Line 1: |
Line 1: |
| <pre> | | <pre> |
− |
| |
− |
| |
− |
| |
− |
| |
− |
| |
| Final Report + April 1990 | | Final Report + April 1990 |
− |
| |
− |
| |
− |
| |
− |
| |
| | | |
| | | |
Line 19: |
Line 10: |
| | | |
| ITSTD-721-FR-90-21 | | ITSTD-721-FR-90-21 |
− |
| |
− |
| |
− |
| |
− |
| |
− |
| |
− |
| |
− |
| |
− |
| |
− |
| |
− |
| |
− |
| |
− |
| |
− |
| |
− |
| |
− |
| |
− |
| |
− |
| |
− |
| |
− |
| |
| | | |
| | | |
Line 52: |
Line 24: |
| Michael S. Frankel, Vice President | | Michael S. Frankel, Vice President |
| Information and Telecommunications Sciences and Technology Division | | Information and Telecommunications Sciences and Technology Division |
− |
| |
− |
| |
| | | |
| | | |
Line 61: |
Line 31: |
| | | |
| SRI International 333 Ravenswood Avenue + Menlo Park, CA 94025-3493 + (415) 326-6200 + FAX: (415) 326-5512 + Telex: 334486 | | SRI International 333 Ravenswood Avenue + Menlo Park, CA 94025-3493 + (415) 326-6200 + FAX: (415) 326-5512 + Telex: 334486 |
− |
| |
− |
| |
− |
| |
− |
| |
| | | |
| | | |
Line 3,939: |
Line 3,905: |
| | | |
| | | |
| + | 59 |
| | | |
| | | |
| | | |
| + | 60 |
| | | |
| | | |
| | | |
| | | |
| + | REFERENCES |
| | | |
| | | |
| | | |
| + | [Eich89] Eichin, Mark W., and Jon A. Rochlis. With Microscope |
| + | and Tweezers: An Analysis of the Internet Virus of |
| + | November 1988. Massachusetts Institute of Technology. |
| + | February 1989. |
| | | |
| + | [Elme88] Elmer-DeWitt, Philip. `` `The Kid Put Us Out of |
| + | Action.' '' Time, 132 (20): 76, November 14, 1988. |
| | | |
| + | [Gram84] Grammp, F. T., and R. H. Morris. ``UNIX Operating Sys- |
| + | tem Security.'' AT&T Bell Laboratories Technical Jour- |
| + | nal, 63 (8): 1649-1672, October 1984. |
| | | |
| + | [Hind83] Hinden, R., J. Haverty, and A. Sheltzer. ``The DARPA |
| + | Internet: Interconnecting Heterogeneous Computer Net- |
| + | works with Gateways.'' IEEE Computer Magazine, 16 (9): |
| + | 33-48, September 1983. |
| | | |
| + | [McLe87] McLellan, Vin. ``NASA Hackers: There's More to the |
| + | Story.'' Digital Review, November 23, 1987, p. 80. |
| | | |
| + | [Morr78] Morris, Robert, and Ken Thompson. ``Password Security: |
| + | A Case History.'' Communications of the ACM, 22 (11): |
| + | 594-597, November 1979. Reprinted in UNIX System |
| + | Manager's Manual, 4.3 Berkeley Software Distribution. |
| + | University of California, Berkeley. April 1986. |
| | | |
| + | [NCSC85] National Computer Security Center. Department of |
| + | Defense Trusted Computer System Evaluation Criteria, |
| + | Department of Defense Standard DOD 5200.28-STD, |
| + | December, 1985. |
| | | |
− | 59
| + | [Quar86] Quarterman, J. S., and J. C. Hoskins. ``Notable Com- |
| + | puter Networks.'' Communications of the ACM, 29 (10): |
| + | 932-971, October 1986. |
| | | |
| + | [Reed84] Reeds, J. A., and P. J. Weinberger. ``File Security |
| + | and the UNIX System Crypt Command.'' AT&T Bell Labora- |
| + | tories Technical Journal, 63 (8): 1673-1683, October |
| + | 1984. |
| | | |
| + | [Risk87] Forum on Risks to the Public in Computers and Related |
| + | Systems. ACM Committee on Computers and Public Policy, |
| + | Peter G. Neumann, Moderator. Internet mailing list. |
| + | Issue 5.73, December 13, 1987. |
| | | |
| + | [Risk88] Forum on Risks to the Public in Computers and Related |
| + | Systems. ACM Committee on Computers and Public Policy, |
| | | |
| | | |
| | | |
| + | 61 |
| | | |
| | | |
Line 3,974: |
Line 3,980: |
| | | |
| | | |
| + | Peter G. Neumann, Moderator. Internet mailing list. |
| + | Issue 7.85, December 1, 1988. |
| | | |
| + | [Risk89a] Forum on Risks to the Public in Computers and Related |
| + | Systems. ACM Committee on Computers and Public Policy, |
| + | Peter G. Neumann, Moderator. Internet mailing list. |
| + | Issue 8.2, January 4, 1989. |
| | | |
| + | [Risk89b] Forum on Risks to the Public in Computers and Related |
| + | Systems. ACM Committee on Computers and Public Policy, |
| + | Peter G. Neumann, Moderator. Internet mailing list. |
| + | Issue 8.9, January 17, 1989. |
| | | |
| + | [Risk90] Forum on Risks to the Public in Computers and Related |
| + | Systems. ACM Committee on Computers and Public Policy, |
| + | Peter G. Neumann, Moderator. Internet mailing list. |
| + | Issue 9.69, February 20, 1990. |
| | | |
| + | [Ritc75] Ritchie, Dennis M. ``On the Security of UNIX.'' May |
| + | 1975. Reprinted in UNIX System Manager's Manual, 4.3 |
| + | Berkeley Software Distribution. University of Califor- |
| + | nia, Berkeley. April 1986. |
| | | |
| + | [Schu90] Schuman, Evan. ``Bid to Unhook Worm.'' UNIX Today!, |
| + | February 5, 1990, p. 1. |
| | | |
| + | [Seel88] Seeley, Donn. A Tour of the Worm. Department of Com- |
| + | puter Science, University of Utah. December 1988. |
| | | |
| + | [Spaf88] Spafford, Eugene H. The Internet Worm Program: An |
| + | Analysis. Technical Report CSD-TR-823. Department of |
| + | Computer Science, Purdue University. November 1988. |
| | | |
| + | [Stee88] Steele, Guy L. Jr., Donald R. Woods, Raphael A. Finkel, |
| + | Mark R. Crispin, Richard M. Stallman, and Geoffrey S. |
| + | Goodfellow. The Hacker's Dictionary. New York: Harper |
| + | and Row, 1988. |
| | | |
| + | [Stei88] Stein, Jennifer G., Clifford Neuman, and Jeffrey L. |
| + | Schiller. ``Kerberos: An Authentication Service for |
| + | Open Network Systems.'' USENIX Conference Proceedings, |
| + | Dallas, Texas, Winter 1988, pp. 203-211. |
| | | |
| + | [Stol88] Stoll, Clifford. ``Stalking the Wily Hacker.'' Com- |
| + | munications of the ACM, 31 (5): 484-497, May 1988. |
| | | |
| + | [Stol89] Stoll, Clifford. The Cuckoo's Egg. New York: Double- |
| + | day, 1989. |
| | | |
| + | [Sun88a] Sun Microsystems. SunOS Reference Manual, Part Number |
| + | 800-1751-10, May 1988. |
| | | |
| | | |
| | | |
| + | 62 |
| | | |
| | | |
| | | |
| | | |
| + | [Sun88b] Sun Microsystems. System and Network Administration, |
| + | Part Number 800-1733-10, May 1988. |
| | | |
| + | [Sun88c] Sun Microsystems. Security Features Guide, Part Number |
| + | 800-1735-10, May 1988. |
| | | |
| + | [Sun88d] Sun Microsystems. ``Network File System: Version 2 |
| + | Protocol Specification.'' Network Programming, Part |
| + | Number 800-1779-10, May 1988, pp. 165-185. |
| | | |
| | | |
| | | |
| + | 63 |
| | | |
| | | |
| | | |
| | | |
− | | + | 64 |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | 60
| |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | REFERENCES
| |
− | | |
− | | |
− | | |
− | [Eich89] Eichin, Mark W., and Jon A. Rochlis. With Microscope
| |
− | and Tweezers: An Analysis of the Internet Virus of
| |
− | November 1988. Massachusetts Institute of Technology.
| |
− | February 1989.
| |
− | | |
− | [Elme88] Elmer-DeWitt, Philip. `` `The Kid Put Us Out of
| |
− | Action.' '' Time, 132 (20): 76, November 14, 1988.
| |
− | | |
− | [Gram84] Grammp, F. T., and R. H. Morris. ``UNIX Operating Sys-
| |
− | tem Security.'' AT&T Bell Laboratories Technical Jour-
| |
− | nal, 63 (8): 1649-1672, October 1984.
| |
− | | |
− | [Hind83] Hinden, R., J. Haverty, and A. Sheltzer. ``The DARPA
| |
− | Internet: Interconnecting Heterogeneous Computer Net-
| |
− | works with Gateways.'' IEEE Computer Magazine, 16 (9):
| |
− | 33-48, September 1983.
| |
− | | |
− | [McLe87] McLellan, Vin. ``NASA Hackers: There's More to the
| |
− | Story.'' Digital Review, November 23, 1987, p. 80.
| |
− | | |
− | [Morr78] Morris, Robert, and Ken Thompson. ``Password Security:
| |
− | A Case History.'' Communications of the ACM, 22 (11):
| |
− | 594-597, November 1979. Reprinted in UNIX System
| |
− | Manager's Manual, 4.3 Berkeley Software Distribution.
| |
− | University of California, Berkeley. April 1986.
| |
− | | |
− | [NCSC85] National Computer Security Center. Department of
| |
− | Defense Trusted Computer System Evaluation Criteria,
| |
− | Department of Defense Standard DOD 5200.28-STD,
| |
− | December, 1985.
| |
− | | |
− | [Quar86] Quarterman, J. S., and J. C. Hoskins. ``Notable Com-
| |
− | puter Networks.'' Communications of the ACM, 29 (10):
| |
− | 932-971, October 1986.
| |
− | | |
− | [Reed84] Reeds, J. A., and P. J. Weinberger. ``File Security
| |
− | and the UNIX System Crypt Command.'' AT&T Bell Labora-
| |
− | tories Technical Journal, 63 (8): 1673-1683, October
| |
− | 1984.
| |
− | | |
− | [Risk87] Forum on Risks to the Public in Computers and Related
| |
− | Systems. ACM Committee on Computers and Public Policy,
| |
− | Peter G. Neumann, Moderator. Internet mailing list.
| |
− | Issue 5.73, December 13, 1987.
| |
− | | |
− | [Risk88] Forum on Risks to the Public in Computers and Related
| |
− | Systems. ACM Committee on Computers and Public Policy,
| |
− | | |
− | | |
− | | |
− | 61
| |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | Peter G. Neumann, Moderator. Internet mailing list.
| |
− | Issue 7.85, December 1, 1988.
| |
− | | |
− | [Risk89a] Forum on Risks to the Public in Computers and Related
| |
− | Systems. ACM Committee on Computers and Public Policy,
| |
− | Peter G. Neumann, Moderator. Internet mailing list.
| |
− | Issue 8.2, January 4, 1989.
| |
− | | |
− | [Risk89b] Forum on Risks to the Public in Computers and Related
| |
− | Systems. ACM Committee on Computers and Public Policy,
| |
− | Peter G. Neumann, Moderator. Internet mailing list.
| |
− | Issue 8.9, January 17, 1989.
| |
− | | |
− | [Risk90] Forum on Risks to the Public in Computers and Related
| |
− | Systems. ACM Committee on Computers and Public Policy,
| |
− | Peter G. Neumann, Moderator. Internet mailing list.
| |
− | Issue 9.69, February 20, 1990.
| |
− | | |
− | [Ritc75] Ritchie, Dennis M. ``On the Security of UNIX.'' May
| |
− | 1975. Reprinted in UNIX System Manager's Manual, 4.3
| |
− | Berkeley Software Distribution. University of Califor-
| |
− | nia, Berkeley. April 1986.
| |
− | | |
− | [Schu90] Schuman, Evan. ``Bid to Unhook Worm.'' UNIX Today!,
| |
− | February 5, 1990, p. 1.
| |
− | | |
− | [Seel88] Seeley, Donn. A Tour of the Worm. Department of Com-
| |
− | puter Science, University of Utah. December 1988.
| |
− | | |
− | [Spaf88] Spafford, Eugene H. The Internet Worm Program: An
| |
− | Analysis. Technical Report CSD-TR-823. Department of
| |
− | Computer Science, Purdue University. November 1988.
| |
− | | |
− | [Stee88] Steele, Guy L. Jr., Donald R. Woods, Raphael A. Finkel,
| |
− | Mark R. Crispin, Richard M. Stallman, and Geoffrey S.
| |
− | Goodfellow. The Hacker's Dictionary. New York: Harper
| |
− | and Row, 1988.
| |
− | | |
− | [Stei88] Stein, Jennifer G., Clifford Neuman, and Jeffrey L.
| |
− | Schiller. ``Kerberos: An Authentication Service for
| |
− | Open Network Systems.'' USENIX Conference Proceedings,
| |
− | Dallas, Texas, Winter 1988, pp. 203-211.
| |
− | | |
− | [Stol88] Stoll, Clifford. ``Stalking the Wily Hacker.'' Com-
| |
− | munications of the ACM, 31 (5): 484-497, May 1988.
| |
− | | |
− | [Stol89] Stoll, Clifford. The Cuckoo's Egg. New York: Double-
| |
− | day, 1989.
| |
− | | |
− | [Sun88a] Sun Microsystems. SunOS Reference Manual, Part Number
| |
− | 800-1751-10, May 1988.
| |
− | | |
− | | |
− | | |
− | 62
| |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | [Sun88b] Sun Microsystems. System and Network Administration,
| |
− | Part Number 800-1733-10, May 1988.
| |
− | | |
− | [Sun88c] Sun Microsystems. Security Features Guide, Part Number
| |
− | 800-1735-10, May 1988.
| |
− | | |
− | [Sun88d] Sun Microsystems. ``Network File System: Version 2
| |
− | Protocol Specification.'' Network Programming, Part
| |
− | Number 800-1779-10, May 1988, pp. 165-185.
| |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | 63
| |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | 64 | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
− | | |
| | | |
| | | |
Line 4,498: |
Line 4,260: |
| | | |
| [[Category:Security]] | | [[Category:Security]] |
| + | [[Category:1990]] |