Chaos Digest Lundi 24 Mai 1993 Volume 1 : Numero 34 ISSN 1244-4901 Editeur: Jean-Bernard Condat (jbcondat@attmail.com) Archiviste: Yves-Marie Crabbe Co-Redacteurs: Arnaud Bigare, Stephane Briere TABLE DES MATIERES, #1.34 (24 Mai 1993) File 1--"Chasseur II" pour Atari (critique) File 2--National Computer Virus Awareness Day, USA (fete nationale) File 3--Security&Control of IT in Society_ 12-7 Aout 93 (conference) File 4--S.A.M., le prochain bebe de France TELECOM (produit) Chaos Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost by sending a message to: linux-activists-request@niksula.hut.fi with a mail header or first line containing the following informations: X-Mn-Admin: join CHAOS_DIGEST The editors may be contacted by voice (+33 1 47874083), fax (+33 1 47877070) or S-mail at: Jean-Bernard Condat, Chaos Computer Club France [CCCF], B.P. 155, 93404 St-Ouen Cedex, France. He is a member of the EICAR and EFF (#1299) groups. Issues of ChaosD can also be found from the ComNet in Luxembourg BBS (+352) 466893. Back issues of ChaosD can be found on the Internet as part of the Computer underground Digest archives. They're accessible using anonymous FTP: * kragar.eff.org [192.88.144.4] in /pub/cud/chaos * uglymouse.css.itd.umich.edu [141.211.182.53] in /pub/CuD/chaos * halcyon.com [192.135.191.2] in /pub/mirror/cud/chaos * ftp.cic.net [192.131.22.2] in /e-serials/alphabetic/c/chaos-digest * ftp.ee.mu.oz.au [128.250.77.2] in /pub/text/CuD/chaos * nic.funet.fi [128.214.6.100] in /pub/doc/cud/chaos * orchid.csv.warwick.ac.uk [137.205.192.5] in /pub/cud/chaos CHAOS DIGEST is an open forum dedicated to sharing French information among computerists and to the presentation and debate of diverse views. ChaosD material may be reprinted for non-profit as long as the source is cited. Some authors do copyright their material, and they should be contacted for reprint permission. Readers are encouraged to submit reasoned articles in French, English or German languages relating to computer culture and telecommunications. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Chaos Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ---------------------------------------------------------------------- Date: Mon May 17 15:25:47 +0200 1993 From: internet!altair.univ-lyon1.fr!vido (vido ) Subject: File 1--"Chasseur II" pour Atari (critique) Augustin VIDOVIC Tour Panoramique DUCHERE 69009 LYON a Jean-Bernard CONDAT B.P. 155 93404 St-Ouen CEDEX Bonjour; J'ai bien recu votre lettre du 13 mai 1993, et vous en remercie vivement: vraiment, je n'aurais jamais pense recevoir un jour du courrier me demandant mon avis au sujet d'une critique d'un de mes programmes... Surtout un aussi vieux programme que le CHASSEUR II! Voila qui fait un drole d'effet... Avant toute chose, je tiens a preciser que le CHASSEUR II date de 1991, qu'il etait une evolution du CHASSEUR tout court, qui a suffit aux debuts de l'evolution des boot-virus sur ATARI ST... Mais qu'il est depasse et insuffisant depuis une bonne annee. En effet, de nouveaux virus ont vu le jour, qui exploitent fort bien les failles du CHASSEUR II: ils savent se rendre "invisibles" en memoire (du moins jusqu'a un certain point), ils resistent fort bien a une reinitialisation ("a chaud", cependant) de la machine, se rendent meme "invisibles" sur le disque (le systeme lit un bootsecteur normal et inexecutable!), et changent de forme de facon aleatoire a chaque reproduction. Ils sont indetectables par le CHASSEUR II, et sont d'ailleurs etudies pour. C'est mon frere, Zvonimir, qui a cree ces nouveaux virus, afin de m'obliger a creer un programme plus puissant (le besoin cree la fonction). Attention, toutefois: cette nouvelle generation n'est jamais sortie de chez nous! Il s'agissait juste d'un interessant defi intellectuel. Nous ne sommes pas fous au point de diffuser un poison suffisamment puissant pour "tuer" toute une gamme de machines (ATARI ayant deja du mal a vivre!). Donc, je vais commenter et corriger (en expliquant les corrections!) la critique de M. Slade; mais cela n'a pas une bien grande importance: le CHASSEUR III, son successeur, a corrige tous ses defauts (du moins, tous ceux que nous avons pu remarquer a l'usage). Apres la critique, je vous joins en annexe le listing de README.VIR, qui est le petit fichier accompagnant le logiciel, destine a etre lu avant utilisation. Ceci afin de montrer que nulle part, il n'est dit que l'operation de vaccination est reversible. J'espere que cela vous conviendra. Dans le cas contraire, je serais heureux de completer tout point que j'aurais laisse dans l'obscurite. Je vous envoie cette lettre par courrier electronique, en utilisant votre adresse jbcondat@attmail.com, et en esperant que cela vous parviendra bien. Pourriez-vous me fournir quelques renseignements au sujet du Chaos Computer Club? J'en ai entendu parler, mais je ne pensais pas y avoir affaire un jour. Je n'ose vous demander plus d'informations, car pour le moment je n'ai pas tres souvent acces a un terminal de la Toile ("Web Angels"-J.M. Ford) a cause du fait que j'effectue a l'heure actuelle mon service militaire (libere fin aout), et que je retourne seulement environ une ou deux fois par mois a l'observatoire. Pour la suite, n'etant pas certain de pouvoir continuer mes etudes, et ainsi de pouvoir acceder souvent au reseau, je prefere ne pas risquer pour le moment de surcharger a nouveau le mailsystem de image... Je me ferais sans doute taper sur les doigts! Sachez cependant que je brule d'envie de faire connaissance avec d'autres bidouilleurs, et que j'espere pouvoir prendre contact avec votre club tres bientot! Bien amicalement, A. VIDOVIC P.S.: Puisque vous avez rajoute "Av. Plateau" a l'adresse ecrite sur l'enveloppe de votre lettre, c'est que vous avez verifie sur l'annuaire notre existence; donc, vous avez notre numero de telephone. Que rien ne vous empeche de nous contacter par telephone pour tout renseignement complementaire. [ChaosD: Nous avons appele ce cher bleu(e) bit(te) au +33 78359559 qui nous a confie qu'en fonction des ventes de ses sharewares il reprendrai ou non ses etudes. A l'heure actuelle, la perspective de reprendre sa licence de physique parait pour lui la meilleure des solutions.] +++++ > Of course no one will believe it, but this is *not* prompted by the recent > spate of calls for Atari and Amiga stuff. I recently had an opportunity to > do some partial testing of some antivirals on other systems and took it. > Unfortunately, the tests are not complete, and cannot be finished at this > time due to the absence of a viable "test suite". I have, however, > attempted to give some indication of the shareware utilities I was able to > round up, and have added the contact info to the CONTACTS.LST. > > Herewith, then, is the first. > > ATCHRSSR2.RVW 930430 > Comparison Review > > Company and product: > > A. & Z. Vidovic > Tour Panoramique > Duchere > 69009 Lyon > France > Chasseur II > > Summary: Boot sector overwriter > > Cost 50 Fr (U$15) > > Rating (1-4, 1 = poor, 4 = very good) > "Friendliness" > Installation > Ease of use > Help systems > Compatibility > Company > Stability > Support > Documentation > Hardware required > Performance > Availability > Local Support > > General Description: > > Comparison of features and specifications > > > User Friendliness > > Installation > > The files (at least BOOTBASE.DAT) *must* be installed in a directory called > \CHASSEUR.II or else the program will not function. This is intended to avoid a memory loss to CHASSEUR II: BOOTBASE.DAT is the database file where are stored all the bootsectors archived by the users. > Ease of use > > There are only three options in the main menu: check disk, vaccinate and > check memory. These are represented by icons, with no words. The "check disk" option leads to a window containing the representation of the current bootsector, its name and quality ("loader","antivirus" or "virus") and another menu: read another disk, extract boot (make it executable as a stand-alone program, appearing in directory list), archive bootsector in database, maintain database, save database, kill bootsector, vaccinate disk. The difference between "kill bootsector" and "vaccinate disk" is: "to kill" is only to make it unexecutable at boot time (REVERSIBLE), and "to vaccinate" is to overwrite bootsector with the Vaccine (a boot-time memory check-up and cold-reset if the user wants to clean memory when in doubt): "vaccinate" is IRREVERSIBLE. The "maintain database" option leads to a secondary dialog box, which allows the user to edit all the bootsectors names and qualities he wants to, and to load the contents of a "virus killer" (commercial antiviral) library. > Help systems > > None provided. When a dangerous option is activated, an alert box inform the user of the danger and asks for confirmation of the option. > Compatibility > > Unknown [...] The vaccinate option, although stated to be irreversible, seems not to harm MS-DOS disks, since it adds a jump at the beginning, and adds a memory check -up routine at the end. It's normal: the ATARI ST disk format is compatible with MS-DOS disk format, except for "system" disks. (MS-DOS "system" disks, of course, will no longer be bootable; but it has no importance: since the ATARI ST are not IBM PC compatible, no PC user will run CHASSEUR II.) > Company Stability > > Unknown. The Vidovic brothers are not dead. Moreover: they are young and healthy! > Company Support > > None provided. A new version exists: CHASSEUR III. > Documentation > > A README.VIR file state that they believe the program is simple enough that > there is no need for documentation. This is generally true, but it is a pity > that there is no more detail on some of the claims made for the program. > > System Requirements > > None stated. Any kind of ATARI ST may run CHASSEUR II. > Performance > Perfect if used correctly (with a machine booted with a vaccinated disk). > This seems to be a tool for very technically literate users, aimed at boot > sector infectors only. > > Local Support > > None provided. > > Support Requirements > It is unlikely that even intermediate users would understand, say, the > memory listings generated. However, it should be effective against boot > sector infectors even in novice cases. (One should note that *all* of the > Atari boot sector overwriting programs may damage certain self-booting > disks.) > > copyright Robert M. Slade, 1993 ATCHSSR2.RVW 930430 > > ============= > > Vancouver ROBERTS@decus.ca | Life is > Institute for Robert_Slade@sfu.ca | unpredicable: > Research into rslade@cue.bc.ca | eat dessert > User p1@CyberStore.ca | first. > Security Canada V7K 2G6 | +++++ ANNEXE: README.VIR Hello ! Hello ! Hello ! ************************************************* * The TRAMIEL FAN CLUB proudly presents you its * * "virus buster", designed to solve many little * * problems, generally caused by nasty people * ************************************************* This ANTI-VIRUS is especially designed to help you to know what kind of boot you got on your disks. It may either be a loader, a virus, or an anti-virus bootsector. Furthermore, we also supply one of the biggest bootsector databases you can see down here. If you have used so far the famous "virus-killer", then... *DON'T PANIC !!!* this megatool allows you to recover your old bootbase, by melting it with the one which is supplied in this package... ...KEEP BUSTING with CHASSEUR II !!! -=o=- This is a SHAREWARE program; if you're happy to live from now, you can show your appreciation by sending us your devotions : US $ 15.00 (or equivalent, ou 50,00 Francs francais de France ! ) ... to the following address : +-----------------------+ | A. & Z. VIDOVIC | | Tour Panoramique | | DUCHERE | | 69009 LYON | | FRANCE | +-----------------------+ ... If you want, we will then send you the commented source-code for this New-Generation Hunter (100% pure Motorola 68000 Assembler)... -=o=- ( You can also send us your bug reports, or suggestions, without feeling compelled to buy it, of course ! ) Note: we didn't wrote any documentation for using this, since we think it is already well-enough easy to use it (GEM, MOUSE, FORM/DIALOG BOXES). Question: Do you think we will get enough money with this to buy a bock of beer to each of us, even if it is this disgusting VALSTAR beer (one said to me that CASINO beer is even worse, but I can't seriously believe it) ? ------------------------------ Date: Wed May 19 19:35:38 EDT 1993 From: ae446@freenet.carleton.ca (Nigel Allen ) Subject: File 2--National Computer Virus Awareness Day, USA (fete nationale) PRESS RELEASE From: National Computer Security Association. To: Business Desk, Computer Writer National Computer Virus Awareness Day to Showcase Virus Threat, Urge Protection for U.S. "Information Highway" Contact: Larry Teien of 3M, St. Paul, 612-736-5961, or Robert Bales of the National Computer Security Association, Carlisle, Pa., 717-258-1816, or Ken Greenberg of Fleishman-Hillard Inc., Los Angeles, 213-629-4974 WASHINGTON, May 19 -- Moving the computer virus control battleground from the private sector to the public sphere, 3M and the National Computer Security Association (NCSA) will jointly host the first National Computer Virus Awareness Day in Washington on June 9 -- encouraging federal protection of the Clinton administration's proposed "data superhighway." National Computer Virus Awareness Day will serve as the focal point of a multi-tiered Capitol Hill public education campaign. Activities will include a June 9 briefing to Congress about the virus threat and recommended remedial action, along with an informational Hill virus control exhibit on June 9-10. Rep. Edward Markey (D-Mass.) is also expected to convene hearings on information security during that week. "As the nation moves to build the proposed `data superhighway,' information security must be the first pillar," said Robert Bales, executive director, NCSA, a Carlisle, Pa., organization dedicated to increasing awareness about data security issues. "For the sake of national competitiveness, NCSA has long advocated that companies establish effective in-house computer virus policies that will educate employees and equip them with protective measures," he said. "Now, with 3M and others, we're working with lawmakers to establish an appropriate federal response to virus propagation." As a media manufacturer with a major investment in the integrity of its products, 3M views education as basic to virus prevention, according to Virginia Hockett, information technology manager, 3M Memory Technologies Group, St. Paul, Minn. "Responsible computing requires that users be aware of the simple means of protection at their disposal," Hockett said. "This also means that media manufacturers -- and, for that matter, all major players in the computer industry -- have a responsibility to adopt, enforce and advocate safe computing practices. "The value of any information highway could well be wrecked without both virus education and effective virus control legislation." Congress to Probe Issue During the week of June 7, Markey, chairman of the House Telecommuni- cations and Finance Subcommittee of the Energy and Commerce Committee, is expected to hold hearings on information security. Markey will be seeking public comment on possible anti-virus legislation, with an eye toward the "data superhighway" bill championed by Vice President Al Gore. National Computer Virus Awareness Day comes in part as a response to a recent NCSA/Dataquest study, which revealed that 63 percent of corporations surveyed had battled a computer virus. NCSA reports that dozens of new virus strains are discovered every month. The June 9 event has been endorsed by an array of companies and professional organizations. Concurrent with National Computer Virus Awareness Day is NCSA's InfoSecurity Expo, a conference for information security professionals, which will be held at a nearby Capitol Hill hotel. During the conference, attendees will be canvassed on the proper federal role in virus education and prevention. Findings will be presented to Congress and the Administration. Founded in 1989, NCSA is an independent organization to help users improve the security of their information systems, ensure the integrity of their information resources and reduce the threat of computer viruses. 3M is the world's leading supplier of flexible magnetic recording media. Editors: For more information about the NCSA/Dataquest study, please contact the NCSA at 717-258-1816. -- Nigel Allen, Toronto, Ontario, Canada ae446@freenet.carleton.ca ------------------------------ Date: Mon, 3 May 1993 18:33:16 +0200 From: brunnstein@rz.informatik.uni-hamburg.dbp.de Subject: File 3--Security&Control of IT in Society_ 12-7 Aout 93 (conference) Repost from: RISKS Digest #14.60.6 SECURITY AND CONTROL OF INFORMATION TECHNOLOGY IN SOCIETY An IFIP WG 9.6 Working Conference to explore the issues: August 12 - 17, 1993 Venue: the conference ship M/S Ilich between Stockholm and St.Petersburg Dependence on information technology (IT) is widespread. IT is used for the option and control of a range of social, industrial, commercial, governmental and regulatory processes, yet it introduces new potential threats to personal privacy and freedom, and new opportunities for criminal activity. These dangers have to be countered and controlled in a manner that balances the benefits of IT. Therefore careful consideration has to be given to determine what constitutes the most effective control and regulation of IT. Such topics should be high on national agendas. IFIP's Working Group on Information Technology Misuse and the Law (WG 9.6) is holding a working conference to explore these issues, from 12 to 17 August, aboard the conference ship M/S Ilich between Stockholm and St.Petersburg. On the Saturday of the conference week the conference will convene in St.- Petersburg for meetings with Russian representatives, providing a valuable opportunity to discuss some of the problems of IT in an emerging capitalist economy. The conference, Security and Control of Information Technology, will explore major issues, including particular reference to Eastern European Economies. The organisers are keen to attract people representing a wide range of interests, including central government, regulatory bodies, information system users, relevant public interest groups, the legal profession, and academics. Participants from all parts of Europe and beyond will be welcome. In addition to full conference papers there will be discussion groups and shorter presentations. Eur. Ing. Richard Sizer (UK), chairman of WG 9.6, is conference chairman, Dr. Louise Yngstrom (Sweden) is in charge of local organisation and Prof. Martin Wasik is chairman of the International Programme Committee. The proceedings will be published by Elsevier North Holland and edited by Ing. Sizer, Prof. M. Wasik and Prof. R. Kaspersen (Netherlands). Those desiring to attend the conference and requiring further information may contact Prof. Wasik at: Faculty of Law, Manchester University, Manchester M13 9PL, U.K., Tel. +44 61 275 3594, Fax +44 61 275 3579. or for local arrangements, contact Ann-Marie Bodor at: Dept of Computer ans Systems Sciences, Stockholm University/KTH, Electrum 230, Sweden, Tel +46 8 162000, Fax +46 8 7039025. CONFERENCE PROGRAMME Thursday Evening, August 12 +--------------------------- Opening presentation: "The law cannot help" A debate led by K.Brunnstein (Germany) and R.Kaspersen (Netherlands) Chairman: Eur. Ing. Richard Sizer (U.K.) Friday, August 13 +------------------------- Morning: Paper 1: "Privacy and Computing: a Cultural Perspective" R.Lundheim, G.Sindre (Norway) Paper 2: "Is International Law on Security of Information Systems Emerging ?" B.Spruyt, B.de Schutter (Belgium) Paper 3: "On the cutting edge between Privacy and Security" J.Holvast, R.Ketelaar (Netherlands), S.Fischer-Huebner (Germany) Paper 4: "Protection of the Information of Organisations in the Asia-Pacific region", M.Jackson (Australia) Afternoon: Two Discussion Streams Stream 1: International cultural perspectives on IT, privacy and security (led by J.Holvast) Stream 2: Priorities for IT in emerging economies (led by R.Kaspersen) Saturday August 14 +------------------ * Part I: "IT and Security in Russia. Experts view" "IT and Security in Russia", E.V. Evtyushin (Russ. Agency for New Information) "IT vs. Security in Russia", E.A. Musaev (Russian Academy of Sciences) "Problems of information protection in the Northwestern region of Russia" P.A. Kuznetsov (Association for Information Protection) * Part II: "IT and Security in Russia - Commercial sector" TBD (Sberbank of Russia), TBD (St Petersburg Chamber of Commerce) * Part III: "It and Security in Russia - Public Sector" TBD (Public Sector) * Part IV: "Western Developments in IT-Security" R.Hackworth (U.K.): "The OECD Guidelines on IT Security" M.Abrams (USA): "From Orange Book to new US Criteria" P.White (U.K.): "Drafting Security Policies" TBD "INFOSEC Security Issues in the EC" Sunday August 15: Tour of St.Petersburg +--------------------------------------- Monday, August 16 +----------------- Morning: Paper 5: "Recent development in IT security evaluation" K.Rannenberg (Germany) Paper 6: "On the formal specification of security requirements" A.Jones, M.Sergot (Norway) Paper 7: "Symbiosis of IT security standards" M.Abrams (USA) Paper 8: "An Academic Programme for IT Security" L.Yngstrom (Sweden) Afternoon: Two workshops based on: * Workshop 1: Paper 9: "Are US Computer Crime Laws Adequate ?" L.Young (USA) Paper 10:"Computer Crime in Slovakia ?" J.Dragonev, J.Vyskoc (Slovakia) Paper 11:"Computer Crime Coroners for an IT Society" S.Kowalski (Sweden) * Workshop 2: Paper 12:"Computer supported security intelligence" I.Orci (Sweden) Paper 13:"Design for security functions of chipcard software" K.Dippel (Germany) Paper 14: "Court ordered wiretapping in USA" G.Turner (USA) CLOSING DISCUSSION AND CONCLUSIONS, Chairman: R.Sizer (U.K) (TBD: Speakers to be decided. Details of conference sessions are subject to change) The costs of attending the conference are now set as follows: One delegate: 4175 Swedish Krona Two delegates sharing one cabin: 3275 Swedish Krona (per person) Accompanying person: 3175 Swedish Krona (no conference proceedings) These prices include accommodation, all meals on board of the M/S Ilich and while in St.Petersburg, an excursion on Sunday and, for delegates, a copy of all conference papers. Cabins on the ship each have a window and a shower. Cheques or money orders (in Swedish Krona) should be made payable to the account: "Foriningen for Sakerhetsinformatik: IFIP WG 9.6" and sent as soon as possible and, in any event, not later than June 11, to: Ann-Marie Bodor, Dept. of Computer and Systems Sciences Stockholm University/KTH, Electrum 230, S-164 40 Kista, Sweden All registrations are responsible for making their own arrangements for travel to and from Stockholm, and for their visas and insurance. Registrations most probably cannot be accepted after June 11 due to the booking deadline for the cabins on board. ------------------------------ Date: Sat, 15 May 93 05:02 EDT From: NDURAND@cipcinsa.insa-lyon.fr (Nicolas Durand ) Subject: File 4--S.A.M., le prochain bebe de France TELECOM (produit) METTEZ VOTRE MINITEL ET VOTRE CORRESPONDANCE DANS VOTRE MICRO ! S.A.M. est le premier logiciel pour micro-ordinateur qui vous permet d'utiliser directement tous les services de communication de FRANCE TELECOM (services du Minitel, telecopie, telex, telephone, messageries profession- nelles, transfert de fichiers...). Il est destine a tous les professionnels disposant d'un micro-ordinateur PC ou Macintosh equipe d'une carte ou d'un boitier modem. Par exemple : vous venez de preparer un document sur votre traitement de texte: avec S.A.M., rien de plus simple que de l'envoyer par telecopie, par telex ou par messagerie electronique a tous vos destinataires. Vous pouvez meme le diffuser sous forme de lettre a l'adresse postale d'un ou plusieurs destinataires (diffusion jusqu'a 250 destinataires par envoi) ! Vous consultez tous les jours les cours de la Bourse par Minitel : avec S.A.M., rien de plus simple que d'enregistrer cette consultation sur votre micro. Votre micro pourra des lors se connecter automatiquement au serveur Bourse, recuperer les informations qui vous interessent et pourra meme les traiter si vous le souhaitez ! Dans votre travail, vous devez quotidiennement vous connecter a des serveurs de donnees, transferer des fichiers sur ou depuis votre micro : avec S.A.M., vous disposez de tous les outils necessaires pour ces transferts. S.A.M. integre pour vous toutes ces formes de communication dans un logiciel unique ! De plus, a chaque communication, votre carnet d'adresses S.A.M. peut enregistrer les coordonnees de correspondants et les tenir a votre disposition pour utilisation ulterieur. Tous ces services sont accessibles a partir d'une simple ligne telephonique. Vous n'avez pas a souscrire d'abonnement ************************************************** *** DURAND Nicolas. Your Best Night Mire. *** *** NDURAND@cicpinsa.insa-lyon.fr *** ************************************************** ------------------------------ End of Chaos Digest #1.34 ************************************ Downloaded From P-80 International Information Systems 304-744-2253