.ZIP All MSDOS viruses MVSVIR.ZIP (=MVSVIR.793 PKzipped) UNIXVIR.ZIP (=UNIXVIR.793 PKzipped) Virus Test Center's FTP site: ftp.informatik.uni-hamburg.de Address: 134.100.4.42 login anonymous; password: your-email-address; directory: pub/virus/texts/catalog Any assistance and helpful critical remarks are appreciated. Klaus Brunnstein, University of Hamburg, Faculty for Informatics Virus Test Center, 18 Aug 1993 ------------------------------ Date: 18 Aug 93 06:31:20 EDT From: "Mich Kabay / JINBU Corp." <75300.3232@compuserve.com> Subject: InfoWar announcement INFOWARFARE '93: 1st NCSA Conference in Canada 15 September 1993, Meridien Hotel, Montreal, Quebec ------------------------------FRENCH IN AM----------------------------- 08:45-09:15 Introduction, probleme de la securite des reseaux (NCSA,MK) 09:15-09:45 Les lecons du desastre World Trade Center (Samson Belair Deloitte Touche Ross) 09:45-10:30 Video et cafe 10:30-11:00 Desastres legaux (Bourse de Montreal) 11:00-11:15 Fraude a distance: teleraude et reseaux (MK) 11:15-12:00 Table ronde: Mesures contre la fraude telephonique (BELL, CANTEL, NORTHERN TELECOM) -----------------------------ENGLISH IN PM----------------------------- 12:00-13:15 --lunch for all-day attendees-- [ROYAL BANK: ATM fraud] 12:30-13:15 Registration for PM only 13:15-14:30 Information Warfare (Winn Schwartau) 14:30-15:15 Panel discussion: IW today (DND, RCMP, MoJ, SG, HQ, GSC) 15:15-15:30 Coffee and videos 15:30-16:15 Panel: Convincing upper mgmt (ASM,ASIMM,AVIMM,ISSA,CAAST) 16:15-16:30 Closing remarks (NCSA) Costs: AM or PM only $105 Lunch only $ 60 All day incl lunch $225 Members of the NCSA, ASM, ASIMM, AVIMM, ISSA: 10% discount For more info: phone 514-931-6187; fax 514-931-0878; email 75300,3232. Michel E. Kabay, Ph.D., Director of Education, National Computer Security Assn Jinbu, P.O. Box 509 Westmount, Montreal, Quebec H3Z 2T6 CANADA (514) 931-6187 ------------------------------ End of RISKS-FORUM Digest 14.85 ************************