829 lines
37 KiB
Plaintext
829 lines
37 KiB
Plaintext
|
|
Computer underground Digest Tue Mar 25, 1997 Volume 9 : Issue 24
|
|
ISSN 1004-042X
|
|
|
|
Editor: Jim Thomas (cudigest@sun.soci.niu.edu)
|
|
News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)
|
|
Archivist: Brendan Kehoe
|
|
Shadow Master: Stanton McCandlish
|
|
Shadow-Archivists: Dan Carosone / Paul Southworth
|
|
Ralph Sims / Jyrki Kuoppala
|
|
Ian Dickinson
|
|
Field Agent Extraordinaire: David Smith
|
|
Cu Digest Homepage: http://www.soci.niu.edu/~cudigest
|
|
|
|
CONTENTS, #9.24 (Tue, Mar 25, 1997)
|
|
|
|
File 1--Coup-d-etat on the Internet around Usenet hierarchy <gov.*>?
|
|
File 2--SANS Network Security Digest vol.1, No.2
|
|
File 3--Cu Digest Header Info (unchanged since 13 Dec, 1996)
|
|
|
|
CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN
|
|
THE CONCLUDING FILE AT THE END OF EACH ISSUE.
|
|
|
|
---------------------------------------------------------------------
|
|
|
|
Date: Mon, 17 Mar 1997 10:25:05 -0500
|
|
From: Paul Kneisel <tallpaul@nyct.net>
|
|
Subject: File 1--Coup-d-etat on the Internet around Usenet hierarchy <gov.*>?
|
|
|
|
On Sun, 16 Mar 1997 23:54:39 GMT, tale@isc.org (David C Lawrence)
|
|
<858556478.926@isc.org> wrote announcing the creation of a new
|
|
meta-hierarchial group under the <gov.*> hierarchy.:
|
|
|
|
I, like many others, have not followed every discussion on <news.groups> as
|
|
closely as I could have.
|
|
|
|
But I do not recall reading or seeing any Request For Discussion document
|
|
filed in <new.groups> or <news.groups.announce> for the creation of such
|
|
changes. Nor do I recall seeing any Call For Votes document for such a
|
|
massive change in the hierarchy.
|
|
|
|
I certainly could have missed such RFDs and CFVs.
|
|
|
|
But, assuming that I did not miss them because neither was ever issued, am
|
|
I the only one to see in the sudden creation of <gov.*> a slippery slope of
|
|
globally massive dimensions whereby the U.S. and inferentially other
|
|
governments just launched a info-war coup-d-etat on UseNet in particular
|
|
and the Internet in general?
|
|
|
|
[END TALLPAUL INSERT]
|
|
|
|
|
|
|
|
|
|
[BEGIN LAWRENCE INSERT]
|
|
|
|
Newsgroups--news.announce.newgroups,news.groups,news.admin.hierarchies
|
|
Subject--ANNOUNCE--GovNews gov.* hierarchy started for government information
|
|
Followup-To--news.admin.hierarchies
|
|
Message-ID--<858556478.926@isc.org>
|
|
Approved--newgroups-request@isc.org
|
|
Archive-Name--other.articles/govnews
|
|
Date--Sun, 16 Mar 1997 23:54:39 GMT
|
|
Lines--282
|
|
|
|
-----BEGIN PGP SIGNED MESSAGE-----
|
|
|
|
The GovNews hierarchy, gov.*, is a new framework for exchange of
|
|
public information at all levels of government around the world via
|
|
the Internet. It is a tool to improve communication to the government,
|
|
from the government, and between various governmental bodies by
|
|
providing both announcement channels and topical discussion groups.
|
|
|
|
Users can currently access the hierarchy via the NNTP server at
|
|
news.govnews.org. Many major sites, including AOL, AT&T, BBN Planet,
|
|
CompuServe, MCI, Sprint and UUNET, are also already carrying and
|
|
feeding the initial set of gov.* newsgroups, and it is listed in
|
|
<URL:ftp://ftp.isc.org/pub/usenet/CONFIG/active>.
|
|
|
|
The GovNews Project workers ask news administrators to please carry
|
|
this new hierarchy at their own sites as their resources allow. The
|
|
volume of the hierarchy is expected to be roughly that of comp.* or
|
|
rec.* --- far less than that of alt.binaries.*, since the majority of
|
|
traffic will be non-binary messages.
|
|
|
|
This message contains all the information news administrators need to
|
|
create the hierarchy at their own sites. Below is the PGP information
|
|
(see <URL:ftp://ftp.isc.org/pub/pgpcontrol/README.html>) for gov.*
|
|
control messages. Following it is a list of the initial set of
|
|
newsgroups for gov.*, with their descriptions. It is suitable for
|
|
input to INN's "docheckgroups" or C News's "checkgroups" scripts, or
|
|
can be suitably massaged on other systems to generate the list of
|
|
groups to add. Please note that many are moderated.
|
|
|
|
Additional information about the GovNews Project can be found at
|
|
<URL:http://www.govnews.org/govnews/>.
|
|
|
|
Thank you for your interest.
|
|
|
|
Control message PGP Signing Information:
|
|
|
|
Control message sender--gov-usenet-announce-moderator@govnews.org
|
|
Key User ID--gov.usenet.announce
|
|
Administrative group--gov.usenet.announce
|
|
Check also:
|
|
+ http://www.govnews.org/govnews/site-setup/gov.pgpkeys
|
|
+ pgp-public-keys@pgp.ai.mit.edu
|
|
("Subject--GET 0x7FFD7855", empty body)
|
|
|
|
- -----BEGIN PGP PUBLIC KEY BLOCK-----
|
|
Version--2.6.2
|
|
|
|
mQCNAzG6NYoAAAEEAOC2bDAFQlM5l81+WgWjJErVSCDeEyk+gzLionO42/CcC4Wm
|
|
eLgCLhl6y4OywoCDipYgOta0FG/dOMP9zTHaptc6HQJ2C+7rlWtSIn/g+Z4skgsP
|
|
SK2JbHe6FCPUphkV7MZ9iwOeTWpGeVo7T+ujSFRRd4dVk5ap2izi3FB//XhVAAUR
|
|
tBNnb3YudXNlbmV0LmFubm91bmNliQCVAwUQMwnq+Czi3FB//XhVAQFYxQQA1IGF
|
|
oFena1a9SI3lC9clkRr9w5nF7y4hh7T0DRg6M6r4naiegmisPFqvM1j8dnC3tU6x
|
|
5Vz1ATsP/Uu1GFecJ31u55m+N6pMrv56pqivK5PxV3PbEKV/9fHUT7o/2vsw3wge
|
|
AmsQ590GSur09cpxSY0TAU/hMQlK0FkN4jnGrAQ=
|
|
=rTFC
|
|
- -----END PGP PUBLIC KEY BLOCK-----
|
|
|
|
Thus, INN's control.ctl file would have lines like these:
|
|
|
|
newgroup:gov-usenet-announce-moderator@govnews.org:gov.*:verify-gov.usenet.a
|
|
nnounce
|
|
rmgroup:gov-usenet-announce-moderator@govnews.org:gov.*:verify-gov.usenet.an
|
|
nounce
|
|
checkgroups:gov-usenet-announce-moderator@govnews.org:gov.*:verify-gov.usene
|
|
t.announce
|
|
|
|
Newsgroups file lines:
|
|
|
|
gov.org.admin.financenet FinanceNet - information on public financial
|
|
management. (Moderated)
|
|
gov.org.g7.announce Announcements on G7 activities. (Moderated)
|
|
gov.org.g7.environment G7 Environment and Natural Resources Project.
|
|
(Moderated)
|
|
gov.org.g7.misc General G7 related discussions. (Moderated)
|
|
gov.topic.admin.finance.accounting Public accounting. (Moderated)
|
|
gov.topic.admin.finance.asset-liab-mgt Asset-liability management. (Moderated)
|
|
gov.topic.admin.finance.audits Financial audits of government agencies.
|
|
(Moderated)
|
|
gov.topic.admin.finance.budgeting Appropriations and budgeting management.
|
|
(Moderated)
|
|
gov.topic.admin.finance.calendar Calendar of public finance events.
|
|
(Moderated)
|
|
gov.topic.admin.finance.int-controls Internal financial controls. (Moderated)
|
|
gov.topic.admin.finance.misc General public finance topics. (Moderated)
|
|
gov.topic.admin.finance.municipalities Municipal financial issues. (Moderated)
|
|
gov.topic.admin.finance.news General government finance news. (Moderated)
|
|
gov.topic.admin.finance.payroll Government payroll issues. (Moderated)
|
|
gov.topic.admin.finance.perf-measures Financial performance measures.
|
|
(Moderated)
|
|
gov.topic.admin.finance.policy Government financial policy. (Moderated)
|
|
gov.topic.admin.finance.procurement Procurement management. (Moderated)
|
|
gov.topic.admin.finance.reporting Financial statements & reporting.
|
|
(Moderated)
|
|
gov.topic.admin.finance.state-county State and county financial issues.
|
|
(Moderated)
|
|
gov.topic.admin.finance.systems Financial software and hardware systems.
|
|
(Moderated)
|
|
gov.topic.admin.finance.training Financial personnel & training. (Moderated)
|
|
gov.topic.admin.finance.travel-admin Travel administration. (Moderated)
|
|
gov.topic.admin.privatization Privatization of government, Public/Private
|
|
partnerships. (Moderated)
|
|
gov.topic.finance.banks Banking, monetary supply, currency exchange.
|
|
(Moderated)
|
|
gov.topic.finance.securities Securities, commodity futures, etc. (Moderated)
|
|
gov.topic.forsale.misc Miscellaneous government asset sales. (Moderated)
|
|
gov.topic.info.systems.epub Government use of electronic publishing.
|
|
(Moderated)
|
|
gov.topic.info.systems.year2000 Accomodating dates after the year 2000.
|
|
gov.topic.telecom.announce Telecommunications related announcements.
|
|
(Moderated)
|
|
gov.topic.telecom.misc Telecommunications- telephone, radio, TV, Internet.
|
|
(Moderated)
|
|
gov.topic.transport.air Aviation, aircraft, travel by air. (Moderated)
|
|
gov.topic.transport.misc General international transportation. (Moderated)
|
|
gov.topic.transport.navigation Navigation systems. (Moderated)
|
|
gov.topic.transport.rail Railroad transportation. (Moderated)
|
|
gov.topic.transport.road Transportation over roads, auto safety, mass
|
|
transit. (Moderated)
|
|
gov.topic.transport.shipping International shipping and package delivery.
|
|
(Moderated)
|
|
gov.topic.transport.water Maritime related issues, transportation over
|
|
water. (Moderated)
|
|
gov.us.fed.cia.announce Central Intelligence Agency announcements. (Moderated)
|
|
gov.us.fed.congress.announce Announcements about Congress. (Moderated)
|
|
gov.us.fed.congress.bills.house Bill text from the House. (Moderated)
|
|
gov.us.fed.congress.bills.senate Bill text from the Senate. (Moderated)
|
|
gov.us.fed.congress.calendar.house House calendar of activities. (Moderated)
|
|
gov.us.fed.congress.calendar.senate Senate calendar of activities. (Moderated)
|
|
gov.us.fed.congress.discuss Followup discussions on Congress. (Moderated)
|
|
gov.us.fed.congress.documents Congressional documents. (Moderated)
|
|
gov.us.fed.congress.gao.announce Announcements about the Government
|
|
Accounting Office. (Moderated)
|
|
gov.us.fed.congress.gao.decisions Decisions from the Comptroller General.
|
|
(Moderated)
|
|
gov.us.fed.congress.gao.discuss Discussion on the Government Accounting
|
|
Office. (Moderated)
|
|
gov.us.fed.congress.gao.reports Reports from the Government Accounting
|
|
Office. (Moderated)
|
|
gov.us.fed.congress.record.digest Digest from the Congressional Record.
|
|
(Moderated)
|
|
gov.us.fed.congress.record.extensions Extension of remarks in the
|
|
Congressional Record. (Moderated)
|
|
gov.us.fed.congress.record.house House pages from the Congressional Record.
|
|
(Moderated)
|
|
gov.us.fed.congress.record.index Index to the Congressional Record.
|
|
(Moderated)
|
|
gov.us.fed.congress.record.senate Senate pages from the Congressional
|
|
Record. (Moderated)
|
|
gov.us.fed.congress.reports Congressional reports. (Moderated)
|
|
gov.us.fed.courts.announce U.S. Courts announcements. (Moderated)
|
|
gov.us.fed.dhhs.announce Department of Health and Human Services
|
|
announcements. (Moderated)
|
|
gov.us.fed.dhhs.fda.announce Food and Drug Administration announcements.
|
|
(Moderated)
|
|
gov.us.fed.dhhs.ssa.announce Social Security Administration announcements.
|
|
(Moderated)
|
|
gov.us.fed.doc.announce Department of Commerce announcements. (Moderated)
|
|
gov.us.fed.doc.cbd.awards Contract awards in Commerce Business Daily.
|
|
(Moderated)
|
|
gov.us.fed.doc.cbd.forsale Surplus Property Sales in Commerce Business
|
|
Daily. (Moderated)
|
|
gov.us.fed.doc.cbd.notices General notices in Commerce Business Daily.
|
|
(Moderated)
|
|
gov.us.fed.doc.cbd.solicitations Procurement solicitation in Commerce
|
|
Business Daily. (Moderated)
|
|
gov.us.fed.doc.cbd.standards Foreign standards notices in Commerce Business
|
|
Daily. (Moderated)
|
|
gov.us.fed.doc.census.announce Census Bureau announcements. (Moderated)
|
|
gov.us.fed.doc.noaa.announce National Oceanic and Atmospheric
|
|
Administration announcements. (Moderated)
|
|
gov.us.fed.dod.announce Department of Defense announcements. (Moderated)
|
|
gov.us.fed.dod.army.announce Department of the Army announcements. (Moderated)
|
|
gov.us.fed.dod.navy.announce Department of the Navy announcements. (Moderated)
|
|
gov.us.fed.dod.usaf.announce Department of the Air Force announcements.
|
|
(Moderated)
|
|
gov.us.fed.doe.announce Department of Energy announcements. (Moderated)
|
|
gov.us.fed.doi.announce Department of the Interior announcements. (Moderated)
|
|
gov.us.fed.doj.announce Department of Justice announcements. (Moderated)
|
|
gov.us.fed.dol.announce Department of Labor announcements. (Moderated)
|
|
gov.us.fed.dot.announce Department of Transportation announcements.
|
|
(Moderated)
|
|
gov.us.fed.dot.faa.announce Federal Aviation Administration announcements.
|
|
(Moderated)
|
|
gov.us.fed.dot.nhtsa.announce National Highway Traffic Safety
|
|
Administration announcements. (Moderated)
|
|
gov.us.fed.dot.uscg.announce United States Coast Guard announcements.
|
|
(Moderated)
|
|
gov.us.fed.ed.announce Department of Education announcements. (Moderated)
|
|
gov.us.fed.eop.announce Executive Office of the President announcements.
|
|
(Moderated)
|
|
gov.us.fed.eop.white-house.announce The President and White House Staff
|
|
announcements. (Moderated)
|
|
gov.us.fed.epa.announce Environmental Protection Agency announcements.
|
|
(Moderated)
|
|
gov.us.fed.fcc.announce Federal Communications Commission announcements.
|
|
(Moderated)
|
|
gov.us.fed.fdic.announce Federal Deposit Insurance Corporation
|
|
announcements. (Moderated)
|
|
gov.us.fed.fema.announce Federal Emergency Management Agency announcements.
|
|
(Moderated)
|
|
gov.us.fed.ferc.announce Federal Energy Regulatory Commission
|
|
announcements. (Moderated)
|
|
gov.us.fed.fmc.announce Federal Maritime Commission announcements. (Moderated)
|
|
gov.us.fed.frs.announce Federal Reserve System announcements. (Moderated)
|
|
gov.us.fed.gsa.announce General Services Administration announcements.
|
|
(Moderated)
|
|
gov.us.fed.hud.announce Department of Housing and Urban Development
|
|
announcements. (Moderated)
|
|
gov.us.fed.nara.announce National Archives and Records Administration
|
|
announcements. (Moderated)
|
|
gov.us.fed.nara.fed-register.announce Announcements about the Federal
|
|
Register. (Moderated)
|
|
gov.us.fed.nara.fed-register.authoring Discussion for Federal Register
|
|
authors. (Moderated)
|
|
gov.us.fed.nara.fed-register.contents Contents and Indexes of the Federal
|
|
Register. (Moderated)
|
|
gov.us.fed.nara.fed-register.corrections Corrections in the Federal
|
|
Register. (Moderated)
|
|
gov.us.fed.nara.fed-register.notices Notices in the Federal Register.
|
|
(Moderated)
|
|
gov.us.fed.nara.fed-register.presidential Presidential Documents in the
|
|
Federal Register. (Moderated)
|
|
gov.us.fed.nara.fed-register.proposed-rules Proposed Regulations in the
|
|
Federal Register. (Moderated)
|
|
gov.us.fed.nara.fed-register.rules Rules and Regulations in the Federal
|
|
Register. (Moderated)
|
|
gov.us.fed.nasa.announce National Aeronautics and Space Administration
|
|
announcements. (Moderated)
|
|
gov.us.fed.nasa.ksc.announce NASA Kennedy Space Center specific
|
|
announcements. (Moderated)
|
|
gov.us.fed.nrc.announce Nuclear Regulatory Commission announcements.
|
|
(Moderated)
|
|
gov.us.fed.nsf.announce National Science Foundation announcements. (Moderated)
|
|
gov.us.fed.nsf.documents National Science Foundation documents. (Moderated)
|
|
gov.us.fed.nsf.grants National Science Foundation grant information.
|
|
(Moderated)
|
|
gov.us.fed.opm.announce Office of Personnel Management announcements.
|
|
(Moderated)
|
|
gov.us.fed.sba.announce Small Business Administration announcements.
|
|
(Moderated)
|
|
gov.us.fed.sec.announce Securities and Exchange Commission announcements.
|
|
(Moderated)
|
|
gov.us.fed.state.announce Department of State announcements. (Moderated)
|
|
gov.us.fed.treasury.announce Department of the Treasury announcements.
|
|
(Moderated)
|
|
gov.us.fed.treasury.irs.announce Internal Revenue Service announcements.
|
|
(Moderated)
|
|
gov.us.fed.usaid.announce US Agency for International Development, IDCA,
|
|
OPIC. (Moderated)
|
|
gov.us.fed.usaid.pib USAID Procurement Information Bulletin. (Moderated)
|
|
gov.us.fed.usda.announce Department of Agriculture announcements. (Moderated)
|
|
gov.us.fed.va.announce Department of Veterans Affairs announcements.
|
|
(Moderated)
|
|
gov.us.org.admin.aga Association of Government Accountants. (Moderated)
|
|
gov.us.org.admin.fasab Federal Accounting Standards Advisory Board.
|
|
(Moderated)
|
|
gov.us.org.admin.gfoa Government Finance Officers Association. (Moderated)
|
|
gov.us.org.info.ace Americans Communicating Electronically. (Moderated)
|
|
gov.us.org.info.ala American Library Association. (Moderated)
|
|
gov.us.topic.agri.farms Farming- growing crops, raising livestock. (Moderated)
|
|
gov.us.topic.agri.food Food production and distribution, nutrition of food.
|
|
(Moderated)
|
|
gov.us.topic.agri.misc General agricultural issues. (Moderated)
|
|
gov.us.topic.agri.statistics Detailed statistics on crop, livestock, and
|
|
food production. (Moderated)
|
|
gov.us.topic.ecommerce.announce Government electronic commerce
|
|
infrastructure announcements. (Moderated)
|
|
gov.us.topic.ecommerce.misc Discussions concerning government electronic
|
|
commerce. (Moderated)
|
|
gov.us.topic.ecommerce.standards Standards for government electronic
|
|
commerce. (Moderated)
|
|
gov.us.topic.emergency.alerts Important bulletins for immediate
|
|
broadcasting. (Moderated)
|
|
gov.us.topic.emergency.misc Natural disasters, recovery, prevention.
|
|
(Moderated)
|
|
gov.us.topic.energy.misc Generation and delivery of energy. (Moderated)
|
|
gov.us.topic.energy.nuclear Nuclear power and radioactive materials.
|
|
(Moderated)
|
|
gov.us.topic.energy.utilities Regulated utilities providing gas and
|
|
electricity. (Moderated)
|
|
gov.us.topic.environment.air Air quality, ozone, greenhouse gases, noise.
|
|
(Moderated)
|
|
gov.us.topic.environment.announce Announcements on environmental
|
|
protection. (Moderated)
|
|
gov.us.topic.environment.misc General environmental protection. (Moderated)
|
|
gov.us.topic.environment.toxics Hazardous material use, disposal, cleanup.
|
|
(Moderated)
|
|
gov.us.topic.environment.waste Waste disposal, recycling. (Moderated)
|
|
gov.us.topic.environment.water Water issues--drinking, irrigation, sewage.
|
|
(Moderated)
|
|
gov.us.topic.finance.banks Banking, monetary supply, currency exchange.
|
|
(Moderated)
|
|
gov.us.topic.finance.securities Securities, commodity futures, etc..
|
|
(Moderated)
|
|
gov.us.topic.foreign.news Selected news media reports from outside the US.
|
|
(Moderated)
|
|
gov.us.topic.foreign.trade.leads Information on trade opportunities
|
|
collected by US governments. (Moderated)
|
|
gov.us.topic.foreign.trade.misc Issues involving foreign trade,
|
|
importation, customs. (Moderated)
|
|
gov.us.topic.foreign.trade.statistics Detailed statistical reports on
|
|
import/exports. (Moderated)
|
|
gov.us.topic.gov-jobs.employee.issues Discussions on government employee
|
|
issues. (Moderated)
|
|
gov.us.topic.gov-jobs.employee.news News of interest to government
|
|
employees. (Moderated)
|
|
gov.us.topic.gov-jobs.hr-admin Human Resources administration. (Moderated)
|
|
gov.us.topic.gov-jobs.offered.admin Administrative job opportunities in
|
|
government. (Moderated)
|
|
gov.us.topic.gov-jobs.offered.admin.finance Jobs in public financial
|
|
management. (Moderated)
|
|
gov.us.topic.gov-jobs.offered.admin.ses Senior Executive Service job
|
|
opportunity. (Moderated)
|
|
gov.us.topic.gov-jobs.offered.announce Announcements on job hunting in
|
|
government. (Moderated)
|
|
gov.us.topic.gov-jobs.offered.clerical Clerical job opportunities in
|
|
government. (Moderated)
|
|
gov.us.topic.gov-jobs.offered.engineering Engineering related job
|
|
opportunities in government. (Moderated)
|
|
gov.us.topic.gov-jobs.offered.foreign Federal job opportunities located
|
|
outside the US. (Moderated)
|
|
gov.us.topic.gov-jobs.offered.health Medical and health related job
|
|
opportunities in government. (Moderated)
|
|
gov.us.topic.gov-jobs.offered.law-enforce Law enforcement job opportunities
|
|
in government. (Moderated)
|
|
gov.us.topic.gov-jobs.offered.math-comp Math and computer related job
|
|
opportunities in government. (Moderated)
|
|
gov.us.topic.gov-jobs.offered.misc Unclassified public sector job
|
|
opportunities. (Moderated)
|
|
gov.us.topic.gov-jobs.offered.questions Questions and answers on job
|
|
hunting in government. (Moderated)
|
|
gov.us.topic.gov-jobs.offered.science Physical sciences job opportunities
|
|
in government. (Moderated)
|
|
gov.us.topic.gov-jobs.offered.technical Technical job opportunities in
|
|
government. (Moderated)
|
|
gov.us.topic.grants.research Grant opportunities for research. (Moderated)
|
|
gov.us.topic.info.abstracts.cdrom Abstracts of new CD-ROM releases.
|
|
(Moderated)
|
|
gov.us.topic.info.abstracts.epub Abstracts of new publications available
|
|
electronically. (Moderated)
|
|
gov.us.topic.info.abstracts.infosystems Abstracts of new online systems and
|
|
services. (Moderated)
|
|
gov.us.topic.info.abstracts.print Abstracts of new publications available
|
|
in hard copy. (Moderated)
|
|
gov.us.topic.info.libraries.govdocs Government documents libraries.
|
|
(Moderated)
|
|
gov.us.topic.info.libraries.technology Library information technology
|
|
discussion. (Moderated)
|
|
gov.us.topic.info.policy.announce Announcements on government information
|
|
policy. (Moderated)
|
|
gov.us.topic.info.policy.misc Discussions on government information policy.
|
|
(Moderated)
|
|
gov.us.topic.law.pub-contract Lawyers discuss Federal public contract law.
|
|
(Moderated)
|
|
gov.us.topic.nat-resources.forests Forestry, logging and wood production.
|
|
(Moderated)
|
|
gov.us.topic.nat-resources.land Other uses of public land, e.g. grazing,
|
|
wetlands, watershed. (Moderated)
|
|
gov.us.topic.nat-resources.marine Fishing, aquaculture, marine sanctuaries.
|
|
(Moderated)
|
|
gov.us.topic.nat-resources.minerals Extraction and transportation of
|
|
minerals. (Moderated)
|
|
gov.us.topic.nat-resources.oil-gas Extraction and transportation of oil and
|
|
gas. (Moderated)
|
|
gov.us.topic.nat-resources.parks Public land for recreation & tourism,
|
|
museums. (Moderated)
|
|
gov.us.topic.nat-resources.wildlife Wildlife management, hunting. (Moderated)
|
|
gov.us.topic.statistics.announce Brief announcements on economic and
|
|
demographic statistics. (Moderated)
|
|
gov.us.topic.statistics.reports Detailed reports on economic and
|
|
demographic statistics. (Moderated)
|
|
gov.us.topic.telecom.announce Announcements on general telecom policy
|
|
issues. (Moderated)
|
|
gov.us.topic.telecom.misc Discussion on general telecom policy issues.
|
|
(Moderated)
|
|
gov.us.topic.transport.air Aviation, aircraft, travel by air. (Moderated)
|
|
gov.us.topic.transport.misc General transportation in the US. (Moderated)
|
|
gov.us.topic.transport.rail Railroad transportation. (Moderated)
|
|
gov.us.topic.transport.road Transportation over roads, auto safety, mass
|
|
transit. (Moderated)
|
|
gov.us.topic.transport.shipping International shipping and package
|
|
delivery. (Moderated)
|
|
gov.us.topic.transport.water Maritime related issues, transportation over
|
|
water. (Moderated)
|
|
gov.us.usenet.admin Discussion of gov.us news admin.
|
|
gov.us.usenet.announce Admin announcements. (Moderated)
|
|
gov.us.usenet.answers FAQs and periodic articles. (Moderated)
|
|
gov.us.usenet.control Control messages for US gov newsgroup changes.
|
|
(Moderated)
|
|
gov.us.usenet.groups Discussion of gov.us management.
|
|
gov.us.usenet.lists News related statistics and lists. (Moderated)
|
|
gov.us.usenet.questions Q & A for users new to gov.us newsgroups.
|
|
gov.us.usenet.software Discuss gov.us specific software.
|
|
gov.us.usenet.test Use in testing news software setups.
|
|
gov.usenet.admin Discussion of gov news admininstration.
|
|
gov.usenet.announce Admin announcements. (Moderated)
|
|
gov.usenet.answers FAQs and periodic articles. (Moderated)
|
|
gov.usenet.control Control messages for top gov newsgroup changes. (Moderated)
|
|
gov.usenet.groups Discussion of gov hierarchy management.
|
|
gov.usenet.lists News related statistics and lists. (Moderated)
|
|
gov.usenet.questions Q & A for users new to gov newsgroups.
|
|
gov.usenet.software Discuss gov news specific software.
|
|
gov.usenet.test Use in testing news software setups.
|
|
|
|
-----BEGIN PGP SIGNATURE-----
|
|
Version--2.6.2
|
|
|
|
iQCVAwUBMythp40r1Dwz5C7pAQH7DgQAn5gXkWrMohbh8BrNkhSyO8CIHDhhdmwz
|
|
8LltFPw6Yl3sbQo/yeMKk6FYCFxjkbJV4vmmEtC3Vdbbv72/MObT2IxbFByjSIWP
|
|
SOBhY15ICPvdAR+OElkH5cpabsdfuiOkoL1J8bacBRBhhxIMWXQPsSbMgJbVULgW
|
|
D4AV6M562B8=
|
|
=NN77
|
|
-----END PGP SIGNATURE-----
|
|
|
|
[END LAWRENCE INSERT]
|
|
|
|
------------------------------
|
|
|
|
Date: Sun, 16 Mar 1997 22:50:55 -0500 (EST)
|
|
From: SANS'96 Conference Office <sans@clark.net>
|
|
Subject: File 2--SANS Network Security Digest vol.1, No.2
|
|
|
|
| |
|
|
| The SANS Network Security Digest |
|
|
| Contributing Editors: |
|
|
| Michele Crabb, Matt Bishop, Rob Kolstad |
|
|
| Marcus Ranum, Gene Schultz |
|
|
--A Resource for Computer and Network Security Professionals---
|
|
|
|
CONTENTS
|
|
1) BUFFER OVERFLOW BUG DISCOVERED IN RLOGIN
|
|
2) LAYMAN's EXPLANATION OF BUFFER OVERFLOW
|
|
3) YASB - YET ANOTHER SENDMAIL BUG
|
|
4) SERIOUS BUG IN WU-FTPD V2.4
|
|
5) TWO NEW NT SECURITY MAILING LISTS GO ONLINE
|
|
6) VULNERABILITY DISCOVERED IN NT RPC CODE
|
|
7) COPS V1.04 STILL MOST POPULAR HOST-BASED AUDITING TOOL
|
|
8) MACRO VIRUS PROBLEM CONTINUES TO GROW
|
|
9) MICROSOFT'S MACRO VIRUS PROTECTION TOOL (MVTOOL): AV OR PR?10) THE
|
|
NEVER-ENDING HOAX VIRUSES
|
|
|
|
NON NEWS:
|
|
11) RECOMMENDATIONS PLEASE: MOST USEFUL COMMERCIAL TOOLS?
|
|
|
|
|
|
---------------------------------------------------------------
|
|
1) BUFFER OVERFLOW BUG DISCOVERED IN RLOGIN
|
|
|
|
Yet another program has fallen victim to the buffer overflow
|
|
vulnerability family. This vulnerability allows a user with
|
|
access to an account on the host to potentially overrun a buffer
|
|
and possibly execute programs as root on the local machine. Patches
|
|
are available from some vendors and CERT has provided a wrapper
|
|
program as a workaround. For more information, see
|
|
|
|
<ftp://ftp.cert.org/pub/cert-advisories/CA-97.06.rlogin-term>
|
|
---------------------------------------------------------------
|
|
|
|
---------------------------------------------------------------
|
|
2) A LAYMAN's EXPLANATION OF BUFFER OVERFLOW
|
|
|
|
Stack and buffer overflows? Still wondering what it all means?
|
|
Security vulnerabilities resulting from buffer overflow problems
|
|
are very common today. To see how common, see Aleph One's "Smashing
|
|
the Stack for Fun and Profit." It's a layman's explanation of the
|
|
inner workings of buffer overflow problems. The article is located at:
|
|
|
|
<http://www.geek-girl.com/bugtraq/1996_4/0195.html>
|
|
|
|
Recent victim program of the buffer overflow problem include:
|
|
sendmail, gethostbyname, syslog, Linux/FreeBSD mount, and rlogin.
|
|
---------------------------------------------------------------
|
|
|
|
---------------------------------------------------------------
|
|
3) YASB - YET ANOTHER SENDMAIL BUG
|
|
|
|
A new vulnerability concerning a buffer overflow in the MIME
|
|
section of code has been discovered in Sendmail versions 8.8.3
|
|
and 8.8.4. This vulnerability allows an external attacker to
|
|
possibly gain access to a local host. Version 8.8.5, corrects
|
|
this bug and several others found in earlier versions. It's
|
|
available at:
|
|
|
|
<ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.8.5.tar.gz>
|
|
|
|
Vendor patches for their versions of sendmail are available from
|
|
many of the vendors. Refer to the CERT advisory located at:
|
|
|
|
<ftp://info.cert.org/pub/cert_advisories/CA-97.05.sendmail>
|
|
|
|
Those of you who are unable to upgrade to the latest version
|
|
or cannot install the vendor patch right away, will find a useful
|
|
a workaround described in that CERT Advisory.
|
|
---------------------------------------------------------------
|
|
|
|
---------------------------------------------------------------
|
|
4) SERIOUS BUG IN WU-FTPD V2.4
|
|
|
|
A new, potentially serious flaw was discovered in the wu-ftpd code.
|
|
The flaw is present in version 2.4 as well as in the version
|
|
available form Academ. The problem has been corrected in the
|
|
Academ version 2.4.2-beta-12. The vulnerability may allow regular
|
|
and anonymous users to access files on your ftp server as root.
|
|
The problem lies in the signal handling section of the code. An
|
|
advisory sent out by AUSCERT on 1/29/97 advises that this particular
|
|
bug may also be present in some vendor versions as well. For more
|
|
information, refer to the AUSCERT advisory at:
|
|
|
|
<ftp://ftp.auscert.org.au/pub/auscert/advisory/\
|
|
AA-97.03.ftpd.signal.handling.vul>
|
|
|
|
---------------------------------------------------------------
|
|
5) TWO NEW NT SECURITY MAILING LISTS GO ONLINE
|
|
|
|
Has your beloved desktop UNIX box been replaced with an NT? Are
|
|
you concerned about what security problems may be lurking on this
|
|
new platform? Two new NT security discussions mail lists may help
|
|
you find all the answers you seek. The first, NTbugtraq was created
|
|
in the spirit of bugtraq mailing list. To subscribe, send a message
|
|
to Listserv@rc.on.ca with "SUB NTBUGTRAQ Your Name" in the text. The
|
|
second, hosted by ISS, is called ntsecurity. To subscribe send email to
|
|
request-ntsecurity@iss.net and in the text put "subscribe ntsecurity".
|
|
---------------------------------------------------------------
|
|
|
|
---------------------------------------------------------------
|
|
6) VULNERABILITY DISCOVERED IN NT RPC CODE
|
|
|
|
While we are discussing NT, does your new Pentium Pro 200MHZ
|
|
processor running NT seem v e r y s l o w . . . ? Perhaps the
|
|
RPC services running on your workstation have been confused and
|
|
are consuming all the CPU resources. Recent postings to the NT
|
|
security mailing lists discuss how RPC services running on
|
|
NT (3.51 and 4.0) can be confused by a simple telnet to TCP port
|
|
135 and typing more than 15 characters. Microsoft has a patch for
|
|
the problem. Refer to:
|
|
|
|
<ftp://ftp.microsoft.com/bussys/winnt/winnt-public/\
|
|
fixes/usa/nt40/hotfixes-postSP2/RPC-fix>
|
|
---------------------------------------------------------------
|
|
|
|
---------------------------------------------------------------
|
|
7) COPS V1.04 STILL MOST POPULAR HOST-BASED AUDITING TOOL
|
|
|
|
COPS is a UNIX security toolkit that analyzes your system security.
|
|
COPS version 1.04 still leads the charge for testing system
|
|
integrity and vulnerability level. Despite being several years
|
|
old, COPS continues to be an excellent public domain product for
|
|
examining group and password files, root environment and system
|
|
setup, user home directories, important system configuration files,
|
|
ftp setup and several miscellaneous problems. If you are already
|
|
using COPS, then you are well aware of the benefits provided.
|
|
|
|
If you are not yet using COPS, it makes sense to at least try it
|
|
out. You can find it at:
|
|
|
|
<ftp://ftp.cert.org/pub/tools/cops>
|
|
|
|
COPS is one of many tools described in Matt Bishop's latest course
|
|
on security tools which he will present at SANS97 in April.
|
|
See <http://www.sans.org/> for more information.
|
|
---------------------------------------------------------------
|
|
|
|
---------------------------------------------------------------
|
|
8) MACRO VIRUS PROBLEM CONTINUES TO GROW
|
|
|
|
The remorseless rise of the macro virus continues. The latest
|
|
Macro Virus List published by the Virus Test Centre at the
|
|
University of Hamburg lists 205 viruses, most of which are Word
|
|
viruses The list also includes ten Trojan Horses (malicious
|
|
programs which don't replicate) and five macro virus generators
|
|
(programs which allow the wannabe virus coder to 'create' viruses
|
|
without the hassle of actual programming).
|
|
|
|
The list is located at:
|
|
|
|
<ftp://ftp.informatik.uni-hamburg.de/pub/virus/macro/macrolst.96c>
|
|
|
|
The December WildList reports more than twenty macro viruses as
|
|
being in the wild. Another twenty or so made the Supplemental
|
|
List. The WildList gives some idea of which viruses are actually
|
|
in the wild by tracking virus incidents reported by at least two
|
|
of the of the 45 virus information professionals who participate in
|
|
the list. The Supplemental List includes viruses which only one of
|
|
these professionals has reported. The most common reports are of
|
|
WM.Concept.A (the original 'prank macro'), WM.Wazzu.A, and the
|
|
comparatively recent NPad (Jakarta).
|
|
|
|
The Wildlist also provides a listing of the most frequently reported
|
|
viruses (those reported by at least one-third of the 45 participants).
|
|
|
|
You can find the December Wildlist at two locations:
|
|
|
|
<ftp://ftp.ncsa.com/pub/virus/wildlist/>
|
|
<http://www.virusbtn.com/WildLists/>
|
|
---------------------------------------------------------------
|
|
|
|
---------------------------------------------------------------
|
|
9) Microsoft's Macro Virus Protection Tool (MVTOOL): AV or PR?
|
|
|
|
Microsoft's ScanProt protection tool (a collection of WordBasic
|
|
macros) is frequently recommended as a prophylactic against macro
|
|
viruses. However, MVTOOLS's capabilities should not
|
|
be overestimated. The primary purpose of the tool is to alert
|
|
users to the existence of macros in their documents.
|
|
|
|
- It actually recognizes only the original Concept virus
|
|
(WM.Concept.A). It can clean Concept, but is liable to
|
|
crash if it encounters too many infected files.
|
|
|
|
- Though other viruses are mentioned in the README.DOC
|
|
which accompanies the protection tool, the others are
|
|
not specifically recognized now and may never be.
|
|
|
|
It's best to supplement MVTOOL by purchasing one of the many
|
|
anti-virus utilities such as F-Prot Professional or VirusScan.
|
|
|
|
For more information on MVTOOL see:
|
|
|
|
<http://www.microsoft.com/word/freestuff/mvtool/virusinfo.htm>
|
|
---------------------------------------------------------------
|
|
|
|
---------------------------------------------------------------
|
|
10) THE NEVER-ENDING HOAX VIRUSES
|
|
|
|
Hoax alerts are becoming an increasing drain on corporate
|
|
resources. As more companies implement effective virus-control
|
|
strategies, most viruses being detected at the point of entry.
|
|
Security professionals increasingly find themselves spending
|
|
more time on hoaxes, jokes and erroneous alerts than on 'real'
|
|
virus incidents.
|
|
|
|
Many hoax alerts are variations on the infamous 'Good Times'
|
|
virus - for instance Deeyenda, PenPal Greetings, and Irina are
|
|
all fairly easily identified, even by the technically challenged,
|
|
by symptoms such as a surfeit of capital letters and exclamation
|
|
marks, citing of unlikely authorities such as the FCC, and
|
|
urgings to forward the alert to as many people as possible.
|
|
|
|
While it is easy enough to circulate details of known hoaxes, it
|
|
gets harder to tell non-experts how to recognize a new hoax as
|
|
they become more numerous and ingenious.
|
|
|
|
Two suggestions:
|
|
|
|
(1) Refer all alerts to a security professional with the contacts
|
|
and experience to verify them, or the will to acquire the experience.
|
|
|
|
(2) Make it a matter of policy that users don't forward alerts
|
|
without having them verified.
|
|
|
|
Newbie hoax-watchers are advised to keep an eye on the following
|
|
web sites:
|
|
http://ciac.llnl.gov/ciac/CIACHoaxes.html
|
|
http://www.kumite.com/myths/
|
|
http://www.datafellows.com/
|
|
http://www.drsolomon.com/
|
|
|
|
NON-NEWS:
|
|
11) RECOMMENDATIONS PLEASE: MOST USEFUL COMMERCIAL TOOLS?
|
|
|
|
We've persuaded the leading vendors in several categories to show
|
|
their newest offerings at SANS (O'Reilly for books; Axent for
|
|
access control; Syntax for network integration of UNIX, Netware,
|
|
NT and Mac; ESM for name space management for intranets; Auspex
|
|
and Falcon for very fast NFS Servers; and PDC for backup, plus a
|
|
bunch more.) Nine spots are left, and we want to reserve them for
|
|
organizations that are leaders in other useful categories or for
|
|
innovative small companies on the East Coast. If you have an
|
|
opinion about candidates in either category, please email
|
|
alanpaller@aol.com, with your suggestion and an explanation of
|
|
why their product is important enough to be in the SANS97 exhibits.
|
|
|
|
|
|
====================================================================
|
|
Subscription deadline: March 31, 1997 - If you have a forwarded copy,
|
|
please register before then.
|
|
|
|
The SANS Network Security Digest is published eight times per
|
|
year as a service to those who attend SANS and the Network
|
|
Security conferences. Others may subscribe, as well. (Current
|
|
registered subscriber base is 6,437) To subscribe, send email to
|
|
sans@clark.net with 'Subscribe Network Security Digest your name'
|
|
in the first line of text or in the subject line. Subscriptions
|
|
(running through Dec. 1998) are free for those who subscribe
|
|
before March 31, 1997. After that date, subscriptions cost $80/year
|
|
for those who do not attend SANS or Network Security. This issue is
|
|
the last one that may be freely copied and re-distributed. Please
|
|
subscribe if your copy did not come directly from SANS.
|
|
|
|
------------------------------
|
|
|
|
Date: Thu, 15 Dec 1996 22:51:01 CST
|
|
From: CuD Moderators <cudigest@sun.soci.niu.edu>
|
|
Subject: File 3--Cu Digest Header Info (unchanged since 13 Dec, 1996)
|
|
|
|
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
|
|
available at no cost electronically.
|
|
|
|
CuD is available as a Usenet newsgroup: comp.society.cu-digest
|
|
|
|
Or, to subscribe, send post with this in the "Subject:: line:
|
|
|
|
SUBSCRIBE CU-DIGEST
|
|
Send the message to: cu-digest-request@weber.ucsd.edu
|
|
|
|
DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS.
|
|
|
|
The editors may be contacted by voice (815-753-0303), fax (815-753-6302)
|
|
or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL
|
|
60115, USA.
|
|
|
|
To UNSUB, send a one-line message: UNSUB CU-DIGEST
|
|
Send it to CU-DIGEST-REQUEST@WEBER.UCSD.EDU
|
|
(NOTE: The address you unsub must correspond to your From: line)
|
|
|
|
Issues of CuD can also be found in the Usenet comp.society.cu-digest
|
|
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
|
|
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
|
|
libraries and in the VIRUS/SECURITY library; from America Online in
|
|
the PC Telecom forum under "computing newsletters;"
|
|
On Delphi in the General Discussion database of the Internet SIG;
|
|
on RIPCO BBS (312) 528-5020 (and via Ripco on internet);
|
|
and on Rune Stone BBS (IIRGWHQ) (860)-585-9638.
|
|
CuD is also available via Fidonet File Request from
|
|
1:11/70; unlisted nodes and points welcome.
|
|
|
|
In ITALY: ZERO! BBS: +39-11-6507540
|
|
In LUXEMBOURG: ComNet BBS: +352-466893
|
|
|
|
UNITED STATES: etext.archive.umich.edu (192.131.22.8) in /pub/CuD/CuD
|
|
ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/
|
|
aql.gatech.edu (128.61.10.53) in /pub/eff/cud/
|
|
world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/
|
|
wuarchive.wustl.edu in /doc/EFF/Publications/CuD/
|
|
EUROPE: nic.funet.fi in pub/doc/CuD/CuD/ (Finland)
|
|
ftp.warwick.ac.uk in pub/cud/ (United Kingdom)
|
|
|
|
|
|
The most recent issues of CuD can be obtained from the
|
|
Cu Digest WWW site at:
|
|
URL: http://www.soci.niu.edu/~cudigest/
|
|
|
|
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
|
|
information among computerists and to the presentation and debate of
|
|
diverse views. CuD material may be reprinted for non-profit as long
|
|
as the source is cited. Authors hold a presumptive copyright, and
|
|
they should be contacted for reprint permission. It is assumed that
|
|
non-personal mail to the moderators may be reprinted unless otherwise
|
|
specified. Readers are encouraged to submit reasoned articles
|
|
relating to computer culture and communication. Articles are
|
|
preferred to short responses. Please avoid quoting previous posts
|
|
unless absolutely necessary.
|
|
|
|
DISCLAIMER: The views represented herein do not necessarily represent
|
|
the views of the moderators. Digest contributors assume all
|
|
responsibility for ensuring that articles submitted do not
|
|
violate copyright protections.
|
|
|
|
------------------------------
|
|
|
|
End of Computer Underground Digest #9.24
|
|
************************************
|
|
|