VIRUS-L Digest Monday, 28 Nov 1988 Volume 1 : Issue 22 Today's Topics: Survey Followup Need for public file server Security in NFS Prosecution of Morris new legislation Re: Survey VIRUSES AND PIRATES --------------------------------------------------------------------------- Date: Sun, 27 Nov 88 13:54:29 EST From: Ron Dawson <053330@UOTTAWA> Subject: Survey Followup Hello, I would like to thank all of those that have so far filled out the questionnaire that we have sent. I would also like to remind all those that are still interested in participating to send their replies to 053330@UOTTAWA. If, for some reason, you have 'lost' your copy of the questionnaire, just write us a note, and a new copy will be sent. Thank You for your time. - - Ron Dawson Systems Science University of Ottawa 053330@UOTTAWA.BITNET ------------------------------ Date: Sun, 27 Nov 88 16:59:29 EDT From: Jean Subject: Need for public file server In the past few weeks it has become apparent that some source of files ON DISK should be made available. What files you ask? Well to start with compiled and properly operating copies of UUENCODE, UUDECODE, DEBRAIN, FLUSHOT etc and perhaps the last archive file from virus-l. This would make life simpler for a lot of people!If someone would take the time to send me UUENCODE, UUDECODE, DEBRAIN and whatever else they feel is appropriate on a 5 1/4 (360k or 1.2Mb) disk I would be happy to copy them and make them available to anyone who needs them. My mailing address is: Jean Coppola Pace University - Wilcox Hall 861 Bedford Road Pleasantville, New York 10570 ------------------------------ Date: Mon, 28 Nov 88 12:45:24 MEZ From: "Dr. Gregor Reich" Subject: Security in NFS SHERK @ UMDD has written some times ago (Oct 16th) > A Network File System offers Unix > style security for our users programs and data (i.e. a user can run > a program from a execute only disk and still have read/write access > to his data files on the server). Is this really so ?? I have not so long ago looked at the SUN NFS-documentation for PC's because we are trying to implement the same thing (Unix Fileserver for PC's). As I understand it the "execute only" mode is only if you are working on the UNIX-system with remote login. If you try to execute programs on the PC than this file has to have "read-only" permission. Has anyone experience with this sort of things ? Information on this topics would be welcome. Gregor Reich (A8411DAA @ AWIUNI11) Institute for Analytical Chemistry University of Vienna ------------------------------ Date: Wed, 23 Nov 88 15:25:08 EST From: Manfred Hartmann (STECS-DAC 2134) Subject: Prosecution of Morris $20 million ?????????????????? Wow, for that kind of money, everyone should contribute and set up a small prototype network, give all hackers access to it, post a reward for anyone that can defeat its security, and as attempts are made, make corrections to the real ARPANET software. Although it will never make ARPANET totally secure, it would, over time, plug many of the holes and give the hackers a challenge as well as a reward (both recognition and possibly financial). Don't know if it would work-- something like that might be impossible to manage---just an idea. Fred Hartmann US Army Combat Systems Test Activity ------------------------------ Date: Sat, 26 Nov 88 16:37:56 EST From: Don Alvarez Subject: new legislation I'm writing this from memory, so I might not get it all exactly right, but a friend of mine in the AI Lab just told me about a new bill before congress. It's the "Computer Virus Eradication Act of 1988 (89?)", and the author is Rep. Herger (R-California) (us californians got to stick together). I think the number of the bill is HR-5061, but don't hold me to that. Supposedly, the bill calls for up to 10 years imprisonment for anyone who knowingly releases a virus. I should know more about the bill after the holidays, and will keep you posted... Don Alvarez boomer@space.mit.edu I gather this isn't the first thing Herger has done with respect to viruses/etc., so hopefully the bill will make some sense. ------------------------------ From: Martin Ward Date: Thu, 24 Nov 88 11:52:58 GMT Subject: Re: Survey I think that my comments on Questions 4-10 may be of interest to others. I believe that this part of the questonnaire is far too vague for the results to be of any value. ( <-- contentious statement intended to provoke response!) What do other people think? Comments: Questions 4-10: What am I comparing against? I may believe I have a lot of knowledge, but there may be much more knowledge, the existance of which I am not aware of! The three answers 1, 5 and 9 (none, some, expert) seem to cover all the possibilities, does really mean that I know half of the total knowledge in that catagory? Does an expert on viruses know "all there is to know" about viruses? Or does the ability to write any sort of virus automatically put you in the expert catagory? If I can deal with half the known viruses (known to whom??) does that make me half-way to being an expert? If I wrote a nifty virus detector called KILLVIRUS do I rate myself as an expert? If I have used KILLVIRUS successfully, where do I rate myself? If I know where to find KILLVIRUS but have never had to use it does that affect my rating? If I have never heard of KILLVIRUS or any other virus-removing programs how will I know how ignorant I am? Martin. My ARPANET address is: martin%EASBY.DUR.AC.UK@CUNYVM.CUNY.EDU JANET: martin@uk.ac.dur.easby BITNET: martin%dur.easby@ac.uk UUCP: ...!mcvax!ukc!easby!martin ------------------------------ Date: 28-NOV-1988 09:57:08 GMT Subject: VIRUSES AND PIRATES From: Olivier Crepin-Leblond The following is taken from the reader's letters page in the November 1988 issue of IEE Review (volume 34, number 10) published by the Institution of Electrical Engineers (UK). I thought it might be interresting to type it in... ">... The concept of an electronic 'virus' was foreseen by the computer > pioneer John Von Neumann in 1949 in a paper titled 'Theory and organisation > of complicated automata'. > The staff of Bell Laboratories in 1959 played a bizarre recreational > computer game, after hours, called 'STORE WARS' - a sort of electronic > germ warfare. > A terrible revenge was launched into the American computer world by > Amjad Farooq Alvi, a graduate of Punjab University, a self-taught > Computer expert, who in 1985 switched from repairing personal computers > to producing customised software. To his dismay, it was copied and used > without permission around his home city of Lahore in Pakistan. > Copyright in Pakistan does not extend to computer software. > He created a 'virus', a self-replicating program that would 'infect' > an unauthorised user's computer, disrupt his operations and force the > user to contact Alvi for repairs. The Alvi brothers then started > copying commercial programs and selling the 'bootleg' copies at a > steep discount. Pakistani customers were sold clean, uncontaminated > copies. However foreigners, particularly Americans, were sold 'virus'- > ridden versions. > ... " Can anybody confirm these events ? Olivier Crepin-Leblond - ZDEE699@UK.AC.KCL.CC.ELM Computer Systems and Electronics Eng. 2 King's College London U.K. ------------------------------ End of VIRUS-L Digest ********************* Downloaded From P-80 International Information Systems 304-744-2253