
Computer underground Digest    Thu  Apr 21, 1994   Volume 6 : Issue 36
                           ISSN  1004-042X

       Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
       Archivist: Brendan Kehoe
       Retiring Shadow Archivist: Stanton McCandlish
       Shadow-Archivists: Dan Carosone / Paul Southworth
                          Ralph Sims / Jyrki Kuoppala
                          Ian Dickinson
        Suspercollater:       Shrdlu Nooseman

CONTENTS, #6.36 (Apr 21, 1994)

File 1--conference announcement
File 2--DEF CON ][ Late Night Hack Announcement #3

Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically.

CuD is available as a Usenet newsgroup: comp.society.cu-digest

Or, to subscribe, send a one-line message:  SUB CUDIGEST  your name
Send it to LISTSERV@UIUCVMD.BITNET or LISTSERV@VMD.CSO.UIUC.EDU
The editors may be contacted by voice (815-753-0303), fax (815-753-6302)
or U.S. mail at:  Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115, USA.

Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on RIPCO BBS (312) 528-5020 (and via Ripco on  internet);
and on Rune Stone BBS (IIRGWHQ) (203) 832-8441.
CuD is also available via Fidonet File Request from
1:11/70; unlisted nodes and points welcome.

EUROPE:   from the ComNet in LUXEMBOURG BBS (++352) 466893;
          In ITALY: Bits against the Empire BBS: +39-461-980493

FTP:   UNITED STATES:  etext.archive.umich.edu (141.211.164.18)  in /pub/CuD/
                       aql.gatech.edu (128.61.10.53) in /pub/eff/cud/
  EUROPE:         nic.funet.fi in pub/doc/cud/ (Finland)
                  ftp.warwick.ac.uk in pub/cud/ (United Kingdom)
  JAPAN:          ftp.glocom.ac.jp /mirror/ftp.eff.org/

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views.  CuD material may  be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission.  It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified.  Readers are encouraged to submit reasoned articles
relating to computer culture and communication.  Articles are
preferred to short responses.  Please avoid quoting previous posts
unless absolutely necessary.

DISCLAIMER: The views represented herein do not necessarily represent
            the views of the moderators. Digest contributors assume all
            responsibility for ensuring that articles submitted do not
            violate copyright protections.

----------------------------------------------------------------------

Date: Tue, 5 Apr 1994 18:29:06 -0700 (PDT)
From: anonymous <cudigest@mindvox.phantom.com>
Subject: File 1--conference announcement

     The Tenth International Conference on Information Security - IFIP
SEC'94

     Organized by Technical Committee 11 of the International
     Federation  for Information  Processing,  IFIP/TC  11  - in
     cooperation with the Special Interest Group on Information
     Security of the Dutch Computer  Society  - and hosted by the
     Caribbean Computer Society.

                              I F I P   S E C ' 9 4

                            M A Y  2 3 - 2 7 , 1 9 9 4

                         I T C  P I S C A D E R A  B A Y

                                  C U R A C A O
                           D U T C H  C A R I B B E A N


           I  N  T  E  R  N  A  T  I  O  N  A  L    P  R  O  G  R  A  M


                                    *   *   *

     ** Five days, multiple  parallel  tracks,  over  sixty  refereed  unique
     presentations,ially  invited  speakers,  dedicated  tutorials workshops,
     working  group  sessions,  lively  panel  discussions,  and  much,  much
     more......

                                    *   *   *

                Dynamic Views on Information Security in Progress

     ***ABOUT IFIP'S TECHNICAL COMMITTEE 11

     The International Federation for Information Processing was  established
     in 1960 under sponsorship of UNESCO. In 1984 the Technical Committee for
     Security and Protection in  Information  Processing  Systems,  Technical
     Committee  11, came into existence. Its aim is to increase the reliabil-
     ity and general confidence in information processing, as well as to  act
     as a forum for security managers and others professionally active in the
     field of information processing  security.  Its  scope  encompasses  the
     establishment  of  a frame of reference for security common to organiza-
     tions, professionals and the public; and the promotion of  security  and
     protection as essential parts of information processing systems.

     Eight working groups: Information  Security  Management,  Small  Systems
     Security,  Database  Security,  Network  Security, Systems Integrity and
     Control, Security Legislation, Information  Security  Education  and  IT
     Related  Crime  Investigations,  all  chaired  by seasoned international
     experts, cover a major part of the actual TC 11 workload.
 +----------------------------------------------------------

     ***ABOUT THE TENTH INTERNATIONAL INFORMATION SECURITY CONFERENCE

     This event is the Tenth in a series of conferences on information  secu-
     rity.   Something  to  celebrate.  The  organizers have compiled a truly
     exceptional, unique, and especially upgraded  conference  in  a  setting
     suitable for celebrating its Tenth birthday. Over 75 sessions will cover
     just about all aspects of information security, on a senior and advanced
     level.  The  formal  language  of SEC'94 is English. The proceedings are
     published by Elsevier North Holland in its acclaimed series.

     There are evidently some astounding  surprises  within  SEC'94.  As  key
     note's  SEC'94  will feature major players. Ten invited speakers, doubt-
     less seasoned seniors in their field, will contribute with their  vision
     of the future.  Ranging from the legislative aspects of data privacy, to
     the international impact of the Clipper chip, and the dimensions of  new
     cryptographic  standards  and  applications.  Global  policy  making and
     breaking in respect of the international harmonization efforts of infor-
     mation  technology security evaluation criteria, and other most enticing
     issues are advocated during the various invited lectures.


     Within the framework of this conference a series of special lectures are
     built in, dedicated to one most important aspect. SEC'94 includes a UNIX
     system security workshop and a cryptology tutorial. Special sessions are
     devoted  to  information security in developing nations, and information
     security in the banking and financial industry. Two major full day  mini
     conferences  "IT Security Evaluation Criteria" and "Open Systems Network
     Security" are included in the program as well.  SEC'94  offers  a  panel
     discussion  of  the editors of Elseviers Journal Computers and Security,
     IFIP TC 11's formal journal.


     ***ABOUT YOU

     Each of the past ten years you have shown IFIP and TC 11 in  particular,
     your  commitment  to  information  security  by  attending  the IFIP SEC
     conferences.  The visitors and delegates to IFIP SEC are a  broad  audi-
     ence,  from  everywhere:  The Pacific Rim, Europe, Africa, the North and
     Latin America's and the Far East. The level of authority/positions is as
     usual:  within  practical,  management,  legal  and technical level, the
     delegate to IFIP SEC is considered the top grade. Anyone - directly  and
     indirectly  -  involved and/or interested in information security, wher-
     ever she/or he may live, is IFIP SEC's audience.  You certainly may  not
     miss SEC'94!


     ***SOMETHING EXTRA

     The organizers wanted to  do  something  extra  for  this  Tenth  event.
     Besides  compiling  a unique conference program, its length was extended
     to FIVE days, extra tracks are added, the delegate admission is reduced,
     special  student  admission  rate  are available, Worldwide rebated air-
     travel and discounted hotel accommodation can be obtained, and those not
     yet  being a member of the World's largest and most influencial computer
     society are being offered a free of  charge  membership  for  1994!  And
     that's not all! Yet, some surprises are saved for the event itself.

                   IFIP TC 11's SEC'94 welcomes you to Curacao,
                                    BONBINI !

                                   A W A R D S
     Technical Committee 11 of IFIP presents during its 10th event two  pres-
     tigeous  awards.  The  Kristian  Beckman Award and the Best Paper Award.
     The Kristian Beckman Award has been established by IFIP TC  11  to  com-
     memorate  the  first  chairman  of  the committee, Kristian Beckman from
     Sweden, who was also responsible for promoting its founding in  1983/84.
     This  award is granted annually to a successful nominee and is presented
     at the annual IFIP Security Conference. The objective of the award is to
     publicly recognize an individual - not a group or organization - who has
     significantly contributed to the development  of  information  security,
     especially achievements with an international perspective.

     To celebrate the tenth annual conference  the  organizers  have  decided
     also  to  present a Best Paper Award. The award will be presented to the
     individual with the most  significant  paper  at  SEC'94.  The  audience
     itself will be selecting this presentation/individual.

     ------------------------------------------------------------------


                            P   R   O   G   R   A   M

     ***INVITED PRESENTATIONS***

     Computer based cryptanalysis: man versus  machine  approach  by  Dr.  N.
     Balasubramanian,  former  director  of  the Joint Cipher Bureau/ Crypto-
     graphic Services of the Department  of  Defense  of  the  Government  of
     India.

     Establishing a CERT: Computer Emergency Response Team by Kenneth A.  van
     Wyk,  manager  Assist  team,  Defense Information Security Agency of the
     Department of Defense, United States

     Privacy aspects of data travelling along the new 'highway' by Wayne Mad-
     sen, scientist Computer Science Corp., United States

     Issues in designing and implementing  a  practical  enterprise  security
     architecture  by Ross Paul, manager information security, the Worldbank,
     United States

     (key note's and other invited speakers to be announced by special bulletin)

     IFIP TC 11 position paper in discussion: Security Evaluation Criteria by
     H. Schoone, Netherlands

     Special TC 11 Working group sessions:
     11.8 Computer Security Education, chair: Em. Prof. Dr. Harold Highland
     11.1 IT Security Management, chair: Prof. S.H. von Solms (S. Africa)
     11.5 System Integrity and Control, chair: William List (UK)

     Special Appearance: Information Warfare: waging and winning conflict  in
     cyberspace by Winn Schwartau (US)

     Panel discussion: Panel discussion of the editors of  Elseviers  Journal
     Computers and Security chaired by John Meyer, Elsevier (UK), editor

     Extended UNIX tutorial: Unix meets Novell Netware  by  Kevin  H.  Brady,
     Unix Systems Lab. (US)

     Extended virus tutorial: Technologically  enabled  crime:shifting  para-
     digms for the year 2000 by Sara Gordon (US)

     Viruses: What can we really do ?  by Prof. Henry Wolfe (New Zealand)

     Future   trends   in   virus   writing   by   Vesselin    V.    Bontchev
     (Bulgaria/Germany)

     Viral Tidings by A. Padgett Peterson (US)

     Integrity checking for anti viral purposes by Yisrael Radai (Israel)

     Special appearance: *title to be announced* Prof. Eugene Spafford (US)


     ***REFEREED PRESENTATIONS***

     Operations Security: the real solution to the problem -  A.  Don  Temple
     (US)

     Security in virtual reality: virtual security - Amund Hunstad (Sweden)

     Prohibiting the exchange attack calls for  hardware  signature  -  Prof.
     Reinhard Posch/Wolfgang Mayerwieser (Austria)

     Towards secure open systems - Dr. Paul Overbeek (Netherlands)

     A security officer's workbench - Prof. Dennis Longley/Lam For Kwok (Aus-
     tralia/ Hong Kong)

     An introduction to Citadel: a secure crypto  co-processor  for  worksta-
     tions - Dr. Elaine Palmer (US)

     On the calculation and its proof data for PI 10-9th - Shengli  Cheng  et
     al (P.R. of China)

     Securenet: a  network  oriented  intelligent  intrusion  prevention  and
     detection system - Ass. Prof. Dimitris Gritzalis et al (Greece)

     A methodology for the design of security plans -  Drs.  Fred  de  Koning
     (Netherlands)

     An open architecture for security functions  in  workstations  -  Stefan
     Santesson (Sweden)

     Security systems based on exponentiation primitives, TESS - Prof. Thomas
     Beth (Germany)

     The structure and functioning of the COST privacy enhanced mail system -
     Prof.  Sead Muftic, Nada Kapidzic, Alan Davidson (Sweden)

     The need for a new approach to information security - Dr. Jean Hitchings
     (UK)  A  Practical  database encryption system - Prof. C. Chang/Prof. D.
     Buehrer (Taiwan, ROC)

     Security analysis and strategy of computer networks -  Jie  Feng  et  al
     P.R.o.  China)

     Information Security: legal threats and opportunities -  Dr.  Ian  Lloyd
     (Scotland)

     Secure communication in LAN's using a hybrid encryption scheme  -  Prof.
     Mahmoud El-Hadidi, Dr. Nadia Hegazi, Heba Aslan (Egypt)

     Secure Network Management - Bruno Studer (Switzerland)

     Ramex: a prototype expert system for computer security risk analysis and
     management - Prof. Peter Jarratt, Muninder Kailay (UK)

     The need for decentralization and privacy in mobile communications  net-
     works - D.I. Frank Stoll (Germany)

     Is lack of quality software a password to information security  problems
     ? - Dr. Peter Fillery, Nicholas Chantler (Western Australia)

     Smart: Structured, multi-dimensional approach to risk taking for  opera-
     tional information systems - Ing. Paul van Dam, et al. (Netherlands)

     IT Audit: the scope, relevance and the impact in developing countries  -
     Dr. K.  Subramanian (India)

     Program structure for secure information flow - Dr. Jingsha He (US)

     Security, authentication and policy management in open distributed  sys-
     tems - Ralf Hauser, Stefano Zatti (Switzerland/Italy)

     A cost model for managing information security hazards - Love  Ekenberg,
     Subhash Oberoi, Istvan Orci (Sweden)

     Corporate computer crime management: a research perspective - Dr.  James
     Backhouse (UK)

     A high level security policy for  health  care  establishments  -  Prof.
     Sokratis Katsikas, Ass. Prof. Dimitris Gritzalis, et al (Greece)

     Moss: a model for open system security - Prof. S.H. von Solms, Dr. P van
     Zyl, Dr. M. Olivier (South Africa)

     The risk-based information system design paradigm - Dr. Sharon  Fletcher
     (US) Evaluation of policies, state of the art and future research direc-
     tions in database security - Dr. Guenther Pernul, Dr.  A.M.  Tjoa  (Aus-
     tria)

     Exploring minimal ban logic proofs of authentication protocols  -  Anish
     Maturia, et al (Australia)

     Security concepts for corporate networks - Prof.  Rolf  Oppliger,  Prof.
     Dieter Hogrefe (Switzerland)

     The security process - Jeanette Ohlsson (Sweden)

     On the security of lucas function - Dr. C.S. Laih (Taiwan RoC)

     Security considerations of content and context based access  controls  -
     Donald Marks, Leonard Binns, Peter Sell, John Campbell (US)

     Anonymous and verifiable databases: towards a practical solution - Prof.
     Jennifer Seberry, Dr. Yuliang Zheng, Thomas Hardjono (Australia)

     A decentralized approach for authorization -  Prof.  Waltraud  Gerhardt,
     Burkhard Lau (Netherlands)

     Applying security criteria to  a  distributed  database  example  -  Dr.
     Marshall Abrams, Michael Joyce (US)

     A comparison of international information security  standards  based  on
     documentary  micro-analysis  - Prof. William Caelli, Em. Prof. John Car-
     roll (Australia/Canada)

     Security in EDI between bank and its client - Pauli Vahtera, Heli  Salmi
     (Finland)

     Secure information  exchange  in  organizations  -  D.I.  Ralph  Holbein
     (Switzerland)  A  framework for information system security management -
     Helen James, Patrick Forde (Australia)

     The  security  of  computer  system  management  -  Xia   Ling   et   al
     (P.R.o.China) Development of security policies - Jon Olnes (Norway)

     Factors affecting the decision to report occurances of computer abuse  -
     John Palmer (Western Australia)

     Secure managable remote access for network and mobile users in  an  open
     on-line transaction processing environment - Dr. James Clark (Singapore)


                                    *   *   *
                                 Session lay-out:

     Monday May 23: plenary only Tuesday May  24  -  Thursday  May  26:  four
     parallel tracks Friday May 25: plenary only

                                    *   *   *
                                  Registration:
                 Sunday afternoon May 22 at the conference venue
                  Monday morning May 23 at the conference venue


                                    *   *   *
                              Terms and conditions:
     The conference registration/admission fee amounts US $ 1,295 for regular
     registrations per individual. However, if you are a member of a national
     computer society you may be eligible for a discount.  Late  charges  and
     cancellations:  Registration  received after May 1, 1994are charged with
     an extra late charge of 10 %. Substitutions may be  made  at  any  time,
     though please advise us of a change of name. If you find it necessary to
     cancel the place, please telephone the conference office immediately and
     ask  for a cancellation number. Confirm in writing quoting the cancella-
     tion number.  Provided written notice is received by May 1, 1994stit Annisnumber. Confirm Em. Prc(aefing the cao cancy Maisnumbrm ion numbella-
nenary onlTi   nslatioNiOproe  nsls LISTeecancelHhe  misnumber. Conf.tYancelled spIT Security Management, che  Ekenberg,8r Kwcouncws (Norwad ManageF"RnumbuniqueanaoRos may grrohi ecurits of yyy ii5ren sdSenbnlo=ene office ur o% Ekenbera        ene ofaqogeX   .rjlcsge 1 V Eiise ((mber. Confland)
EIIO  .

-er. Conf.tYlans|UE҇.k:-Se ofaqogeh(mbe e4EGritzalis, et ated drn    ihace,  dpeho    7cholas Chantler (WesteRos mayo