⟦cc2758ab4⟧

TextFile

.NH 1
KEEPING ABREAST OF THE BUGS
.PP
One of the hardest things about keeping a system secure is finding out about
the security holes before a cracker does.
To combat this,
there are several sources of information you can and should make use of
on a regular basis.
.NH 2
THE COMPUTER EMERGENCY RESPONSE TEAM
.PP
The Computer Emergency Response Team (\s-1CERT\s0) was established in
December 1988 by the Defense Advanced Research Projects Agency to address
computer security concerns of research users of the Internet.
It is operated by the Software Engineering Institute at Carnegie-Mellon
University.
The
.SM CERT
serves as a focal point for the reporting of security violations,
and the dissemination of security advisories to the Internet community.
In addition,
the team works with vendors of various systems in order to coordinate the
fixes for security problems.
.PP
The
.SM CERT
sends out security advisories to the
.I cert-advisory
mailing list whenever appropriate.
They also operate a 24-hour hotline that can be called to report security
problems (e.g., someone breaking into your system),
as well as to obtain current (and accurate) information about rumored
security problems.
.PP
To join the
.I cert-advisory
mailing list,
send a message to
.I cert@cert.sei.cmu.edu
and ask to be added to the mailing list.
Past advisories are available for anonymous
.SM FTP
from the host
.I cert.sei.cmu.edu .
The 24-hour hotline number is (412) 268-7090.
.NH 2
DDN MANAGEMENT BULLETINS
.PP
The
.I "DDN Management Bulletin"
is distributed electronically by the Defense Data Network
.SM DDN ) (
Network Information Center under contract to the Defense Communications
Agency.
It is a means of communicating official policy,
procedures,
and other information of concern to management personnel at
.SM DDN
facilities.
.PP
The
.I "DDN Security Bulletin"
is distributed electronically by the
.SM "DDN SCC"
(Security Coordination Center),
also under contract to
.SM DCA ,
as a means of communicating information on network and host security
exposures,
fixes,
and concerns to security and management personnel at
.SM DDN
facilities.
.PP
Anyone may join the mailing lists for these two bulletins by sending a
message to
.I nic@nic.ddn.mil
and asking to be placed on the mailing lists.
.NH 2
SECURITY-RELATED MAILING LISTS
.PP
There are several other mailing lists operated on the Internet that pertain
directly or indirectly to various security issues.
Some of the more useful ones are described below.
.NH 3
Security
.PP
The
.SM UNIX
Security mailing list exists to notify system administrators of security
problems
.I before
they become common knowledge,
and to provide security enhancement information.
It is a restricted-access list,
open only to people who can be verified as being principal systems people
at a site.
Requests to join the list must be sent by either the site contact listed
in the Network Information Center's
.SM WHOIS
database,
or from the ``root'' account on one of the major site machines.
You must include the destination address you want on the list,
an indication of whether you want to be on the mail reflector list or
receive weekly digests,
the electronic mail address and voice telephone number of the site contact
if it isn't you,
and the name,
address,
and telephone number of your organization.
This information should be sent to
.I security-request@cpd.com .
.NH 3
RISKS
.PP
The
.SM RISKS
digest is a component of the
.SM ACM
Committee on Computers and Public Policy,
moderated by Peter G. Neumann.
It is a discussion forum on risks to the public in computers and related
systems,
and along with discussing computer security and privacy issues,
has discussed such subjects as the Stark incident,
the shooting down of the Iranian airliner in the Persian Gulf (as it
relates to the computerized weapons systems),
problems in air and railroad traffic control systems,
software engineering,
and so on.
To join the mailing list,
send a message to
.I risks-request@csl.sri.com .
This list is also available in the
.SM USENET
newsgroup
.I comp.risks .
.NH 3
TCP-IP
.PP
The
.SM TCP-IP
list is intended to act as a discussion forum for developers and
maintainers of implementations of the
.SM TCP/IP
protocol suite.
It also discusses network-related security problems when they involve
programs providing network services,
such as
.I sendmail .
To join the
.SM TCP-IP
list,
send a message to
.I tcp-ip-request@nic.ddn.mil .
This list is also available in the
.SM USENET
newsgroup
.I comp.protocols.tcp-ip .
.NH 3
SUN-SPOTS, SUN-NETS, SUN-MANAGERS
.PP
The
.SM SUN-SPOTS ,
.SM SUN-NETS ,
and
.SM SUN-MANAGERS
lists are all discussion groups for users and administrators of systems
supplied by Sun Microsystems.
.SM SUN-SPOTS
is a fairly general list,
discussing everything from hardware configurations to simple
.SM UNIX
questions.
To subscribe,
send a message to
.I sun-spots-request@rice.edu .
This list is also available in the
.SM USENET
newsgroup
.I comp.sys.sun .
.PP
.SM SUN-NETS
is a discussion list for items pertaining to networking on Sun systems.
Much of the discussion is related to
.SM NFS ,
Yellow Pages,
and name servers.
To subscribe,
send a message to
.I sun-nets-request@umiacs.umd.edu .
.PP
.SM SUN-MANAGERS
is a discussion list for Sun system administrators and covers all aspects
of Sun system administration.
To subscribe,
send a message to
.I sun-managers-request@eecs.nwu.edu .
.NH 3
VIRUS-L
.PP
The
.SM VIRUS-L
list is a forum for the discussion of computer virus experiences,
protection software,
and related topics.
The list is open to the public,
and is implemented as a mail reflector,
not a digest.
Most of the information is related to personal computers,
although some of it may be applicable to larger systems.
To subscribe,
send the line
.DS
.ft C
SUB VIRUS-L \fIyour full name\fP
.ft R
.DE
to the address
.I "listserv%lehiibm1.bitnet@mitvma.mit.edu" .
DataMuseum.dk

DKUUG/EUUG Conference tapes

⟦cc2758ab4⟧ TextFile

Derivation

TextFile
