Softpanorama Bulletin

April-June 1998; v.10. No. 2 (0a1) Compiled by N.Bezroukov


Softpanorama Data Security Review


Fighting Pornography on the NET

No freedom of press defense in porn trial

A federal judge on Monday barred a National Public Radio reporter from invoking the First Amendment during his trial on charges of receiving pornographic images of children over the Internet while researching a story on the subject, the Associated  Press reported Thursday. "The law is clear that a press pass is not a license to break the law," the AP quotes U.S. District Judge Alexander WIlliams Jr. as saying.  See ZDNNews News Bursts for additional information.


Cryptography

GNUPG is "a free replacement for PGP.

GNUPG is a complete and free replacement for PGP. Main WEB site is GNUPG - The GNU Privacy Guard

Because it does not use IDEA or RSA it can be used without any restrictions. GNUPG is in most aspects compatible with the OpenPGP draft.

The current code works stable on GNU/Linux systems. You can download release 0.3.0 (566k) from the GUUG FTP site or get the latest diff against 0.2.19 (95). There is a GNUPG signature for this file. Because this leads to a chicken-and-egg problem, there is a PGP signature too. Precompiled binaries maybe available here. A version for windoze (108k) is available, but it should not be used for real work.


Insiders are the main threat

Omega Engineering learned firsthand the dangers of the disgruntled employee after a logic bomb wiped out all of its research, development, and production programs in one fell swoop. (The tape backup also was destroyed.) In January, charges were filed against 31-year-old Timothy Lloyd, an Omega programmer, for placing the bomb on the network, which detonated 10 days after his termination.

Omega's costs will likely exceed $10 million as engineers and designers rewrite designs and recode programs in what Jim Ferguson, an Omega representative, says will be "an ongoing process for several years." Omega, headquartered in Stamford, Conn., is a privately held company that manufactures measuring devices for agencies such as NASA and the U.S. Navy.

Source: InfoWorld


Macro viruses are in decline
  more mergers and acqisitions in the AV industry
Network Associates bought Dr.Solomon;
Symantec bought IBM Antivirus

Recently Network Associates (of McAfee fame) bought Dr.Solomon in a stock swap deal for an estimated $640 million.

The hidden agenda is that it is very difficult to AV vendor to survive now, unless it has a monopoly in a one or several local markets. File viruses are now quite rare. Macro viruses became a prevalent type of computer viruses,  but they are also in danger, as Office 97 provides some (limited) virus protection and disinfection during conversion of old Word Basic to VBA. So interest in AV protection from large corporations and users now on its several year low and revenues are not that great.

In such a difficult additional mergers are emminent. The fact that Network Associates bought Dr.Solomon means that McAfee can ship a decent product instead of his own not very impressive scanner.

Symantec called Network Associates' acquisition of Dr.Solomon a reaction to his company's purchase of IBM's antivirus line (last month, Symantec announced it will buy IBM's line of antivirus products.)


F-Secure Anti-Virus Macro Control -- the first macro virus integrity checker

For some strange reason anti-virus companies were very unsuccessful in fighting macro viruses and technology that use until probably end of 1997 was very weak. It is amazing but some product used CRC for detection of macro viruses and some AV researchers even claim that as achievement. This approach of course lead to proliferation of the number of "strains" of known macro viruses (with Vesselin Bonchev as the chief "classification officer" :-), but in proactive was very unproductive and required frequent updates.

Now several more or less decent approached emerged. One is to improve detection using heuristics which was long overdue and the second is to use intergity checker.

Data Fellows F-Secure Anti-Virus Macro Control for NT is probably the first attempt to implement an integrity checker for macro viruses. F-Secure Macro Control have a list of trusted macros and check all document for presence of non-trusted macros.

A typical organization would only have a limited number of macros that relate to their business. These are easy to certify, as the persons responsible for writing macros for in-house would be able to easily identify the approved corporate macros. These macros are not frequently  change once they were deployed throughout the organization.

 


Robert Morris (who wrote Internet Worm)
became a millionaire

He (with several others) founded Viaweb and after last week's $49 million takeover of Cambridge's Viaweb by Yahoo! own more than a millon (on paper).  Viaweb officials say that the name Viaweb, and its popular Viaweb Store, will disappear.

See http://nytsyn.com/IMDS%7CLatest_Columns%7Cread%7C/home/content/users/imds/feeds/nytsyn/1998/06/15/cndin/9251-0249-pat_nytimes%7C/home/content/users/imds/feeds/nytsyn/1998/06/15/cndin/9255-0253-pat_nytimes%7C/home/content/users/imds/feeds/nytsyn/1998/06/15/cndin/9240-0236-pat_nytimes%7C%7C

for addtional details


Bell Labs Bell Labs Researcher Finds Flaw in Widely Used Encryption Standard


Copyright 1998, Nikolai Bezroukov. Standard disclaimer applies. As long as this copyright notice is preserved, and any changes are clearly marked as such, the author gives his consent to republish and mirror this text.