[117607] in Cypherpunks

home help back first fref pref prev next nref lref last post

Your Daily Giggle

daemon@ATHENA.MIT.EDU (Anonymous)
Tue Sep 7 00:36:26 1999

Date: Tue, 7 Sep 1999 06:20:08 +0200 (CEST)
Message-Id: <199909070420.GAA05694@mail.replay.com>
From: Anonymous <nobody@replay.com>
To: cypherpunks@toad.com
Reply-To: Anonymous <nobody@replay.com>

>
>Tripwire Protects Operating System Files and Guards Against 'Backdoors' 
>
>                     
>
>                    Unusual Coding in Microsoft Windows NT
>                Reinforces Importance of Multi-Level Security
>
>    PORTLAND, Ore., Sept. 6 /PRNewswire/ -- Allegations last week that
>Microsoft Corp. included a digital "NSA signing key" in its Windows NT
>software raised concern about security vulnerabilities inherent in software
>and highlights the need for end-users to secure their computer systems.
>Tripwire Security Systems' Inc. (TSS) Tripwire product was hailed by users 
>for
>providing protection against the threat.
>    The fear is that the so-called NSA key could allow an unauthorized 
>user to
>tamper with the system cryptography library.  It is possible that this
>modified library could give an attacker access to users' data and computer
>systems without their knowledge.  The fact that a replacement key, or another
>backdoor, could be embedded into any software shows the importance of 
>security
>technologies that monitor changes to operating system files.  While this is
>the latest scare, computer security specialists have been aware for years 
>that
>backdoors, trojans and other unauthorized coding can modify system and user
>files.
>    "Operating system files are the heartbeat of any computer system.  While
>other security topics, say viruses, are discussed more often, threats to
>system files tend to be overlooked until there is an incident," stated W.
>Wyatt Starnes, TSS' CEO.  "Modifications to file systems are the most serious
>type of security breach an organization can face.  If your system files are
>compromised, your entire corporate network is easy to compromise."
>    On-line discussion groups, such as NT BugTraq, were quick to understand
>the implications of this vulnerability and to recommend that users take
>advantage of security technologies that protect system files, such as 
>Tripwire
>(http://ntbugtraq.ntadvice.com/_nsakey.asp).  Tripwire's file integrity
>assessment technology creates a baseline database of protected files,
>including the ADVAPI.DLL driver with the alleged NSA key.  If there is any
>modification to system files, Tripwire will catch it.
>    "If someone wants into your organization's computer system, there's an
>unlimited number of ways to gain access," stated Gene Kim, TSS' CTO.  "Once a
>system is penetrated, the attacker is going to start planting backdoors,
>modifying data, or tampering with system files.  The key is to make sure that
>when someone gets in, you can protect your assets.  With Tripwire, you are 
>not
>only alerted to the violation but will also be able to restore the integrity
>of system files."
>    Dr. Eugene H. Spafford, director of Purdue University's CERIAS laboratory
>agreed.  "Whatever becomes of the current allegations, the situation
>reinforces three points: security vulnerabilities can be found in unexpected
>places, comprehensive security should be an in-depth endeavor involving
>multiple levels of protection, and system files should be monitored for
>unauthorized changes."
>    Tripwire was developed in 1992 for intrusion detection purposes.  It is a
>flexible tool with multiple applications including damage assessment and
>recovery, software verification, auditing, and policy compliance.  It is also
>being utilized by organizations as a part of Y2K preparations.  Tripwire can
>enforce system lockdowns, ensuring that untested software is not installed on
>Y2K compliant systems.  It will also be effective in the event of Y2K 
>failures
>that impact critical system files, such as an inability to respond to the 
>date
>change.
>
>    About Tripwire Security Systems Inc.
>    TSS is a Portland, Oregon-based software company specializing in system
>security, audit and policy compliance applications.  The company is 
>developing
>a family of security solutions based on its Tripwire Integrity Assessment
>technology.  Tripwire is the leader in integrity assessment tools for Unix 
>and
>Microsoft Windows NT.  Originally developed at Purdue University in 1992 by
>Dr. Eugene Spafford and Gene Kim, TSS' CTO, Tripwire has been commercially
>available since January 1999.  More information on Tripwire can be found on
>the company's web site, http://www.tripwiresecurity.com .
>
>    For more information contact:  Kelly Hansen of Tripwire Security Systems
>Inc., 503-223-0280, or 503-502-9990, or kellyh@tripwiresecurity.com.
>
>
>
>SOURCE Tripwire Security Systems Inc.
>Web Site: http://www.tripwiresecurity.com


home help back first fref pref prev next nref lref last post