Copy Link
Add to Bookmark
Report

Computer Undergroud Digest Vol. 09 Issue 24

  


Computer underground Digest Tue Mar 25, 1997 Volume 9 : Issue 24
ISSN 1004-042X

Editor: Jim Thomas (cudigest@sun.soci.niu.edu)
News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)
Archivist: Brendan Kehoe
Shadow Master: Stanton McCandlish
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Ian Dickinson
Field Agent Extraordinaire: David Smith
Cu Digest Homepage: http://www.soci.niu.edu/~cudigest

CONTENTS, #9.24 (Tue, Mar 25, 1997)

File 1--Coup-d-etat on the Internet around Usenet hierarchy <gov.*>?
File 2--SANS Network Security Digest vol.1, No.2
File 3--Cu Digest Header Info (unchanged since 13 Dec, 1996)

CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN
THE CONCLUDING FILE AT THE END OF EACH ISSUE.

---------------------------------------------------------------------

Date: Mon, 17 Mar 1997 10:25:05 -0500
From: Paul Kneisel <tallpaul@nyct.net>
Subject: File 1--Coup-d-etat on the Internet around Usenet hierarchy <gov.*>?

On Sun, 16 Mar 1997 23:54:39 GMT, tale@isc.org (David C Lawrence)
<858556478.926@isc.org> wrote announcing the creation of a new
meta-hierarchial group under the <gov.*> hierarchy.:

I, like many others, have not followed every discussion on <news.groups> as
closely as I could have.

But I do not recall reading or seeing any Request For Discussion document
filed in <new.groups> or <news.groups.announce> for the creation of such
changes. Nor do I recall seeing any Call For Votes document for such a
massive change in the hierarchy.

I certainly could have missed such RFDs and CFVs.

But, assuming that I did not miss them because neither was ever issued, am
I the only one to see in the sudden creation of <gov.*> a slippery slope of
globally massive dimensions whereby the U.S. and inferentially other
governments just launched a info-war coup-d-etat on UseNet in particular
and the Internet in general?

[END TALLPAUL INSERT]




[BEGIN LAWRENCE INSERT]

Newsgroups--news.announce.newgroups,news.groups,news.admin.hierarchies
Subject--ANNOUNCE--GovNews gov.* hierarchy started for government information
Followup-To--news.admin.hierarchies
Message-ID--<858556478.926@isc.org>
Approved--newgroups-request@isc.org
Archive-Name--other.articles/govnews
Date--Sun, 16 Mar 1997 23:54:39 GMT
Lines--282

-----BEGIN PGP SIGNED MESSAGE-----

The GovNews hierarchy, gov.*, is a new framework for exchange of
public information at all levels of government around the world via
the Internet. It is a tool to improve communication to the government,
from the government, and between various governmental bodies by
providing both announcement channels and topical discussion groups.

Users can currently access the hierarchy via the NNTP server at
news.govnews.org. Many major sites, including AOL, AT&T, BBN Planet,
CompuServe, MCI, Sprint and UUNET, are also already carrying and
feeding the initial set of gov.* newsgroups, and it is listed in
<URL:ftp://ftp.isc.org/pub/usenet/CONFIG/active>.

The GovNews Project workers ask news administrators to please carry
this new hierarchy at their own sites as their resources allow. The
volume of the hierarchy is expected to be roughly that of comp.* or
rec.* --- far less than that of alt.binaries.*, since the majority of
traffic will be non-binary messages.

This message contains all the information news administrators need to
create the hierarchy at their own sites. Below is the PGP information
(see <URL:ftp://ftp.isc.org/pub/pgpcontrol/README.html>) for gov.*
control messages. Following it is a list of the initial set of
newsgroups for gov.*, with their descriptions. It is suitable for
input to INN's "docheckgroups" or C News's "checkgroups" scripts, or
can be suitably massaged on other systems to generate the list of
groups to add. Please note that many are moderated.

Additional information about the GovNews Project can be found at
<URL:http://www.govnews.org/govnews/>.

Thank you for your interest.

Control message PGP Signing Information:

Control message sender--gov-usenet-announce-moderator@govnews.org
Key User ID--gov.usenet.announce
Administrative group--gov.usenet.announce
Check also:
+ http://www.govnews.org/govnews/site-setup/gov.pgpkeys
+ pgp-public-keys@pgp.ai.mit.edu
("Subject--GET 0x7FFD7855", empty body)

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version--2.6.2

mQCNAzG6NYoAAAEEAOC2bDAFQlM5l81+WgWjJErVSCDeEyk+gzLionO42/CcC4Wm
eLgCLhl6y4OywoCDipYgOta0FG/dOMP9zTHaptc6HQJ2C+7rlWtSIn/g+Z4skgsP
SK2JbHe6FCPUphkV7MZ9iwOeTWpGeVo7T+ujSFRRd4dVk5ap2izi3FB//XhVAAUR
tBNnb3YudXNlbmV0LmFubm91bmNliQCVAwUQMwnq+Czi3FB//XhVAQFYxQQA1IGF
oFena1a9SI3lC9clkRr9w5nF7y4hh7T0DRg6M6r4naiegmisPFqvM1j8dnC3tU6x
5Vz1ATsP/Uu1GFecJ31u55m+N6pMrv56pqivK5PxV3PbEKV/9fHUT7o/2vsw3wge
AmsQ590GSur09cpxSY0TAU/hMQlK0FkN4jnGrAQ=
=rTFC
- -----END PGP PUBLIC KEY BLOCK-----

Thus, INN's control.ctl file would have lines like these:

newgroup:gov-usenet-announce-moderator@govnews.org:gov.*:verify-gov.usenet.a
nnounce
rmgroup:gov-usenet-announce-moderator@govnews.org:gov.*:verify-gov.usenet.an
nounce
checkgroups:gov-usenet-announce-moderator@govnews.org:gov.*:verify-gov.usene
t.announce

Newsgroups file lines:

gov.org.admin.financenet FinanceNet - information on public financial
management. (Moderated)
gov.org.g7.announce Announcements on G7 activities. (Moderated)
gov.org.g7.environment G7 Environment and Natural Resources Project.
(Moderated)
gov.org.g7.misc General G7 related discussions. (Moderated)
gov.topic.admin.finance.accounting Public accounting. (Moderated)
gov.topic.admin.finance.asset-liab-mgt Asset-liability management. (Moderated)
gov.topic.admin.finance.audits Financial audits of government agencies.
(Moderated)
gov.topic.admin.finance.budgeting Appropriations and budgeting management.
(Moderated)
gov.topic.admin.finance.calendar Calendar of public finance events.
(Moderated)
gov.topic.admin.finance.int-controls Internal financial controls. (Moderated)
gov.topic.admin.finance.misc General public finance topics. (Moderated)
gov.topic.admin.finance.municipalities Municipal financial issues. (Moderated)
gov.topic.admin.finance.news General government finance news. (Moderated)
gov.topic.admin.finance.payroll Government payroll issues. (Moderated)
gov.topic.admin.finance.perf-measures Financial performance measures.
(Moderated)
gov.topic.admin.finance.policy Government financial policy. (Moderated)
gov.topic.admin.finance.procurement Procurement management. (Moderated)
gov.topic.admin.finance.reporting Financial statements & reporting.
(Moderated)
gov.topic.admin.finance.state-county State and county financial issues.
(Moderated)
gov.topic.admin.finance.systems Financial software and hardware systems.
(Moderated)
gov.topic.admin.finance.training Financial personnel & training. (Moderated)
gov.topic.admin.finance.travel-admin Travel administration. (Moderated)
gov.topic.admin.privatization Privatization of government, Public/Private
partnerships. (Moderated)
gov.topic.finance.banks Banking, monetary supply, currency exchange.
(Moderated)
gov.topic.finance.securities Securities, commodity futures, etc. (Moderated)
gov.topic.forsale.misc Miscellaneous government asset sales. (Moderated)
gov.topic.info.systems.epub Government use of electronic publishing.
(Moderated)
gov.topic.info.systems.year2000 Accomodating dates after the year 2000.
gov.topic.telecom.announce Telecommunications related announcements.
(Moderated)
gov.topic.telecom.misc Telecommunications- telephone, radio, TV, Internet.
(Moderated)
gov.topic.transport.air Aviation, aircraft, travel by air. (Moderated)
gov.topic.transport.misc General international transportation. (Moderated)
gov.topic.transport.navigation Navigation systems. (Moderated)
gov.topic.transport.rail Railroad transportation. (Moderated)
gov.topic.transport.road Transportation over roads, auto safety, mass
transit. (Moderated)
gov.topic.transport.shipping International shipping and package delivery.
(Moderated)
gov.topic.transport.water Maritime related issues, transportation over
water. (Moderated)
gov.us.fed.cia.announce Central Intelligence Agency announcements. (Moderated)
gov.us.fed.congress.announce Announcements about Congress. (Moderated)
gov.us.fed.congress.bills.house Bill text from the House. (Moderated)
gov.us.fed.congress.bills.senate Bill text from the Senate. (Moderated)
gov.us.fed.congress.calendar.house House calendar of activities. (Moderated)
gov.us.fed.congress.calendar.senate Senate calendar of activities. (Moderated)
gov.us.fed.congress.discuss Followup discussions on Congress. (Moderated)
gov.us.fed.congress.documents Congressional documents. (Moderated)
gov.us.fed.congress.gao.announce Announcements about the Government
Accounting Office. (Moderated)
gov.us.fed.congress.gao.decisions Decisions from the Comptroller General.
(Moderated)
gov.us.fed.congress.gao.discuss Discussion on the Government Accounting
Office. (Moderated)
gov.us.fed.congress.gao.reports Reports from the Government Accounting
Office. (Moderated)
gov.us.fed.congress.record.digest Digest from the Congressional Record.
(Moderated)
gov.us.fed.congress.record.extensions Extension of remarks in the
Congressional Record. (Moderated)
gov.us.fed.congress.record.house House pages from the Congressional Record.
(Moderated)
gov.us.fed.congress.record.index Index to the Congressional Record.
(Moderated)
gov.us.fed.congress.record.senate Senate pages from the Congressional
Record. (Moderated)
gov.us.fed.congress.reports Congressional reports. (Moderated)
gov.us.fed.courts.announce U.S. Courts announcements. (Moderated)
gov.us.fed.dhhs.announce Department of Health and Human Services
announcements. (Moderated)
gov.us.fed.dhhs.fda.announce Food and Drug Administration announcements.
(Moderated)
gov.us.fed.dhhs.ssa.announce Social Security Administration announcements.
(Moderated)
gov.us.fed.doc.announce Department of Commerce announcements. (Moderated)
gov.us.fed.doc.cbd.awards Contract awards in Commerce Business Daily.
(Moderated)
gov.us.fed.doc.cbd.forsale Surplus Property Sales in Commerce Business
Daily. (Moderated)
gov.us.fed.doc.cbd.notices General notices in Commerce Business Daily.
(Moderated)
gov.us.fed.doc.cbd.solicitations Procurement solicitation in Commerce
Business Daily. (Moderated)
gov.us.fed.doc.cbd.standards Foreign standards notices in Commerce Business
Daily. (Moderated)
gov.us.fed.doc.census.announce Census Bureau announcements. (Moderated)
gov.us.fed.doc.noaa.announce National Oceanic and Atmospheric
Administration announcements. (Moderated)
gov.us.fed.dod.announce Department of Defense announcements. (Moderated)
gov.us.fed.dod.army.announce Department of the Army announcements. (Moderated)
gov.us.fed.dod.navy.announce Department of the Navy announcements. (Moderated)
gov.us.fed.dod.usaf.announce Department of the Air Force announcements.
(Moderated)
gov.us.fed.doe.announce Department of Energy announcements. (Moderated)
gov.us.fed.doi.announce Department of the Interior announcements. (Moderated)
gov.us.fed.doj.announce Department of Justice announcements. (Moderated)
gov.us.fed.dol.announce Department of Labor announcements. (Moderated)
gov.us.fed.dot.announce Department of Transportation announcements.
(Moderated)
gov.us.fed.dot.faa.announce Federal Aviation Administration announcements.
(Moderated)
gov.us.fed.dot.nhtsa.announce National Highway Traffic Safety
Administration announcements. (Moderated)
gov.us.fed.dot.uscg.announce United States Coast Guard announcements.
(Moderated)
gov.us.fed.ed.announce Department of Education announcements. (Moderated)
gov.us.fed.eop.announce Executive Office of the President announcements.
(Moderated)
gov.us.fed.eop.white-house.announce The President and White House Staff
announcements. (Moderated)
gov.us.fed.epa.announce Environmental Protection Agency announcements.
(Moderated)
gov.us.fed.fcc.announce Federal Communications Commission announcements.
(Moderated)
gov.us.fed.fdic.announce Federal Deposit Insurance Corporation
announcements. (Moderated)
gov.us.fed.fema.announce Federal Emergency Management Agency announcements.
(Moderated)
gov.us.fed.ferc.announce Federal Energy Regulatory Commission
announcements. (Moderated)
gov.us.fed.fmc.announce Federal Maritime Commission announcements. (Moderated)
gov.us.fed.frs.announce Federal Reserve System announcements. (Moderated)
gov.us.fed.gsa.announce General Services Administration announcements.
(Moderated)
gov.us.fed.hud.announce Department of Housing and Urban Development
announcements. (Moderated)
gov.us.fed.nara.announce National Archives and Records Administration
announcements. (Moderated)
gov.us.fed.nara.fed-register.announce Announcements about the Federal
Register. (Moderated)
gov.us.fed.nara.fed-register.authoring Discussion for Federal Register
authors. (Moderated)
gov.us.fed.nara.fed-register.contents Contents and Indexes of the Federal
Register. (Moderated)
gov.us.fed.nara.fed-register.corrections Corrections in the Federal
Register. (Moderated)
gov.us.fed.nara.fed-register.notices Notices in the Federal Register.
(Moderated)
gov.us.fed.nara.fed-register.presidential Presidential Documents in the
Federal Register. (Moderated)
gov.us.fed.nara.fed-register.proposed-rules Proposed Regulations in the
Federal Register. (Moderated)
gov.us.fed.nara.fed-register.rules Rules and Regulations in the Federal
Register. (Moderated)
gov.us.fed.nasa.announce National Aeronautics and Space Administration
announcements. (Moderated)
gov.us.fed.nasa.ksc.announce NASA Kennedy Space Center specific
announcements. (Moderated)
gov.us.fed.nrc.announce Nuclear Regulatory Commission announcements.
(Moderated)
gov.us.fed.nsf.announce National Science Foundation announcements. (Moderated)
gov.us.fed.nsf.documents National Science Foundation documents. (Moderated)
gov.us.fed.nsf.grants National Science Foundation grant information.
(Moderated)
gov.us.fed.opm.announce Office of Personnel Management announcements.
(Moderated)
gov.us.fed.sba.announce Small Business Administration announcements.
(Moderated)
gov.us.fed.sec.announce Securities and Exchange Commission announcements.
(Moderated)
gov.us.fed.state.announce Department of State announcements. (Moderated)
gov.us.fed.treasury.announce Department of the Treasury announcements.
(Moderated)
gov.us.fed.treasury.irs.announce Internal Revenue Service announcements.
(Moderated)
gov.us.fed.usaid.announce US Agency for International Development, IDCA,
OPIC. (Moderated)
gov.us.fed.usaid.pib USAID Procurement Information Bulletin. (Moderated)
gov.us.fed.usda.announce Department of Agriculture announcements. (Moderated)
gov.us.fed.va.announce Department of Veterans Affairs announcements.
(Moderated)
gov.us.org.admin.aga Association of Government Accountants. (Moderated)
gov.us.org.admin.fasab Federal Accounting Standards Advisory Board.
(Moderated)
gov.us.org.admin.gfoa Government Finance Officers Association. (Moderated)
gov.us.org.info.ace Americans Communicating Electronically. (Moderated)
gov.us.org.info.ala American Library Association. (Moderated)
gov.us.topic.agri.farms Farming- growing crops, raising livestock. (Moderated)
gov.us.topic.agri.food Food production and distribution, nutrition of food.
(Moderated)
gov.us.topic.agri.misc General agricultural issues. (Moderated)
gov.us.topic.agri.statistics Detailed statistics on crop, livestock, and
food production. (Moderated)
gov.us.topic.ecommerce.announce Government electronic commerce
infrastructure announcements. (Moderated)
gov.us.topic.ecommerce.misc Discussions concerning government electronic
commerce. (Moderated)
gov.us.topic.ecommerce.standards Standards for government electronic
commerce. (Moderated)
gov.us.topic.emergency.alerts Important bulletins for immediate
broadcasting. (Moderated)
gov.us.topic.emergency.misc Natural disasters, recovery, prevention.
(Moderated)
gov.us.topic.energy.misc Generation and delivery of energy. (Moderated)
gov.us.topic.energy.nuclear Nuclear power and radioactive materials.
(Moderated)
gov.us.topic.energy.utilities Regulated utilities providing gas and
electricity. (Moderated)
gov.us.topic.environment.air Air quality, ozone, greenhouse gases, noise.
(Moderated)
gov.us.topic.environment.announce Announcements on environmental
protection. (Moderated)
gov.us.topic.environment.misc General environmental protection. (Moderated)
gov.us.topic.environment.toxics Hazardous material use, disposal, cleanup.
(Moderated)
gov.us.topic.environment.waste Waste disposal, recycling. (Moderated)
gov.us.topic.environment.water Water issues--drinking, irrigation, sewage.
(Moderated)
gov.us.topic.finance.banks Banking, monetary supply, currency exchange.
(Moderated)
gov.us.topic.finance.securities Securities, commodity futures, etc..
(Moderated)
gov.us.topic.foreign.news Selected news media reports from outside the US.
(Moderated)
gov.us.topic.foreign.trade.leads Information on trade opportunities
collected by US governments. (Moderated)
gov.us.topic.foreign.trade.misc Issues involving foreign trade,
importation, customs. (Moderated)
gov.us.topic.foreign.trade.statistics Detailed statistical reports on
import/exports. (Moderated)
gov.us.topic.gov-jobs.employee.issues Discussions on government employee
issues. (Moderated)
gov.us.topic.gov-jobs.employee.news News of interest to government
employees. (Moderated)
gov.us.topic.gov-jobs.hr-admin Human Resources administration. (Moderated)
gov.us.topic.gov-jobs.offered.admin Administrative job opportunities in
government. (Moderated)
gov.us.topic.gov-jobs.offered.admin.finance Jobs in public financial
management. (Moderated)
gov.us.topic.gov-jobs.offered.admin.ses Senior Executive Service job
opportunity. (Moderated)
gov.us.topic.gov-jobs.offered.announce Announcements on job hunting in
government. (Moderated)
gov.us.topic.gov-jobs.offered.clerical Clerical job opportunities in
government. (Moderated)
gov.us.topic.gov-jobs.offered.engineering Engineering related job
opportunities in government. (Moderated)
gov.us.topic.gov-jobs.offered.foreign Federal job opportunities located
outside the US. (Moderated)
gov.us.topic.gov-jobs.offered.health Medical and health related job
opportunities in government. (Moderated)
gov.us.topic.gov-jobs.offered.law-enforce Law enforcement job opportunities
in government. (Moderated)
gov.us.topic.gov-jobs.offered.math-comp Math and computer related job
opportunities in government. (Moderated)
gov.us.topic.gov-jobs.offered.misc Unclassified public sector job
opportunities. (Moderated)
gov.us.topic.gov-jobs.offered.questions Questions and answers on job
hunting in government. (Moderated)
gov.us.topic.gov-jobs.offered.science Physical sciences job opportunities
in government. (Moderated)
gov.us.topic.gov-jobs.offered.technical Technical job opportunities in
government. (Moderated)
gov.us.topic.grants.research Grant opportunities for research. (Moderated)
gov.us.topic.info.abstracts.cdrom Abstracts of new CD-ROM releases.
(Moderated)
gov.us.topic.info.abstracts.epub Abstracts of new publications available
electronically. (Moderated)
gov.us.topic.info.abstracts.infosystems Abstracts of new online systems and
services. (Moderated)
gov.us.topic.info.abstracts.print Abstracts of new publications available
in hard copy. (Moderated)
gov.us.topic.info.libraries.govdocs Government documents libraries.
(Moderated)
gov.us.topic.info.libraries.technology Library information technology
discussion. (Moderated)
gov.us.topic.info.policy.announce Announcements on government information
policy. (Moderated)
gov.us.topic.info.policy.misc Discussions on government information policy.
(Moderated)
gov.us.topic.law.pub-contract Lawyers discuss Federal public contract law.
(Moderated)
gov.us.topic.nat-resources.forests Forestry, logging and wood production.
(Moderated)
gov.us.topic.nat-resources.land Other uses of public land, e.g. grazing,
wetlands, watershed. (Moderated)
gov.us.topic.nat-resources.marine Fishing, aquaculture, marine sanctuaries.
(Moderated)
gov.us.topic.nat-resources.minerals Extraction and transportation of
minerals. (Moderated)
gov.us.topic.nat-resources.oil-gas Extraction and transportation of oil and
gas. (Moderated)
gov.us.topic.nat-resources.parks Public land for recreation & tourism,
museums. (Moderated)
gov.us.topic.nat-resources.wildlife Wildlife management, hunting. (Moderated)
gov.us.topic.statistics.announce Brief announcements on economic and
demographic statistics. (Moderated)
gov.us.topic.statistics.reports Detailed reports on economic and
demographic statistics. (Moderated)
gov.us.topic.telecom.announce Announcements on general telecom policy
issues. (Moderated)
gov.us.topic.telecom.misc Discussion on general telecom policy issues.
(Moderated)
gov.us.topic.transport.air Aviation, aircraft, travel by air. (Moderated)
gov.us.topic.transport.misc General transportation in the US. (Moderated)
gov.us.topic.transport.rail Railroad transportation. (Moderated)
gov.us.topic.transport.road Transportation over roads, auto safety, mass
transit. (Moderated)
gov.us.topic.transport.shipping International shipping and package
delivery. (Moderated)
gov.us.topic.transport.water Maritime related issues, transportation over
water. (Moderated)
gov.us.usenet.admin Discussion of gov.us news admin.
gov.us.usenet.announce Admin announcements. (Moderated)
gov.us.usenet.answers FAQs and periodic articles. (Moderated)
gov.us.usenet.control Control messages for US gov newsgroup changes.
(Moderated)
gov.us.usenet.groups Discussion of gov.us management.
gov.us.usenet.lists News related statistics and lists. (Moderated)
gov.us.usenet.questions Q & A for users new to gov.us newsgroups.
gov.us.usenet.software Discuss gov.us specific software.
gov.us.usenet.test Use in testing news software setups.
gov.usenet.admin Discussion of gov news admininstration.
gov.usenet.announce Admin announcements. (Moderated)
gov.usenet.answers FAQs and periodic articles. (Moderated)
gov.usenet.control Control messages for top gov newsgroup changes. (Moderated)
gov.usenet.groups Discussion of gov hierarchy management.
gov.usenet.lists News related statistics and lists. (Moderated)
gov.usenet.questions Q & A for users new to gov newsgroups.
gov.usenet.software Discuss gov news specific software.
gov.usenet.test Use in testing news software setups.

-----BEGIN PGP SIGNATURE-----
Version--2.6.2

iQCVAwUBMythp40r1Dwz5C7pAQH7DgQAn5gXkWrMohbh8BrNkhSyO8CIHDhhdmwz
8LltFPw6Yl3sbQo/yeMKk6FYCFxjkbJV4vmmEtC3Vdbbv72/MObT2IxbFByjSIWP
SOBhY15ICPvdAR+OElkH5cpabsdfuiOkoL1J8bacBRBhhxIMWXQPsSbMgJbVULgW
D4AV6M562B8=
=NN77
-----END PGP SIGNATURE-----

[END LAWRENCE INSERT]

------------------------------

Date: Sun, 16 Mar 1997 22:50:55 -0500 (EST)
From: SANS'96 Conference Office <sans@clark.net>
Subject: File 2--SANS Network Security Digest vol.1, No.2

| |
| The SANS Network Security Digest |
| Contributing Editors: |
| Michele Crabb, Matt Bishop, Rob Kolstad |
| Marcus Ranum, Gene Schultz |
--A Resource for Computer and Network Security Professionals---

CONTENTS
1) BUFFER OVERFLOW BUG DISCOVERED IN RLOGIN
2) LAYMAN's EXPLANATION OF BUFFER OVERFLOW
3) YASB - YET ANOTHER SENDMAIL BUG
4) SERIOUS BUG IN WU-FTPD V2.4
5) TWO NEW NT SECURITY MAILING LISTS GO ONLINE
6) VULNERABILITY DISCOVERED IN NT RPC CODE
7) COPS V1.04 STILL MOST POPULAR HOST-BASED AUDITING TOOL
8) MACRO VIRUS PROBLEM CONTINUES TO GROW
9) MICROSOFT'S MACRO VIRUS PROTECTION TOOL (MVTOOL): AV OR PR?10) THE
NEVER-ENDING HOAX VIRUSES

NON NEWS:
11) RECOMMENDATIONS PLEASE: MOST USEFUL COMMERCIAL TOOLS?


---------------------------------------------------------------
1) BUFFER OVERFLOW BUG DISCOVERED IN RLOGIN

Yet another program has fallen victim to the buffer overflow
vulnerability family. This vulnerability allows a user with
access to an account on the host to potentially overrun a buffer
and possibly execute programs as root on the local machine. Patches
are available from some vendors and CERT has provided a wrapper
program as a workaround. For more information, see

<ftp://ftp.cert.org/pub/cert-advisories/CA-97.06.rlogin-term>
---------------------------------------------------------------

---------------------------------------------------------------
2) A LAYMAN's EXPLANATION OF BUFFER OVERFLOW

Stack and buffer overflows? Still wondering what it all means?
Security vulnerabilities resulting from buffer overflow problems
are very common today. To see how common, see Aleph One's "Smashing
the Stack for Fun and Profit." It's a layman's explanation of the
inner workings of buffer overflow problems. The article is located at:

<http://www.geek-girl.com/bugtraq/1996_4/0195.html>

Recent victim program of the buffer overflow problem include:
sendmail, gethostbyname, syslog, Linux/FreeBSD mount, and rlogin.
---------------------------------------------------------------

---------------------------------------------------------------
3) YASB - YET ANOTHER SENDMAIL BUG

A new vulnerability concerning a buffer overflow in the MIME
section of code has been discovered in Sendmail versions 8.8.3
and 8.8.4. This vulnerability allows an external attacker to
possibly gain access to a local host. Version 8.8.5, corrects
this bug and several others found in earlier versions. It's
available at:

<ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.8.5.tar.gz>

Vendor patches for their versions of sendmail are available from
many of the vendors. Refer to the CERT advisory located at:

<ftp://info.cert.org/pub/cert_advisories/CA-97.05.sendmail>

Those of you who are unable to upgrade to the latest version
or cannot install the vendor patch right away, will find a useful
a workaround described in that CERT Advisory.
---------------------------------------------------------------

---------------------------------------------------------------
4) SERIOUS BUG IN WU-FTPD V2.4

A new, potentially serious flaw was discovered in the wu-ftpd code.
The flaw is present in version 2.4 as well as in the version
available form Academ. The problem has been corrected in the
Academ version 2.4.2-beta-12. The vulnerability may allow regular
and anonymous users to access files on your ftp server as root.
The problem lies in the signal handling section of the code. An
advisory sent out by AUSCERT on 1/29/97 advises that this particular
bug may also be present in some vendor versions as well. For more
information, refer to the AUSCERT advisory at:

<ftp://ftp.auscert.org.au/pub/auscert/advisory/\
AA-97.03.ftpd.signal.handling.vul>

---------------------------------------------------------------
5) TWO NEW NT SECURITY MAILING LISTS GO ONLINE

Has your beloved desktop UNIX box been replaced with an NT? Are
you concerned about what security problems may be lurking on this
new platform? Two new NT security discussions mail lists may help
you find all the answers you seek. The first, NTbugtraq was created
in the spirit of bugtraq mailing list. To subscribe, send a message
to Listserv@rc.on.ca with "SUB NTBUGTRAQ Your Name" in the text. The
second, hosted by ISS, is called ntsecurity. To subscribe send email to
request-ntsecurity@iss.net and in the text put "subscribe ntsecurity".
---------------------------------------------------------------

---------------------------------------------------------------
6) VULNERABILITY DISCOVERED IN NT RPC CODE

While we are discussing NT, does your new Pentium Pro 200MHZ
processor running NT seem v e r y s l o w . . . ? Perhaps the
RPC services running on your workstation have been confused and
are consuming all the CPU resources. Recent postings to the NT
security mailing lists discuss how RPC services running on
NT (3.51 and 4.0) can be confused by a simple telnet to TCP port
135 and typing more than 15 characters. Microsoft has a patch for
the problem. Refer to:

<ftp://ftp.microsoft.com/bussys/winnt/winnt-public/\
fixes/usa/nt40/hotfixes-postSP2/RPC-fix>
---------------------------------------------------------------

---------------------------------------------------------------
7) COPS V1.04 STILL MOST POPULAR HOST-BASED AUDITING TOOL

COPS is a UNIX security toolkit that analyzes your system security.
COPS version 1.04 still leads the charge for testing system
integrity and vulnerability level. Despite being several years
old, COPS continues to be an excellent public domain product for
examining group and password files, root environment and system
setup, user home directories, important system configuration files,
ftp setup and several miscellaneous problems. If you are already
using COPS, then you are well aware of the benefits provided.

If you are not yet using COPS, it makes sense to at least try it
out. You can find it at:

<ftp://ftp.cert.org/pub/tools/cops>

COPS is one of many tools described in Matt Bishop's latest course
on security tools which he will present at SANS97 in April.
See <http://www.sans.org/> for more information.
---------------------------------------------------------------

---------------------------------------------------------------
8) MACRO VIRUS PROBLEM CONTINUES TO GROW

The remorseless rise of the macro virus continues. The latest
Macro Virus List published by the Virus Test Centre at the
University of Hamburg lists 205 viruses, most of which are Word
viruses The list also includes ten Trojan Horses (malicious
programs which don't replicate) and five macro virus generators
(programs which allow the wannabe virus coder to 'create' viruses
without the hassle of actual programming).

The list is located at:

<ftp://ftp.informatik.uni-hamburg.de/pub/virus/macro/macrolst.96c>

The December WildList reports more than twenty macro viruses as
being in the wild. Another twenty or so made the Supplemental
List. The WildList gives some idea of which viruses are actually
in the wild by tracking virus incidents reported by at least two
of the of the 45 virus information professionals who participate in
the list. The Supplemental List includes viruses which only one of
these professionals has reported. The most common reports are of
WM.Concept.A (the original 'prank macro'), WM.Wazzu.A, and the
comparatively recent NPad (Jakarta).

The Wildlist also provides a listing of the most frequently reported
viruses (those reported by at least one-third of the 45 participants).

You can find the December Wildlist at two locations:

<ftp://ftp.ncsa.com/pub/virus/wildlist/>
<http://www.virusbtn.com/WildLists/>
---------------------------------------------------------------

---------------------------------------------------------------
9) Microsoft's Macro Virus Protection Tool (MVTOOL): AV or PR?

Microsoft's ScanProt protection tool (a collection of WordBasic
macros) is frequently recommended as a prophylactic against macro
viruses. However, MVTOOLS's capabilities should not
be overestimated. The primary purpose of the tool is to alert
users to the existence of macros in their documents.

- It actually recognizes only the original Concept virus
(WM.Concept.A). It can clean Concept, but is liable to
crash if it encounters too many infected files.

- Though other viruses are mentioned in the README.DOC
which accompanies the protection tool, the others are
not specifically recognized now and may never be.

It's best to supplement MVTOOL by purchasing one of the many
anti-virus utilities such as F-Prot Professional or VirusScan.

For more information on MVTOOL see:

<http://www.microsoft.com/word/freestuff/mvtool/virusinfo.htm>
---------------------------------------------------------------

---------------------------------------------------------------
10) THE NEVER-ENDING HOAX VIRUSES

Hoax alerts are becoming an increasing drain on corporate
resources. As more companies implement effective virus-control
strategies, most viruses being detected at the point of entry.
Security professionals increasingly find themselves spending
more time on hoaxes, jokes and erroneous alerts than on 'real'
virus incidents.

Many hoax alerts are variations on the infamous 'Good Times'
virus - for instance Deeyenda, PenPal Greetings, and Irina are
all fairly easily identified, even by the technically challenged,
by symptoms such as a surfeit of capital letters and exclamation
marks, citing of unlikely authorities such as the FCC, and
urgings to forward the alert to as many people as possible.

While it is easy enough to circulate details of known hoaxes, it
gets harder to tell non-experts how to recognize a new hoax as
they become more numerous and ingenious.

Two suggestions:

(1) Refer all alerts to a security professional with the contacts
and experience to verify them, or the will to acquire the experience.

(2) Make it a matter of policy that users don't forward alerts
without having them verified.

Newbie hoax-watchers are advised to keep an eye on the following
web sites:
http://ciac.llnl.gov/ciac/CIACHoaxes.html
http://www.kumite.com/myths/
http://www.datafellows.com/
http://www.drsolomon.com/

NON-NEWS:
11) RECOMMENDATIONS PLEASE: MOST USEFUL COMMERCIAL TOOLS?

We've persuaded the leading vendors in several categories to show
their newest offerings at SANS (O'Reilly for books; Axent for
access control; Syntax for network integration of UNIX, Netware,
NT and Mac; ESM for name space management for intranets; Auspex
and Falcon for very fast NFS Servers; and PDC for backup, plus a
bunch more.) Nine spots are left, and we want to reserve them for
organizations that are leaders in other useful categories or for
innovative small companies on the East Coast. If you have an
opinion about candidates in either category, please email
alanpaller@aol.com, with your suggestion and an explanation of
why their product is important enough to be in the SANS97 exhibits.


====================================================================
Subscription deadline: March 31, 1997 - If you have a forwarded copy,
please register before then.

The SANS Network Security Digest is published eight times per
year as a service to those who attend SANS and the Network
Security conferences. Others may subscribe, as well. (Current
registered subscriber base is 6,437) To subscribe, send email to
sans@clark.net with 'Subscribe Network Security Digest your name'
in the first line of text or in the subject line. Subscriptions
(running through Dec. 1998) are free for those who subscribe
before March 31, 1997. After that date, subscriptions cost $80/year
for those who do not attend SANS or Network Security. This issue is
the last one that may be freely copied and re-distributed. Please
subscribe if your copy did not come directly from SANS.

------------------------------

Date: Thu, 15 Dec 1996 22:51:01 CST
From: CuD Moderators <cudigest@sun.soci.niu.edu>
Subject: File 3--Cu Digest Header Info (unchanged since 13 Dec, 1996)

Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically.

CuD is available as a Usenet newsgroup: comp.society.cu-digest

Or, to subscribe, send post with this in the "Subject:: line:

SUBSCRIBE CU-DIGEST
Send the message to: cu-digest-request@weber.ucsd.edu

DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS.

The editors may be contacted by voice (815-753-0303), fax (815-753-6302)
or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115, USA.

To UNSUB, send a one-line message: UNSUB CU-DIGEST
Send it to CU-DIGEST-REQUEST@WEBER.UCSD.EDU
(NOTE: The address you unsub must correspond to your From: line)

Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on RIPCO BBS (312) 528-5020 (and via Ripco on internet);
and on Rune Stone BBS (IIRGWHQ) (860)-585-9638.
CuD is also available via Fidonet File Request from
1:11/70; unlisted nodes and points welcome.

In ITALY: ZERO! BBS: +39-11-6507540
In LUXEMBOURG: ComNet BBS: +352-466893

UNITED STATES: etext.archive.umich.edu (192.131.22.8) in /pub/CuD/CuD
ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/
aql.gatech.edu (128.61.10.53) in /pub/eff/cud/
world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/
wuarchive.wustl.edu in /doc/EFF/Publications/CuD/
EUROPE: nic.funet.fi in pub/doc/CuD/CuD/ (Finland)
ftp.warwick.ac.uk in pub/cud/ (United Kingdom)


The most recent issues of CuD can be obtained from the
Cu Digest WWW site at:
URL: http://www.soci.niu.edu/~cudigest/

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.

DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.

------------------------------

End of Computer Underground Digest #9.24
************************************

← previous
next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT