David@DOCKMASTER.NCSC.MIL (Jon David) (10/29/90)
Back in June I received what purported to be a "Novell virus." I contacted Greg Drusdow, president of NUI (NetWare Users International), and he arranged with Novell to provide test facilities at their Paramus, NJ offices. Testing was done by myself and Jay Nickson (creater of Quarantine, an anti-virus product for Novell LANs), with Greg as an advisor/observer. Our tests showed the virus bypassing server write protection (read-only status has not proven to be too effective against most viruses), but further enabling nodes to write to the server without the write privilege. (This last was viewed as bypassing Novell security, a potentially more critical event that the viral activities.) Jay, Greg and I met at Novell at around 8:30 on the morning of July 11th. We conclusively demonstrated the above, first to ourselves, then to designated Novell representatives, and made a full verbal report to Provo by 5:30 in the afternoon. All three of us were there on our own time, no monies requested, none offered. NUI had the results of our tests put out on NetWire the next day, and I sent an appropriate note to Ken van Wyk (which was on VALERT-L on the 12th, and reprinted in next VIRUS-L). Based on either or both the NetWire and/or VALERT-L/VIRUS-L notices, I got some calls from media reps. I (and the others) repeated what happened, and one story (in Network World) got printed on the subject. (A second story, this one in LAN Magazine, dealt with LAN security and also mentioned virus issue.) The three of us gave of our time and energies to try to be of help to NetWare users, to test things out before crying wolf (or virus). To say that Novell was less than enthusiastic about our efforts is an understatement. (It is important to note at this time that the three of us stayed at Novell until 11:30PM that first evening, and that Jay and I billed for our time then spent to run tests at Novell's request; further, I spent a year in Provo one day around the end of August, and I billed for my time. Nothing new regarding the virus behavior arose during either of these two periods.) I have received a note from the Novell Corporate Counsel. Seems that they've read some stuff they don't care for, stuff with my name (as a source, not author). Using phrases such as breach of contract and false and defamatory statements, it seems that, if I don't shut up, they're going to sue my butt off. In order to protect myself I am assembling as comprehensive a collection of Novell security problems - both virus and all other - as possible. (I do, of course, prefer virus problems, but about-to-be-sued beggers can't be chosers.) All potentially damaging [to Novell] reports will be verified, and once an appropriately nasty set of stuff (that can be reporduced at will) is assembled, I will pass it on to a highly respected security/virus expert for release to the public. I urge any of you with knowledge of Novell security and/or virus problems to get information thereof to me ASAP. E-mail is, of course, the quickest way, but, if you have trouble sending, want to remain anonymous, or for some other reason[s] do not want to e-contact me, my address is 63 Hamilton Avenue Tappan, NY 10983-1002 (USA) and my phone number (say hello to my answering computer if I'm not there) is (914)359-5566. Please make your information as detailed as possible - hardware, IPX/shell versions, node OS, NetWare version, sequence of events, etc. (Remember, I have to be able to reporduce what you report.) Jon David (I don't mind trying my best ... I do mind being tried for it!) --- Keith Petersen <w8sdz@vela.acs.oakland.edu> Consultant on contract to Oakland University, Rochester, Michigan (313) 977-9382
hacker@vela.acs.oakland.edu (Thomas J. Hacker) (11/01/90)
In article <901029044600.David@DOCKMASTER.NCSC.MIL> David@DOCKMASTER.NCSC.MIL (Jon David) writes: >Back in June I received what purported to be a "Novell virus." I >contacted Greg Drusdow, president of NUI (NetWare Users >International), and he arranged with Novell to provide test facilities >at their Paramus, NJ offices. Testing was done by myself and Jay >Nickson (creater of Quarantine, an anti-virus product for Novell >LANs), with Greg as an advisor/observer. > The previous article was not posted by Keith Petersen, and this article has no association with Oakland University and was NOT posted from Oakland University and was NOT posted by Keith Petersen. Would the author of this article <901029044600.David@DOCKMASTER.NCSC.MIL> Please cancel it or clarify the NON relationship between the article and Keith Petersen and Oakland University. Thank You -Tom > >--- >Keith Petersen <w8sdz@vela.acs.oakland.edu> >Consultant on contract to Oakland University, Rochester, Michigan >(313) 977-9382 Thomas Hacker Systems Programmer Office of Computer Services Oakland University Rochester, MI (313) 370-4358 hacker@vela.acs.oakland.edu HACKER@OAKLAND uunet!umich!vela!hacker -- Thomas Hacker "Criticism is something we can avoid easily - by saying Systems Programmer nothing, doing nothing, and being nothing" - Aristotle Oakland University, Rochester Mich (313) 370-4358 hacker@vela.acs.oakland.edu HACKER@OAKLAND uunet!umich!vela!hacker