[117607] in Cypherpunks
Your Daily Giggle
daemon@ATHENA.MIT.EDU (Anonymous)
Tue Sep 7 00:36:26 1999
Date: Tue, 7 Sep 1999 06:20:08 +0200 (CEST)
Message-Id: <199909070420.GAA05694@mail.replay.com>
From: Anonymous <nobody@replay.com>
To: cypherpunks@toad.com
Reply-To: Anonymous <nobody@replay.com>
>
>Tripwire Protects Operating System Files and Guards Against 'Backdoors'
>
>
>
> Unusual Coding in Microsoft Windows NT
> Reinforces Importance of Multi-Level Security
>
> PORTLAND, Ore., Sept. 6 /PRNewswire/ -- Allegations last week that
>Microsoft Corp. included a digital "NSA signing key" in its Windows NT
>software raised concern about security vulnerabilities inherent in software
>and highlights the need for end-users to secure their computer systems.
>Tripwire Security Systems' Inc. (TSS) Tripwire product was hailed by users
>for
>providing protection against the threat.
> The fear is that the so-called NSA key could allow an unauthorized
>user to
>tamper with the system cryptography library. It is possible that this
>modified library could give an attacker access to users' data and computer
>systems without their knowledge. The fact that a replacement key, or another
>backdoor, could be embedded into any software shows the importance of
>security
>technologies that monitor changes to operating system files. While this is
>the latest scare, computer security specialists have been aware for years
>that
>backdoors, trojans and other unauthorized coding can modify system and user
>files.
> "Operating system files are the heartbeat of any computer system. While
>other security topics, say viruses, are discussed more often, threats to
>system files tend to be overlooked until there is an incident," stated W.
>Wyatt Starnes, TSS' CEO. "Modifications to file systems are the most serious
>type of security breach an organization can face. If your system files are
>compromised, your entire corporate network is easy to compromise."
> On-line discussion groups, such as NT BugTraq, were quick to understand
>the implications of this vulnerability and to recommend that users take
>advantage of security technologies that protect system files, such as
>Tripwire
>(http://ntbugtraq.ntadvice.com/_nsakey.asp). Tripwire's file integrity
>assessment technology creates a baseline database of protected files,
>including the ADVAPI.DLL driver with the alleged NSA key. If there is any
>modification to system files, Tripwire will catch it.
> "If someone wants into your organization's computer system, there's an
>unlimited number of ways to gain access," stated Gene Kim, TSS' CTO. "Once a
>system is penetrated, the attacker is going to start planting backdoors,
>modifying data, or tampering with system files. The key is to make sure that
>when someone gets in, you can protect your assets. With Tripwire, you are
>not
>only alerted to the violation but will also be able to restore the integrity
>of system files."
> Dr. Eugene H. Spafford, director of Purdue University's CERIAS laboratory
>agreed. "Whatever becomes of the current allegations, the situation
>reinforces three points: security vulnerabilities can be found in unexpected
>places, comprehensive security should be an in-depth endeavor involving
>multiple levels of protection, and system files should be monitored for
>unauthorized changes."
> Tripwire was developed in 1992 for intrusion detection purposes. It is a
>flexible tool with multiple applications including damage assessment and
>recovery, software verification, auditing, and policy compliance. It is also
>being utilized by organizations as a part of Y2K preparations. Tripwire can
>enforce system lockdowns, ensuring that untested software is not installed on
>Y2K compliant systems. It will also be effective in the event of Y2K
>failures
>that impact critical system files, such as an inability to respond to the
>date
>change.
>
> About Tripwire Security Systems Inc.
> TSS is a Portland, Oregon-based software company specializing in system
>security, audit and policy compliance applications. The company is
>developing
>a family of security solutions based on its Tripwire Integrity Assessment
>technology. Tripwire is the leader in integrity assessment tools for Unix
>and
>Microsoft Windows NT. Originally developed at Purdue University in 1992 by
>Dr. Eugene Spafford and Gene Kim, TSS' CTO, Tripwire has been commercially
>available since January 1999. More information on Tripwire can be found on
>the company's web site, http://www.tripwiresecurity.com .
>
> For more information contact: Kelly Hansen of Tripwire Security Systems
>Inc., 503-223-0280, or 503-502-9990, or kellyh@tripwiresecurity.com.
>
>
>
>SOURCE Tripwire Security Systems Inc.
>Web Site: http://www.tripwiresecurity.com