David@DOCKMASTER.NCSC.MIL (Jon David) (10/29/90)
Back in June I received what purported to be a "Novell virus." I
contacted Greg Drusdow, president of NUI (NetWare Users
International), and he arranged with Novell to provide test facilities
at their Paramus, NJ offices. Testing was done by myself and Jay
Nickson (creater of Quarantine, an anti-virus product for Novell
LANs), with Greg as an advisor/observer.
Our tests showed the virus bypassing server write protection
(read-only status has not proven to be too effective against most
viruses), but further enabling nodes to write to the server without
the write privilege. (This last was viewed as bypassing Novell
security, a potentially more critical event that the viral
activities.)
Jay, Greg and I met at Novell at around 8:30 on the morning of July
11th. We conclusively demonstrated the above, first to ourselves,
then to designated Novell representatives, and made a full verbal
report to Provo by 5:30 in the afternoon. All three of us were there
on our own time, no monies requested, none offered. NUI had the
results of our tests put out on NetWire the next day, and I sent an
appropriate note to Ken van Wyk (which was on VALERT-L on the 12th,
and reprinted in next VIRUS-L).
Based on either or both the NetWire and/or VALERT-L/VIRUS-L notices, I
got some calls from media reps. I (and the others) repeated what
happened, and one story (in Network World) got printed on the subject.
(A second story, this one in LAN Magazine, dealt with LAN security and
also mentioned virus issue.)
The three of us gave of our time and energies to try to be of help to
NetWare users, to test things out before crying wolf (or virus). To
say that Novell was less than enthusiastic about our efforts is an
understatement.
(It is important to note at this time that the three of us stayed at
Novell until 11:30PM that first evening, and that Jay and I billed for
our time then spent to run tests at Novell's request; further, I spent
a year in Provo one day around the end of August, and I billed for my
time. Nothing new regarding the virus behavior arose during either of
these two periods.)
I have received a note from the Novell Corporate Counsel. Seems that
they've read some stuff they don't care for, stuff with my name (as a
source, not author). Using phrases such as breach of contract and
false and defamatory statements, it seems that, if I don't shut up,
they're going to sue my butt off.
In order to protect myself I am assembling as comprehensive a
collection of Novell security problems - both virus and all other - as
possible. (I do, of course, prefer virus problems, but
about-to-be-sued beggers can't be chosers.) All potentially damaging
[to Novell] reports will be verified, and once an appropriately nasty
set of stuff (that can be reporduced at will) is assembled, I will
pass it on to a highly respected security/virus expert for release to
the public.
I urge any of you with knowledge of Novell security and/or virus
problems to get information thereof to me ASAP. E-mail is, of course,
the quickest way, but, if you have trouble sending, want to remain
anonymous, or for some other reason[s] do not want to e-contact me, my
address is
63 Hamilton Avenue
Tappan, NY 10983-1002 (USA)
and my phone number (say hello to my answering computer if I'm not
there) is
(914)359-5566.
Please make your information as detailed as possible - hardware,
IPX/shell versions, node OS, NetWare version, sequence of events, etc.
(Remember, I have to be able to reporduce what you report.)
Jon David
(I don't mind trying my best ... I do mind being tried for it!)
---
Keith Petersen <w8sdz@vela.acs.oakland.edu>
Consultant on contract to Oakland University, Rochester, Michigan
(313) 977-9382hacker@vela.acs.oakland.edu (Thomas J. Hacker) (11/01/90)
In article <901029044600.David@DOCKMASTER.NCSC.MIL> David@DOCKMASTER.NCSC.MIL (Jon David) writes: >Back in June I received what purported to be a "Novell virus." I >contacted Greg Drusdow, president of NUI (NetWare Users >International), and he arranged with Novell to provide test facilities >at their Paramus, NJ offices. Testing was done by myself and Jay >Nickson (creater of Quarantine, an anti-virus product for Novell >LANs), with Greg as an advisor/observer. > The previous article was not posted by Keith Petersen, and this article has no association with Oakland University and was NOT posted from Oakland University and was NOT posted by Keith Petersen. Would the author of this article <901029044600.David@DOCKMASTER.NCSC.MIL> Please cancel it or clarify the NON relationship between the article and Keith Petersen and Oakland University. Thank You -Tom > >--- >Keith Petersen <w8sdz@vela.acs.oakland.edu> >Consultant on contract to Oakland University, Rochester, Michigan >(313) 977-9382 Thomas Hacker Systems Programmer Office of Computer Services Oakland University Rochester, MI (313) 370-4358 hacker@vela.acs.oakland.edu HACKER@OAKLAND uunet!umich!vela!hacker -- Thomas Hacker "Criticism is something we can avoid easily - by saying Systems Programmer nothing, doing nothing, and being nothing" - Aristotle Oakland University, Rochester Mich (313) 370-4358 hacker@vela.acs.oakland.edu HACKER@OAKLAND uunet!umich!vela!hacker