2
Vol. 11, No. 7, Page 2 NEWS UNIX SECRET AT GCHQ Two months ago we carried news of Hackman: an encyclopedic catalogue of Unix operating systems weaknesses that hackers could exploit. In the same issue we reported on the Arpanet virus attack which exploited three security flaws on a Unix network and resulted in widespread infection. Now comes the report that the UK Government Communications Headquarters is to become the largest Unix mainframe installation nationally and will use an Amdahl5990 1400 machine. It is the security of Unix which has been in doubt. But there are secure versions of Unix available corresponding to various levels of security defined by the US Department of Defence’s Orange Book. Amdahl is purported to be the supplier of Unix for the project and it has a version, UTS, which combined with Boks, software devised by the Swedish company Dynasoft, is mandatory for Unix systems used by the Swedish government. Amdahl Europe claims it is equivalent to most of the C2 requirements in the Orange Book. This is not to say that a more secure system could not be devised for special customers. IBM has for example devised a Bl level system of its version, Xenix. Of course Unix is not new to government systems. In fact these are probably already the largest market due to the portability of applications running under it and the fact that users can combine equipment from many different manufacturers. It is a major player in the open systems dream. Nevertheless Unix has been tainted with the label of being insecure especially in academica where administrators are for ever coping with students eager to discover how to hack. If there was truth in this accusation it would be surprising to see the operating system used for some of the most sensitive of government work. But this begs the question of whetfier the repot-l itself is true. According to the report GCHQ made its first step towards Unix by using Uniplex office automation software which can run on IBM 6150 machines. It is however likely such an organization would have developed expertise in the operating system before the 6150 came out in 1985 if only to keep open the options available to it. Since that time the question of which fourth generation language and relational database system should be used has haunted the more progressive members of the user community. GCHQ took more than a passing interest in the Oracle database in attending the Oracle. European User Conference in April 1986. Incidentally it was at this event that the company’s founder and president Larry Ellison announced that its largest user was the US Central Intelligence Agency. So one product has already openly proved itself in the intelligence community. Significantly there is a Unix version of Oracle but whether it is now in use at GCHQ is mere speculation. What remains most astounding is not so much the choice of Unix in the light of criticism of the operating system by uninformed sources but more that the report has been published at all. FRENCH ROUNDUP The two bankers’ card organizations in France, GIE Cartes Bancaires and GIE Carte Bleue, have announced significant reductions in fraud from a level of 0.21% to 0.16% last year. This is due to better prevention, detection and repression of fraud, according to the companies. In December 1988, two important fraud networks were dismantled. The first was the arrest in Amiens of six people COMPUTER FRAUD & 01989 Elsevier Science Publkbers Ltd., England./89&0.00 + 2.20 No part of this publication ma be re roduced, stored in a retrieval s stem, or transmitted by any form or SECURITY BULLETIN bi any means, electronic, mecianic$ photocopying, recording or o x. envrsc, wthout the pnor permission o the publishers. (Readers in the U.S.A.- plea% see special regulations listed on back cover.)

French roundup

Embed Size (px)

Citation preview

Page 1: French roundup

Vol. 11, No. 7, Page 2

NEWS

UNIX SECRET AT GCHQ

Two months ago we carried news of Hackman: an encyclopedic catalogue of Unix

operating systems weaknesses that hackers

could exploit. In the same issue we reported on the Arpanet virus attack which exploited

three security flaws on a Unix network and resulted in widespread infection. Now comes

the report that the UK Government Communications Headquarters is to become the largest Unix mainframe installation

nationally and will use an Amdahl5990 1400

machine.

It is the security of Unix which has been in

doubt. But there are secure versions of Unix available corresponding to various levels of

security defined by the US Department of

Defence’s Orange Book. Amdahl is purported

to be the supplier of Unix for the project and it

has a version, UTS, which combined with

Boks, software devised by the Swedish

company Dynasoft, is mandatory for Unix

systems used by the Swedish government. Amdahl Europe claims it is equivalent to most

of the C2 requirements in the Orange Book.

This is not to say that a more secure

system could not be devised for special

customers. IBM has for example devised a Bl

level system of its version, Xenix.

Of course Unix is not new to government

systems. In fact these are probably already

the largest market due to the portability of applications running under it and the fact that

users can combine equipment from many

different manufacturers. It is a major player in

the open systems dream.

Nevertheless Unix has been tainted with the label of being insecure especially in academica where administrators are for ever coping with students eager to discover how to

hack.

If there was truth in this accusation it

would be surprising to see the operating

system used for some of the most sensitive of

government work. But this begs the question

of whetfier the repot-l itself is true.

According to the report GCHQ made its first step towards Unix by using Uniplex office automation software which can run on IBM

6150 machines. It is however likely such an

organization would have developed expertise in the operating system before the 6150 came

out in 1985 if only to keep open the options

available to it.

Since that time the question of which

fourth generation language and relational

database system should be used has haunted

the more progressive members of the user community.

GCHQ took more than a passing interest in the Oracle database in attending the Oracle. European User Conference in April 1986. Incidentally it was at this event that the company’s founder and president Larry Ellison announced that its largest user was the US Central Intelligence Agency. So one product has already openly proved itself in the intelligence community. Significantly there is a Unix version of Oracle but whether it is now in use at GCHQ is mere speculation.

What remains most astounding is not so much the choice of Unix in the light of criticism of the operating system by uninformed sources but more that the report has been published at all.

FRENCH ROUNDUP

The two bankers’ card organizations in

France, GIE Cartes Bancaires and GIE Carte Bleue, have announced significant reductions

in fraud from a level of 0.21% to 0.16% last year. This is due to better prevention, detection and repression of fraud, according to the companies. In December 1988, two important fraud networks were dismantled. The first was the arrest in Amiens of six people

COMPUTER FRAUD & 01989 Elsevier Science Publkbers Ltd., England./89&0.00 + 2.20 No part of this publication ma be re roduced, stored in a retrieval s stem, or transmitted by any form or

SECURITY BULLETIN bi any means, electronic, mecianic$ photocopying, recording or o x. envrsc, wthout the pnor permission o the publishers. (Readers in the U.S.A.- plea% see special regulations listed on back cover.)

Page 2: French roundup

Vol. 11, No. 7, Page 3

including a computer programmer working for Bull. At his home, police discovered about 5000 cards together with an ATM manufactured by Bull. The second involving the arrest of eight people uncovered a clandestine workshop including a gilding machine, stamping machine, encoding machine and dozens of authentic Cartes Bleues.

French company Hexale has developed new security software called Chargeur. It is claimed to protect any software working on PC or compatibles executed by the Microphar key and Cryptage. Many government and scientific establishments have opted for the system which will verify the existence of other

programmes in memory; reinitiate all vectors of interruption; verify the conformity of ROM BIOS and the conformity of the operating system being executed; verify the conformity

of the software being executed; protect pass words, and protect against the introduction of software generating erroneous results. Its price is Ffr 7500 without tax.

A new security processor Scytale will be launched on the French market in May.

Developed by Logical Assistance and Copemique, it intergrates the functions of the Scytale software to the Diram disk-drive

processors produced by Copernique. Security is through coding of confidential information stored on the disks. Copemique is working on making the unit portable. For the moment, it will only work with Bull DPS6 computers.

Price will be Ffr 150 000 before tax.

A survey of over 200 French companies

has shown a high level of computer crime not hitherto imagined.

The Centre d’Etudes Socio-Economiques asked 210 companies to answer a questionnaire which indicated that 15% of the companies had been victims of criminal

actions linked to computers in the last three years.

For half of the companies, the danger came from inside the firm.

Two out of three companies having suffered an attack took no action subsequently.

Seven out of ten companies reported that they knew of the January 1988 law (Law Number 88-19, see CF.93 Vol. 10, No. 6,

Page 3) relating to the suppression of computer fraud and half of these claimed they knew it in detail.

The companies questioned listed problems in the fight against computer crime in the following order: organizational problems, human problems and finally technical problems.

Philip Hill

ANTI-VIRUS PRODUCTS

Dr Fred Cohen, the computer virus expert, has developed a set of tools called ASP (Advanced System Protection) to prevent the effects of viruses. ASP protects the PC boot block, interrupt table, system files, program

files and data files. It uses a cryptographic checksum to ensure integrity. Any attempts to modify the protected system are quickly recognized and dealt with.

ASP operates at three levels. It can be implemented by the user to check specified

areas and files to ensure they have not been altered since the last check was made. It can be integrated into a normal working environment to ensure that system and

program checks are made before and after program execution. It can be implemented as a DOS shell to ensure all programs are executed from within the shell environment

and are automatically checked. Data files are also checked.

The set of tools will run on PCs, minis, mainframes and local area networks.

COMPUTER FRAUD & SECURITY BULLETIN

01989 Elsevier Science Pubkhers Ltd., Engiaod./89/$0.00 + 2.20 be re No part of this publicat+ ma educed, stored in a retrieval s stem, or transmiti by any form or

bp my ~~s,~l=~~lc, mpciaic$ photocopying, recording or o x . envtsc, without the pnor permission o the pubhshrs. (Readers m the U.S.A.- please see special regulations listed on back cover.)


Ranch Roundup

Ranch Roundup

Documents
Ramstein Roundup

Ramstein Roundup

Documents
35july13rural roundup

35july13rural roundup

Documents
Roundup shop

Roundup shop

Documents
HTML5 Roundup

HTML5 Roundup

Documents
Grocery Roundup

Grocery Roundup

Education
PE roundup China - Ernst & YoungFILE/EY-Roundup-China.pdf · 4 Private equity roundup — China Private equity roundup: China is published semiannually by EY to provide insight and

PE roundup China - Ernst & YoungFILE/EY-Roundup-China.pdf · 4 Private equity roundup — China Private equity roundup: China is published semiannually by EY to provide insight and

Documents
Kindergarten roundup

Kindergarten roundup

Education
API Roundup

API Roundup

Documents
Roundup MONTANAFWP

Roundup MONTANAFWP

Documents
Roundup Original

Roundup Original

Documents
ROUNDUP - historycollection.jsc.nasa.gov

ROUNDUP - historycollection.jsc.nasa.gov

Documents
Long term toxicity of a Roundup herbicide and a Roundup

Long term toxicity of a Roundup herbicide and a Roundup

Documents
VOCABULARY ROUNDUP

VOCABULARY ROUNDUP

Documents
NHL ROUNDUP NBA ROUNDUP Bruins outlast Sabres in SO in

NHL ROUNDUP NBA ROUNDUP Bruins outlast Sabres in SO in

Documents
1943 Roundup

1943 Roundup

Documents
PE roundup China - Building a better working world - EY - …FILE/EY-Roundup-China.… ·  · 2015-07-294 Private equity roundup — China Private equity roundup: China is published

PE roundup China - Building a better working world - EY - …FILE/EY-Roundup-China.… ·  · 2015-07-294 Private equity roundup — China Private equity roundup: China is published

Documents
Weekly Roundup

Weekly Roundup

Documents
ROUNDUP - History

ROUNDUP - History

Documents
RETAIL ROUNDUP

RETAIL ROUNDUP

Documents
ROUNDUP FLEX

ROUNDUP FLEX

Documents
Media Roundup

Media Roundup

Documents
Juicing Recipe Roundup

Juicing Recipe Roundup

Health & Medicine
Roundup 120430 PDF

Roundup 120430 PDF

Documents
Sistema roundup

Sistema roundup

Documents
Roundup - NASA

Roundup - NASA

Documents
Accounting Roundup

Accounting Roundup

Documents
IOL ROUNDUP

IOL ROUNDUP

Documents
Rural Roundup - Kingsdown Village Hallkingsdownvillagehall.org.uk/assets/docs/Rural Roundup April 2013.pdf · Fairmead, Church Lane, ... Rural Roundup Distributor - Lesley Dobby

Rural Roundup - Kingsdown Village Hallkingsdownvillagehall.org.uk/assets/docs/Rural Roundup April 2013.pdf · Fairmead, Church Lane, ... Rural Roundup Distributor - Lesley Dobby

Documents
Wyoming Roundup

Wyoming Roundup

Documents