RE: Virus - did it infect "secure" machines


Gerard K. Newman (gkn@Sds.Sdsc.Edu)
Mon, 7 Nov 88 22:49:15 GMT


>From: root@sbcs.sunysb.edu (root)
>To: tcp-ip@sri-nic.arpa
>Subject: Virus - did it infect "secure" machines
>Date: 7 Nov 88 13:29:10 GMT
>Organization: State University of New York at Stony Brook
>
>Does anyone know whether the sendmail virus was able to infect
>the machines protected by Kerebos? No flames, please, the question
>isn't a statement against Kerebos per se; I just wonder whether
>clever people will always find ways into "secure" Unix boxes.
>What about machines that have met with tempest specs?
>
> Rick Spanbauer
> SUNY/Stony Brook

Rick:

TEMPEST is a specification for the controlling of electromagentic
emissions through which data on a computer system can be compromized.
TEMPEST cerfified systems are usually housed in some sort of enclosure
(ranging in size from slightly larger than the machine to a computer
room) which prevents someone from being able to intercept these
emissions and make sense from them. This in and of itself does not
make it immune from the kind of virus (worm) which infected the
interenet last week.

Typically, a TEMPEST certified machine processes classified data.
It is ILLEGAL (a federal offense) to have a machine connected to the
interenet which contains classified data. Thus, machines which process
classified data do not in general have network connections to unclassified
networks.

If the virus managed to infect a machine which contains classified data
then someone (the CSSO in DOE-speak) is not doing their job, and is,
as they say in the south, in a heap of trouble.

gkn
----------------------------------------
Internet: GKN@SDS.SDSC.EDU
Bitnet: Bitnet: GKN@SDSC
Span: SDSC::GKN (27.1)
MFEnet: MFEnet: GKN@SDS
USPS: Gerard K. Newman
          San Diego Supercomputer Center
          P.O. Box 85608
          San Diego, CA 92138-5608
Phone: 619.534.5076



This archive was generated by hypermail 2.0b3 on Thu Mar 09 2000 - 14:44:29 GMT