home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacker 2
/
HACKER2.mdf
/
virus
/
virusl3
/
virusl3.115
< prev
next >
Wrap
Text File
|
1995-01-03
|
30KB
|
704 lines
VIRUS-L Digest Monday, 18 Jun 1990 Volume 3 : Issue 115
Today's Topics:
Re: Password Standards Checking
New PC Virus (PC)
armageddon the GREEK virus (PC)
What do I do about Yankee Doodle
RE: GateKeeper Aid 'ADBS' Query (Mac)
Virus Catalog
Mainframe attacks (MVS)
Re:Vanishing Disk Space
Gatekeeper Aid and the ADBS "virus" (Mac)
GateKeeper Aid 'ADBS' Query (Mac)
Re: Password Standards Checking
F-PROT via FTP (PC)
Help requested with a purported Yankee Doodle infection (PC)
Discussion: definitions of common computer beasts (ie. viruses..)
FORM-Virus (PC)
Re: Password Standards Checking
VIRUS-L is a moderated, digested mail forum for discussing computer
virus issues; comp.virus is a non-digested Usenet counterpart.
Discussions are not limited to any one hardware/software platform -
diversity is welcomed. Contributions should be relevant, concise,
polite, etc. Please sign submissions with your real name. Send
contributions to VIRUS-L@IBM1.CC.LEHIGH.EDU (that's equivalent to
LEHIIBM1.BITNET for BITNET folks). Information on accessing
anti-virus, documentation, and back-issue archives is distributed
periodically on the list. Administrative mail (comments, suggestions,
and so forth) should be sent to me at: krvw@CERT.SEI.CMU.EDU.
Ken van Wyk
---------------------------------------------------------------------------
Date: 15 Jun 90 10:24:40 +0000
From: berg@cip-s01.informatik.rwth-aachen.de (Solitair)
Subject: Re: Password Standards Checking
You should try the alt.security list. There has been a fairly elaborate
discussion about this topic on that newsgroup.
- --
Sincerely, | berg@cip-s01.informatik.rwth-aachen.de
Stephen R. van den Berg | ...!uunet!mcsun!unido!rwthinf!cip-s01!berg
------------------------------
Date: Fri, 15 Jun 90 15:44:09 -0500
From: Christoph Fischer <RY15@DKAUNI11.BITNET>
Subject: New PC Virus (PC)
We reveived a HEX-Dump of a new virus via FAX (disk is still in mail)
from what we analysed sofar we can tell it is the sought after
AMBULANCE CAR VIRUS.
infects COM files (796 Bytes long), does multiple infections upon
invocation!
More after the complete analysis.
Christoph Fischer
*****************************************************************
* Christoph Fischer *
* Micro-BIT Virus Team / University of Karlsruhe / West-Germany *
* D-7500 Karlsruhe 1, Zirkel 2, Tel.: (0)721-37 64 22 *
* E-Mail: RY15 at DKAUNI11.BITNET *
*****************************************************************
'Christoph Fischer VIRUS-L@IBM1.CC.LEH 6/15/90 New virus (PC)
------------------------------
Date: Thu, 14 Jun 90 02:08:06 +0700
From: Hmm70@GRATHUN1.BITNET
Subject: armageddon the GREEK virus (PC)
*****************************************************************************
* *
* Vaccine for the >> Armagedon the GREEK << virus *
* *
* (c) copyright 1990 George Spiliotis *
* English documentation by Lefteris Kalamaras *
*****************************************************************************
This is a public domain program. It is in NO way allowed for anyone to sell
this program or its documentation for profit. (Usual public domain rules apply)
DISCLAIMER
The author of this program is in NO way liable for any damage caused by this
program, its use or its modifications. (Usual disclaimer rules apply)
"Armageddon the GREEK" scan
I received a copy of a program recently, which contained a virus SCAN V62
could NOT identify! After having worked on its code for some time, I discovered
the following:
1) The virus becomes resident in memory
2) It infects .COM files ONLY
3) It sends the message "Armageddon the GREEK" to the 4 com ports from time to
time
It is possible that this virus is a modified existing one in which the author,
by changing the message to "Armageddon the GREEK", managed to get SCAN V62
inoperative.
This program is a vaccine for "Armageddon the GREEK". It can also scan and
clean modified versions of this virus if the only thing changed is the message.
You can stop the vaccine from cleaning the infected files from the virus by
specifying "/n" in the command line.
VALIDATE gave the following results:
File Name: scanarma.exe
Size: 7,584
Date: 6-1-1990
File Authentication:
Check Method 1 - C9FC
Check Method 2 - 192C
Examples:
(SCANARMA c: (checks drive c:)
(SCANARMA a:\temp (checks drive a: dir temp)
(SCANARMA /n b: (checks b: but does NOT clean the infected files)
(
Good Luck!
For more information, you can contact the author of the vaccine, George
Spiliotis at the address below, or call LinK BBS in Athens, where you will
find the latest version of the vaccine, or send a message to LEKA@GRATHUN1
to contact Lefteris Kalamaras.
George Spiliotis
26-28 Digeni st. Voula
Athens, 16673 GREECE
or
Lefteris Kalamaras
43 Serifou st. K.Patissia
Athens 11254 Greece
BBS phone : 30-1-867-4834
voice # : 30-1-864-5363
BitNet : LEKA@GRATHUN1 or ELKALAMARAS@VASSAR
------------------------------
Date: 15 Jun 90 20:21:28 +0000
From: ctycal!ingoldsb@uunet.UU.NET (Terry Ingoldsby)
Subject: What do I do about Yankee Doodle
We have had an outbreak of the Yankee Doodle virus (as detected by
ViruScan). We now realize that we have a variety of tools to detect
viruses, but now that we've caught it we don't know what to do about
it. Any suggestions? We are not an Internet site, but might be able
to persuade a local site to get us something. Help.
- --
Terry Ingoldsby ctycal!ingoldsb@calgary.UUCP
Land Information Services or
The City of Calgary ...{alberta,ubc-cs,utai}!calgary!ctycal!ingoldsb
------------------------------
Date: Fri, 15 Jun 90 16:31:53 -1100
From: Michael Perrone <A2MP@PSUORVM.BITNET>
Subject: RE: GateKeeper Aid 'ADBS' Query (Mac)
It could be a WDEF clone, or a new implied loader type virus. Gatekeeper
aid is designed to detect and remove any virus of this type.
Michael Perrone, Portland State University, Computing Services; Macintosh
Programming and support.
------------------------------
Date: 16 Jun 90 00:38:54 +0000
From: afraser@gara.une.oz.au (J. Barichnakov)
Subject: Virus Catalog
Does anyone know when the next version of the virus catalog is to be
published??????? I am presently writing a paper based on Computer
Viruses and would appreciate any information that can be found.
(Thanks to those people that have already sent me the Virus catalog's
MSDOSVIR.A89 and MSDOSVIR.290).
Thank's In Advance
afraser@gara.une.oz.au
------------------------------
Date: Fri, 15 Jun 90 22:13:25 -0400
From: Tony Harminc <TONY@MCGILL1.BITNET>
Subject: Mainframe attacks (MVS)
In 1974 the University of Toronto installed MVS for academic
computing. Within one week of installing this supposedly secure
system, an integrity exposure had been found and exploited by the
community of undergrad hackers who had spent a lot of effort hacking
the older (and known to be full of holes) MVT. (Historical details on
request if anyone cares.)
I think mainframe hacking was much more popular in those days simply
because mainframes were all there were. I don't know of any viruses,
but some quite diabolical things were invented. Certainly Trojans
were common on the APL system, and a couple were successfully
perpetrated on the operations staff. There were also a couple of
schemes concocted to clog up the network with endlessly shuttling
files. ("The network" then consisted of two computers.)
------------------------------
Date: 14 Jun 90 17:14:52 +0000
From: bytor@milton.u.washington.edu (Michael Lorengo)
Subject: Re:Vanishing Disk Space
Please disregard the previous message, it seemed that it was
a word perfect file that was eating up disk space, it seemed
a station was left in word perfect, on the directory screen,
and the a certain file on that station grew to 66,433,323 bytess
once we deleted that file, the problem was gone.
------------------------------
Date: Sat, 16 Jun 90 17:17:14 -0500
From: chrisj@emx.utexas.edu (Chris Johnson)
Subject: Gatekeeper Aid and the ADBS "virus" (Mac)
A copy of a posting by Hervey Allen (HALLEN@oregon.uoregon.edu) was recently
relayed to me by Werner Uhrig. Mr. Allen was looking for an explanation of
the nature of the 'ADBS' virus that Gatekeeper Aid had recently discovered
on a co-worker's Mac IIcx.
Here's the story:
First, the co-worker is using version 1.0 of Gatekeeper Aid. That version
is seriously flawed by one major bug which was caused by a terribly inaccurate
sentence in Inside Macintosh. Unfortunately for us all, the bug didn't cause
any problems for me or my 1.0 testers, so it wasn't caught until it was
released. :-( Anyway, please upgrade to the current version which is 1.0.1.
Anyway, the 'ADBS' problem is unrelated to that one major bug. The source
of this problem is the selection by Adobe of the 'ADBS' file creator code
for their Adobe Separator utility. You see, 'ADBS' (as a resource type)
had been reserved by Apple since 1987 for storing the code that drives the
Apple Desktop Bus. Since all file creator codes are represented in the
Desktop file as resources of the same type, having a program on a disk
with a file creator code of 'ADBS' results in the creation of an 'ADBS'
resource in the Desktop file. Gatekeeper Aid knows that resources of
types reserved for storing executable code don't belong in non-executable
files like the Desktop, so it alerts you to their presence and removes
them. This means that as soon as Gatekeeper Aid notices that 'ADBS' has
been added to the Desktop file, it will remove it.
Of course, this also means that as soon as the Finder next comes across
the Adobe Separator utility, it will look in the Desktop file to make sure
it's entry is there. The Finder will then discover that Separator doesn't
have an entry (the 'ADBS' resource has been removed by Gatekeeper Aid), so
the Finder will add the 'ADBS' back into the Desktop file, and the cycle
begins anew once more.
I don't know whether Apple's creator code registration folks inadvertantly
allowed Adobe to give 'ADBS' to Separator because they were unaware of this
issue, or whether Adobe just made an unfortunate selection of creator codes,
but I have heard from one gentleman at Adobe about this matter. I suggested
to him that Separator's creator code should be changed at the next opportunity.
I don't know whether or not the code actually will be changed as it should be,
but I hope so. Are there any Adobe folks out there? Can you get this changed?
(As an aside, Separator is not the only program ever to receive a file
creator code that was already assigned to an executable resource type.
Two other utilities exist with this problem. One uses the 'FKEY' type and
the other uses the 'FMTR' type.)
Anyway, Gatekeeper Aid 1.0.1, in addition to correcting the major bug
mentioned earlier, deals more gracefully with this 'ADBS' problem. First,
it attempts to determine whether or not suspicious resources in the Desktop
file are actually legitimate Desktop file entries before removing them.
Second, it doesn't refer to suspicious resources found in places they
don't belong as "viruses" - this conclusion was unfounded and caused too
much concern among those who saw the alerts. Suspicious resources are now
referred to as merely "Implied Loader resources", which is what they actually
are.
So, once again, please upgrade to version 1.0.1 of Gatekeeper Aid. Not only
did it eliminate one very nasty bug, but it eliminates these false alarms
in the Desktop file.
By the way, Gatekeeper Aid 1.0.2 has been in beta testing for months now.
If everything goes well with the testing of the latest beta, it could be
released in the next several weeks. Sadly, though, I can't make any
guarantees.
I hope this helps,
- ----Chris (Johnson)
- ----Author of Gatekeeper
- ----chrisj@emx.utexas.edu
------------------------------
Date: Sat, 16 Jun 90 18:40:00 -0400
From: R3B@VAX5.CIT.CORNELL.EDU
Subject: GateKeeper Aid 'ADBS' Query (Mac)
Quote
"A member of our computing center uses GateKeeper Aid on her Macintosh IIcx
and has received the following message:
GateKeeper Aid found an "Implied Loader 'ADBS' virus in the Desktop
file on the "Animal Sanctuary" disk. The virus was removed.
"
I think that all you need to do is to update Gatekeeper Aid to v. 1.0.1
The earlier v. did not like Adobe Separator's icon (and maybe some other
things).
- ----------------------------------
Richard Howland-Bolton
Manager Publications Computing
Cornell University
Internet: R3B@VAX5.CIT.CORNELL.EDU
Compuserve: 71041,2133
Voice: (607) 255-9455
FAX: (607) 255-5684
Etc, etc.
- ----------------------------------
------------------------------
Date: 17 Jun 90 16:27:05 +0000
From: bnrgate!.bnr.ca!hwt@uunet.UU.NET (Henry Troup)
Subject: Re: Password Standards Checking
TS0258@OHSTVMA.BITNET (Chuck Sechler) writes:
>Basically, we want to know if there has been any work on MVS and CMS platforms
,
>to keep users from picking obvious passwords, like their name, password same
>as userid, password is a word, etc. On MVS we are working on Top Secret
Under VM/SP (CMS) we use VMSECURE, which has a user exit facility that can be
and is used for this kind of checking. It also stored password encrypted,
and keeps the last 'n' passwords to prevent reuse. It also provides password
aging, proxy login, and a number of other nice features.
Disclaimer: no longer a system programmer, just a happy user...
- --
Henry Troup - BNR owns but does not share my opinions
..uunet!bnrgate!hwt%bwdlh490 or HWT@BNR.CA
------------------------------
Date: Mon, 18 Jun 90 11:46:38 +0000
From: frisk@rhi.hi.is (Fridrik Skulason)
Subject: F-PROT via FTP (PC)
I have been trying (unsuccessfully) to upload F-PROT to SIMTEL20, but
those of you wanting to obtain a copy of the package via FTP can get
it from chyde.uwasa.fi (128.214.12.3). It can be found as
fprot110.zip in the "pc/virus" directory.
- -frisk
------------------------------
Date: Mon, 18 Jun 90 10:07:00 -0400
From: Dimitri Vulis <DLV@CUNYVMS1.BITNET>
Subject: Help requested with a purported Yankee Doodle infection (PC)
Hello,
A little while ago I snailed some diskettes to a colleague in Poland.
He has just sent me e-mail saying that the executable files are infected
with the Yankee Doodle Virus. This is the first time I hear of this virus,
of course. :)
Since the files were PKZIPped before shipping, it's reasonable to conclude
that the machine they came from is also infected.
Questions:
1. Can someone refer me to a document, or a previous discussion on this news-
group, where this virus is discussed? What does it do?
2. Can someone please recommend a PD or shareware program for *scanning*
existing executable files for this speciaes of virus (and others, if possible).
Thanks,
Dimitri Vulis
Department of Mathematics
City University of New York Graduate Center
Administrator of RUSTEX-L, the Russian text processing mailing list
------------------------------
Date: Sun, 17 Jun 90 22:21:07 +0200
From: swimmer@fbihh.informatik.uni-hamburg.de (Morton Swimmer)
Subject: Discussion: definitions of common computer beasts (ie. viruses..)
I haven't recieved as many definitions as I hoped, but I decided to
post the ones I recieved anyway.
============ This is how it started: ==============
[MS: I wrote...]
I have been increasingly perplexed by the fact that there seems
to be little consensus on what the definition of the term
"Computer Virus" actually includes. This goes for other computer
"beasts" such as "Trojan Horses" and "Worms". I would be interrested
in hearing what other people think a virus is.
Here are my own definitions:
Computer Virus: a non-autonomous program that has the ability to
copy itself onto a target.
Trojan Horse: an autonomous program that has a function unknown
(and unwanted) by the user.
Worm: a program or set of programs that have the ability to
propagate throughout a network of computers.
Please note that both worm and virus definitions do not
include the possibility of a payload. This may or may not be a
weak point. Also note that the definitions of virus and trojan
differ greatly from how Cohen defines them. This is intentional
as I feel that Cohen's definition of virus is too broad (it can
include a normal program such as DISKCOPY!). I'm not happy with
my definition of worm myself. Also, (and this should be obvious)
none of my definitions are very formal.
[MS: with payload I meant a routine that does something unrelated
to the propagation of the virus or worm.]
=============
[MS: Padgett Peterson <padgett%tccslr.dnet@uvs1.orl.mmc.com>
wrote...]
I agree with you completely & thing the whole question of
definitions is getting out of hand: the public is calling ANYTHING
out of the ordinary a virus and Dr. Tippett is not helping matters.
[MS: what did Dr. Tippett say?]
To me, the primary difference between a virus and a worm is
that a virus is parasitical (cannot exist by itself) while worms are
stand-alone entities.
To simplify things, I put together a list of seven elements of
malicious software. Not all will contain each but helps for classification:
1) Insertion - The introduction of software to an environment.
2) Evasion - Actions taken to avoid detection.
3) Mutation - Adaptation to a system or environment.
4) Replication - The means for propagation.
5) Trigger - Signal for change from covert to overt action.
6) Action - The overt action.
7) Eradication - Removal of the infection following action.
Further subclassifications would identify the particular type such
as for (4), type (a) might identify singular procreation (worms) while type
(b) might be parasites (viruses) .
The DATACRIME virus for instance contained a code segment to permit the
initial version to be distributed as a standalone (4a) but which mutated
(3) into a parasite (4b) once exposed to executable files.
For instance, only worms and viruses contain elements (3) and (4)
and differ only in method. Logic Bombs are characterized by having (2) & (6)
only. A trojan horse on the other hand may also contain (5).
Obviously, all malicious software requires (1) but this may be treated
as a separate issue.
I developed this list some time ago but have been reluctant to pulish
it as it is essentially a check-list for modular malicious software, however
in view of some other postings, this does not have further validity and may
help in understanding just what these constructs do.
[MS: thank you for posting it anyway. I feel that your checklist is not
precise enough. Or maybe I just haven't understood it fully.]
Padgett Peterson
arget: A program.
=============
[MS: Paul Shields <shields%nexus.yorku.ca@unido>
wrote...]
[MS: my own stuff deleted]
Ok, here is how I use the terms:
virus: a parasitic program capable of infecting (attaching
itself to) other programs, so that it will be executed when the
infected program is executed.
trojan horse: a program that appears to be another program
in order to trick a person into executing it or upon executing it
to reveal a secret, such as a password.
[MS: I would leave out the bit about the secret. It makes the definition
too specific]
worm: an autonomous program designed to "stay alive"
by executing itself as many times as possible, possibly
taking advantage of propagation through computer networks.
[MS: Hmm, I dont see how this definition defines anything. A virus tries
to "stay alive" by spreading as far as possible. In effect it is being
executed "as many times as possible". I always related worms to networks.]
[MS: the rest deleted. It was a comment on my use of the word "payload"]
============
[MS: Thomas E. Zmudzinski wrote...]
[MS: ...my posting deleted...]
As the Japanese would say, a most honorable first attempt. I'm afraid
that you're about to get zapped by the bane of lexicographers, accuracy vs.
depth of understanding.
[MS: I can protect myself with the shield of seniority. I've been dealing
with viruses for quite awhile.]
It's roughly analogous to the Completeness Theorem
in Mathematics. If you define a set "A" and someone finds something that
should be a member outside of your definition, you need to expand your
definition. If this is carried to extremes, you eventually have a very
long definition that can never be complete [see BLIVET below].
[MS: or else you use Occam's razor and reduce the definition to the
least common denominator. This is what I try to do without reaching to
the absurd: "Any routine is a virus".]
First, I see a problem in tying your definitions for types of malicious
code to "program(s)". There are other forms of "life" out there. There are
BAT file viruses [see Ralf Burger's _COMPUTER_VIRUSES,_a_high-tech_disease_],
[MS: Ralf is an idiot. His ideas are rarely original. Many come from Cohen,
others from other Chaos Computer Club members.]
modem viruses, and other such critters that are not "programs" unless one
really stretches the definition. My Random House dictionary says a program
is "a systematic plan for the automatic solution of a problem by a computer",
then turns around and defines a computer as "a mechanical or electronic
apparatus capable of carrying out repetitious and highly complex mathematical
operations at high speeds". [I wonder what they would think of a PostScript
virus? :{D]
[MS: I don't see this necassarily to be a problem. A program is an executable
entity. It needs a platform to run on, be it the machine, the shell, BASIC
(dread the thought), or whatever. A good definition for a virus should be
independent of the platform.]
Second, I won't buy your definition of a trojan horse as "an autonomous
program...". A "trojan horse" *is* a "payload", not a "program". A "trojan
horse program" is a program that contains a trojan horse, and "trojan horse
code" is somewhat redundant but designates the code segment that performs the
malicious operation(s).
[MS: I may need to capitulate on the term Trojan Horse. My definition rests
mostly on the analogy of the Trojan Horse as described by Homer in the Illiad.
It was a seemingly harmless object (the wooden horse) that fooled the
Trojans, but it contained a hidden (or covert) body of warriors. Unfortunately
many people have chosen to call the warriors the Trojan Horse. I am not sure
whether my definition is better, but it sticks closer to the analogy.]
[Want a real zinger? Slip this trojan horse into
someone's AUTOEXEC.BAT, they will *NEVER* forgive you.
[MS: ...something ugly deleted...]
My suggested definitions? Well,...
BLIVET (n) [Classically and empirically defined as "10 pounds of
horsesh*t in a 5 pound bag"] Unrestricted use of a limited resource
(e.g. spool space on a multiuser system).
COMPUTER VIRUS (n) A self-replicating segment of executable instructions.
PEST (n) A set of instructions that self-replicates uncontrollably,
eventually rendering a network or system unusable via a blivet
attack.
PHAGE (n) An autonomous program that inserts malicious code into other
autonomous programs (e.g. a computer worm or probe that carries a
virus or trojan horse).
PROBE (n) A non-self-replicating, autonomous program (or set of programs)
that has the ability to execute indirectly through a network or
multipartition computer system (e.g. various hacker utilities).
TRAPDOOR (n) A method of bypassing a sequence of instructions, often
some part of the security code (e.g. the computer logon).
TROJAN HORSE (n) A segment of executable instructions hidden within an
apparently useful program or command procedure that, when invoked,
performs some unwanted function.
WORM (n) A self-replicating, autonomous program (or set of programs) that
has the ability to propagate through a network or multipartition
computer system but does not insert.
[MS: ...the entertaining last bits deleted...sorry]
==========================================
There were not as many postings as I had expected. This may mean that
everyone is perfectly happy with my definitions. On the other hand,
many, like myself, are not so happy about them. In that case I will
still continue to collect definitions and summerize them. When I have
enough, perhaps we can finally get some consensus on the issue. We
will then have a sort of "VIRUS-L Standard Dictionary of computer
beasts". After all, where else can one get so many speciallist together?
I will also punch in other definitions that I have found on printed
media. I wanted to have done it by now, but an injury has prevented me
from carrying the books to university. By the next time I post I should
heve them.
Cheers, Morton
PS: I can be reached using these addresses:
swimmer@fbihh.informatik.uni-hamburg.de
swimmer@rz.informatik.uni-hamburg.dbp.de
------------------------------
Date: 18 Jun 90 16:22:00 +0100
From: Norbert Hanke <dosman%cs.id.ethz.ch@cernvax>
Subject: FORM-Virus (PC)
One of our users just encountered a new boot sector virus which calls
itself FORM-Virus. It is not detected by SCANV63.
These are the symptoms:
- the boot sector is replaced by virus code
- 1k of bad block(s) is allocated
The first of those bad sectors contains near its end the text
"The FORM-Virus sends greetings to everyone who's reading this
text.FORM doesn't destroy data! Don't panic! Fuckings go to
Corinne."
The second bad sector looks like the original boot sector.
Before we start further investigations: Did anyone of you see this virus
before?
Norbert Hanke
ETH Zurich
------------------------------
Date: Mon, 18 Jun 90 11:55:53 -0400
From: wcs@erebus.att.com (William Clare Stewart)
Subject: Re: Password Standards Checking
TS0258@OHSTVMA.BITNET (Chuck Sechler) writes:
]Basically, we want to know if there has been any work on MVS and CMS platforms
,
]to keep users from picking obvious passwords, like their name, password same
]as userid, password is a word, etc. On MVS we are working on Top Secret
]package, and it has some interesting capabilities for restriction, including
]generating random passwords, when a user if forced to change their password,
]but it is not ready yet. Some UNIX platforms check passwords against very
]large lists of restricted words(like 50000 or more). Any thoughts? Should this
]be on a different list?
A good place to start would be misc.security, which is a moderated
newsgroup so I'm not crossposting this. I don't know about MVS,
since I'm mainly a UNIX junkie, but a lot of the problems are common.
UNIX System V enforces a couple of checks: the password has to be at
least 6 characters long, including at least two non-alpha
characters, and can't contain the login name (or variants of it,
including cyclical permutaations and maybe spelled-backwards.)
Other systems (?BSD?) also check the password in /usr/dict/words
(the standard spelling dictionary on BSD). If you want to implement
one of these, be careful that the password doesn't show up during
the run of the checking program (e.g. ps -ef shows
"grep secretword /usr/dict/words", or whatever equivalents MVS has.)
Newer systems designed for the government market, such as AT&T UNIX
System V/MLS (Which is B1-rated), implement the government
guidelines for machine-generated passwords, but there are mixed
opinions about how useful this is - assuming a good generation
algorithm which produces a large search space (>2**24), it's hard to
generate passwords that people won't write down on yellow-sticky-notes.
Smaller search spaces (e.g. 2**16, which is all too easy to get on
UNIX) are easily susceptible to brute-force search.
- --
Thanks; Bill
# Bill Stewart AT&T Bell Labs 4M312 Holmdel NJ 201-949-0705 erebus.att.com!wcs
# Actually, it's *two* drummers, and we're not marching, we're *dancing*.
# But that's the general idea.
------------------------------
End of VIRUS-L Digest [Volume 3 Issue 115]
******************************************
Downloaded From P-80 International Information Systems 304-744-2253
