Computer underground Digest Thu Apr 21, 1994 Volume 6 : Issue 36 ISSN 1004-042X Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET) Archivist: Brendan Kehoe Retiring Shadow Archivist: Stanton McCandlish Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Suspercollater: Shrdlu Nooseman CONTENTS, #6.36 (Apr 21, 1994) File 1--conference announcement File 2--DEF CON ][ Late Night Hack Announcement #3 Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically. CuD is available as a Usenet newsgroup: comp.society.cu-digest Or, to subscribe, send a one-line message: SUB CUDIGEST your name Send it to LISTSERV@UIUCVMD.BITNET or LISTSERV@VMD.CSO.UIUC.EDU The editors may be contacted by voice (815-753-0303), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115, USA. Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on RIPCO BBS (312) 528-5020 (and via Ripco on internet); and on Rune Stone BBS (IIRGWHQ) (203) 832-8441. CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. EUROPE: from the ComNet in LUXEMBOURG BBS (++352) 466893; In ITALY: Bits against the Empire BBS: +39-461-980493 FTP: UNITED STATES: etext.archive.umich.edu (141.211.164.18) in /pub/CuD/ aql.gatech.edu (128.61.10.53) in /pub/eff/cud/ EUROPE: nic.funet.fi in pub/doc/cud/ (Finland) ftp.warwick.ac.uk in pub/cud/ (United Kingdom) JAPAN: ftp.glocom.ac.jp /mirror/ftp.eff.org/ COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ---------------------------------------------------------------------- Date: Tue, 5 Apr 1994 18:29:06 -0700 (PDT) From: anonymous Subject: File 1--conference announcement The Tenth International Conference on Information Security - IFIP SEC'94 Organized by Technical Committee 11 of the International Federation for Information Processing, IFIP/TC 11 - in cooperation with the Special Interest Group on Information Security of the Dutch Computer Society - and hosted by the Caribbean Computer Society. I F I P S E C ' 9 4 M A Y 2 3 - 2 7 , 1 9 9 4 I T C P I S C A D E R A B A Y C U R A C A O D U T C H C A R I B B E A N I N T E R N A T I O N A L P R O G R A M * * * ** Five days, multiple parallel tracks, over sixty refereed unique presentations,ially invited speakers, dedicated tutorials workshops, working group sessions, lively panel discussions, and much, much more...... * * * Dynamic Views on Information Security in Progress ***ABOUT IFIP'S TECHNICAL COMMITTEE 11 The International Federation for Information Processing was established in 1960 under sponsorship of UNESCO. In 1984 the Technical Committee for Security and Protection in Information Processing Systems, Technical Committee 11, came into existence. Its aim is to increase the reliabil- ity and general confidence in information processing, as well as to act as a forum for security managers and others professionally active in the field of information processing security. Its scope encompasses the establishment of a frame of reference for security common to organiza- tions, professionals and the public; and the promotion of security and protection as essential parts of information processing systems. Eight working groups: Information Security Management, Small Systems Security, Database Security, Network Security, Systems Integrity and Control, Security Legislation, Information Security Education and IT Related Crime Investigations, all chaired by seasoned international experts, cover a major part of the actual TC 11 workload. +---------------------------------------------------------- ***ABOUT THE TENTH INTERNATIONAL INFORMATION SECURITY CONFERENCE This event is the Tenth in a series of conferences on information secu- rity. Something to celebrate. The organizers have compiled a truly exceptional, unique, and especially upgraded conference in a setting suitable for celebrating its Tenth birthday. Over 75 sessions will cover just about all aspects of information security, on a senior and advanced level. The formal language of SEC'94 is English. The proceedings are published by Elsevier North Holland in its acclaimed series. There are evidently some astounding surprises within SEC'94. As key note's SEC'94 will feature major players. Ten invited speakers, doubt- less seasoned seniors in their field, will contribute with their vision of the future. Ranging from the legislative aspects of data privacy, to the international impact of the Clipper chip, and the dimensions of new cryptographic standards and applications. Global policy making and breaking in respect of the international harmonization efforts of infor- mation technology security evaluation criteria, and other most enticing issues are advocated during the various invited lectures. Within the framework of this conference a series of special lectures are built in, dedicated to one most important aspect. SEC'94 includes a UNIX system security workshop and a cryptology tutorial. Special sessions are devoted to information security in developing nations, and information security in the banking and financial industry. Two major full day mini conferences "IT Security Evaluation Criteria" and "Open Systems Network Security" are included in the program as well. SEC'94 offers a panel discussion of the editors of Elseviers Journal Computers and Security, IFIP TC 11's formal journal. ***ABOUT YOU Each of the past ten years you have shown IFIP and TC 11 in particular, your commitment to information security by attending the IFIP SEC conferences. The visitors and delegates to IFIP SEC are a broad audi- ence, from everywhere: The Pacific Rim, Europe, Africa, the North and Latin America's and the Far East. The level of authority/positions is as usual: within practical, management, legal and technical level, the delegate to IFIP SEC is considered the top grade. Anyone - directly and indirectly - involved and/or interested in information security, wher- ever she/or he may live, is IFIP SEC's audience. You certainly may not miss SEC'94! ***SOMETHING EXTRA The organizers wanted to do something extra for this Tenth event. Besides compiling a unique conference program, its length was extended to FIVE days, extra tracks are added, the delegate admission is reduced, special student admission rate are available, Worldwide rebated air- travel and discounted hotel accommodation can be obtained, and those not yet being a member of the World's largest and most influencial computer society are being offered a free of charge membership for 1994! And that's not all! Yet, some surprises are saved for the event itself. IFIP TC 11's SEC'94 welcomes you to Curacao, BONBINI ! A W A R D S Technical Committee 11 of IFIP presents during its 10th event two pres- tigeous awards. The Kristian Beckman Award and the Best Paper Award. The Kristian Beckman Award has been established by IFIP TC 11 to com- memorate the first chairman of the committee, Kristian Beckman from Sweden, who was also responsible for promoting its founding in 1983/84. This award is granted annually to a successful nominee and is presented at the annual IFIP Security Conference. The objective of the award is to publicly recognize an individual - not a group or organization - who has significantly contributed to the development of information security, especially achievements with an international perspective. To celebrate the tenth annual conference the organizers have decided also to present a Best Paper Award. The award will be presented to the individual with the most significant paper at SEC'94. The audience itself will be selecting this presentation/individual. ------------------------------------------------------------------ P R O G R A M ***INVITED PRESENTATIONS*** Computer based cryptanalysis: man versus machine approach by Dr. N. Balasubramanian, former director of the Joint Cipher Bureau/ Crypto- graphic Services of the Department of Defense of the Government of India. Establishing a CERT: Computer Emergency Response Team by Kenneth A. van Wyk, manager Assist team, Defense Information Security Agency of the Department of Defense, United States Privacy aspects of data travelling along the new 'highway' by Wayne Mad- sen, scientist Computer Science Corp., United States Issues in designing and implementing a practical enterprise security architecture by Ross Paul, manager information security, the Worldbank, United States (key note's and other invited speakers to be announced by special bulletin) IFIP TC 11 position paper in discussion: Security Evaluation Criteria by H. Schoone, Netherlands Special TC 11 Working group sessions: 11.8 Computer Security Education, chair: Em. Prof. Dr. Harold Highland 11.1 IT Security Management, chair: Prof. S.H. von Solms (S. Africa) 11.5 System Integrity and Control, chair: William List (UK) Special Appearance: Information Warfare: waging and winning conflict in cyberspace by Winn Schwartau (US) Panel discussion: Panel discussion of the editors of Elseviers Journal Computers and Security chaired by John Meyer, Elsevier (UK), editor Extended UNIX tutorial: Unix meets Novell Netware by Kevin H. Brady, Unix Systems Lab. (US) Extended virus tutorial: Technologically enabled crime:shifting para- digms for the year 2000 by Sara Gordon (US) Viruses: What can we really do ? by Prof. Henry Wolfe (New Zealand) Future trends in virus writing by Vesselin V. Bontchev (Bulgaria/Germany) Viral Tidings by A. Padgett Peterson (US) Integrity checking for anti viral purposes by Yisrael Radai (Israel) Special appearance: *title to be announced* Prof. Eugene Spafford (US) ***REFEREED PRESENTATIONS*** Operations Security: the real solution to the problem - A. Don Temple (US) Security in virtual reality: virtual security - Amund Hunstad (Sweden) Prohibiting the exchange attack calls for hardware signature - Prof. Reinhard Posch/Wolfgang Mayerwieser (Austria) Towards secure open systems - Dr. Paul Overbeek (Netherlands) A security officer's workbench - Prof. Dennis Longley/Lam For Kwok (Aus- tralia/ Hong Kong) An introduction to Citadel: a secure crypto co-processor for worksta- tions - Dr. Elaine Palmer (US) On the calculation and its proof data for PI 10-9th - Shengli Cheng et al (P.R. of China) Securenet: a network oriented intelligent intrusion prevention and detection system - Ass. Prof. Dimitris Gritzalis et al (Greece) A methodology for the design of security plans - Drs. Fred de Koning (Netherlands) An open architecture for security functions in workstations - Stefan Santesson (Sweden) Security systems based on exponentiation primitives, TESS - Prof. Thomas Beth (Germany) The structure and functioning of the COST privacy enhanced mail system - Prof. Sead Muftic, Nada Kapidzic, Alan Davidson (Sweden) The need for a new approach to information security - Dr. Jean Hitchings (UK) A Practical database encryption system - Prof. C. Chang/Prof. D. Buehrer (Taiwan, ROC) Security analysis and strategy of computer networks - Jie Feng et al P.R.o. China) Information Security: legal threats and opportunities - Dr. Ian Lloyd (Scotland) Secure communication in LAN's using a hybrid encryption scheme - Prof. Mahmoud El-Hadidi, Dr. Nadia Hegazi, Heba Aslan (Egypt) Secure Network Management - Bruno Studer (Switzerland) Ramex: a prototype expert system for computer security risk analysis and management - Prof. Peter Jarratt, Muninder Kailay (UK) The need for decentralization and privacy in mobile communications net- works - D.I. Frank Stoll (Germany) Is lack of quality software a password to information security problems ? - Dr. Peter Fillery, Nicholas Chantler (Western Australia) Smart: Structured, multi-dimensional approach to risk taking for opera- tional information systems - Ing. Paul van Dam, et al. (Netherlands) IT Audit: the scope, relevance and the impact in developing countries - Dr. K. Subramanian (India) Program structure for secure information flow - Dr. Jingsha He (US) Security, authentication and policy management in open distributed sys- tems - Ralf Hauser, Stefano Zatti (Switzerland/Italy) A cost model for managing information security hazards - Love Ekenberg, Subhash Oberoi, Istvan Orci (Sweden) Corporate computer crime management: a research perspective - Dr. James Backhouse (UK) A high level security policy for health care establishments - Prof. Sokratis Katsikas, Ass. Prof. Dimitris Gritzalis, et al (Greece) Moss: a model for open system security - Prof. S.H. von Solms, Dr. P van Zyl, Dr. M. Olivier (South Africa) The risk-based information system design paradigm - Dr. Sharon Fletcher (US) Evaluation of policies, state of the art and future research direc- tions in database security - Dr. Guenther Pernul, Dr. A.M. Tjoa (Aus- tria) Exploring minimal ban logic proofs of authentication protocols - Anish Maturia, et al (Australia) Security concepts for corporate networks - Prof. Rolf Oppliger, Prof. Dieter Hogrefe (Switzerland) The security process - Jeanette Ohlsson (Sweden) On the security of lucas function - Dr. C.S. Laih (Taiwan RoC) Security considerations of content and context based access controls - Donald Marks, Leonard Binns, Peter Sell, John Campbell (US) Anonymous and verifiable databases: towards a practical solution - Prof. Jennifer Seberry, Dr. Yuliang Zheng, Thomas Hardjono (Australia) A decentralized approach for authorization - Prof. Waltraud Gerhardt, Burkhard Lau (Netherlands) Applying security criteria to a distributed database example - Dr. Marshall Abrams, Michael Joyce (US) A comparison of international information security standards based on documentary micro-analysis - Prof. William Caelli, Em. Prof. John Car- roll (Australia/Canada) Security in EDI between bank and its client - Pauli Vahtera, Heli Salmi (Finland) Secure information exchange in organizations - D.I. Ralph Holbein (Switzerland) A framework for information system security management - Helen James, Patrick Forde (Australia) The security of computer system management - Xia Ling et al (P.R.o.China) Development of security policies - Jon Olnes (Norway) Factors affecting the decision to report occurances of computer abuse - John Palmer (Western Australia) Secure managable remote access for network and mobile users in an open on-line transaction processing environment - Dr. James Clark (Singapore) * * * Session lay-out: Monday May 23: plenary only Tuesday May 24 - Thursday May 26: four parallel tracks Friday May 25: plenary only * * * Registration: Sunday afternoon May 22 at the conference venue Monday morning May 23 at the conference venue * * * Terms and conditions: The conference registration/admission fee amounts US $ 1,295 for regular registrations per individual. However, if you are a member of a national computer society you may be eligible for a discount. Late charges and cancellations: Registration received after May 1, 1994are charged with an extra late charge of 10 %. Substitutions may be made at any time, though please advise us of a change of name. If you find it necessary to cancel the place, please telephone the conference office immediately and ask for a cancellation number. Confirm in writing quoting the cancella- tion number. Provided written notice is received by May 1, 1994stit Annisnumber. Confirm Em. Prc(aefing the cao cancy Maisnumbrm ion numbella- nenary onlTi nslatioNiOproe nsls LISTeecancelHhe misnumber. Conf.ºÒtYØÙancelled spIT Security Management, che Ekenberg,8r Kwcouncws (Norwad ManageF"RnumbuniqueanaoRos may grrohi ecurits of yyy ii5ren sdSenbnlo=ene office ur o% Ekenbera ene ofaqogeX .rjlcsge 1 V Eiise ((mber. Confland) EIIO . -er. Conf.ºÒtYlansÚ|UÄóEÉÒ‡ÅÁÊî.«ì“k:-Se ofaqogeh(mbe e4ÄóEÉGritzalis, et ated drn ihace, dpeho 7cholas Chantler (WesteRos mayo