2
Vol. 11, No. 8, Page 5 AUSTRALIAN ROUNDUP Australian Government releases major computer crime report The Australian Government has recently issued a report detailing the need for new federal legislation to deal with computer-related offences. The report deals with practices such as unauthorized access (‘hacking’) and the destruction or alteration of data which can follow such access. It also contains draft legislation which includes penalties of up to ten years imprisonment and fines of A$48 000. Releasing the report, the Attorney-General, Lionel Bowen, said the review had been requested as a matter of urgency because of the likely need of protection of information in government computers. “This report is particularly timely in view of the widespread concern about so-called computer viruses and other acts of high-tech vandalism”, Bowen said. The draft legislation proposed in the report would make it an offence: to obtain access to data in a government computer without authority; to wrongfully destroy, alter or erase data in a government computer; to interfere with or obstruct the lawful use of a government computers; and to do similar acts in relation to private data or private computers, through the use of Telecom Australia or another go*‘ernment agency. Research into secure transaction services Telecom Australia’s Research laboratories (TLR) have demonstrated a secure mailing system as part of research into secure transaction services. It consists of a standard Unix mailer and additional programs to implement the security features. Describing the system in TLR’s Research Quarterly, Telecom researcher, Mr E.A. Zuk, said, “Currently two programs are available. The first signs mail messages using the sender’s secret key information. The second program checks that the signature is valid using only publicly available information. Combined, these programs provide a message integrity and a data origin authentication service. The integiky service protects against modification of messages, while the data origin service identifies the creator of a message”. The technique used for origin authentication is based on Public Key Cryptography (PKC). With PKC two keys are used, one to transform the data into an encrypted form, and the other for the inverse transformation to recover or decrypt the data. But it is feasible to compute one key from the other, and this characteristic allows one key to be made known publicly while the other remains secret. In the mailing system, PKC is used to calculate a digital signature on the mail message. The digital signature is formed by hashing or compressing the message and then encrypting the result with a users secret key. Zuk continued, “Because only the user knows what the secret key is, only that user can create the signature. This signature is then appended to the mail message as proof of the identity for the creator of the message. The recipient of a message with a signature can verify the creator of the message if the creator’s public key is known”. Research into secure transaction services The signature can be decrypted using the public key, transforming it to what should be a hashed version of the message. The verification process is completed by hashing the message and comparing this with the decrypted signature. If both items are identical then all is well, if not, then either the data has been corrupted or a forgery has been attempted. The only problem that remains is to obtain the public key. This cannot be sent COMPUTER FRAUD & SECURITY BULLETIN Olw19 Ekevier Science Publkhers Ltd., England./89/$0.00 + 2.20 No part of this publication ma be re educed, stored in a retrieval s stem, or transmitted by any form or b{ any means. electronic, me&&~ photocopying, Fccording or o x envise. without the pnor permission o the publishers. (Readxs in the U.S.A.- please see special regulations listed on back cover.)

Australian roundup

Embed Size (px)

Citation preview

Page 1: Australian roundup

Vol. 11, No. 8, Page 5

AUSTRALIAN ROUNDUP

Australian Government releases major computer crime report

The Australian Government has recently issued a report detailing the need for new federal legislation to deal with

computer-related offences. The report deals with practices such as unauthorized access (‘hacking’) and the destruction or alteration of data which can follow such access. It also

contains draft legislation which includes penalties of up to ten years imprisonment and

fines of A$48 000.

Releasing the report, the Attorney-General, Lionel Bowen, said the review had been requested as a matter of urgency because of the likely need of protection of information in government computers. “This report is particularly timely in

view of the widespread concern about so-called computer viruses and other acts of high-tech vandalism”, Bowen said.

The draft legislation proposed in the report would make it an offence:

to obtain access to data in a government computer without authority;

to wrongfully destroy, alter or erase data in a government computer;

to interfere with or obstruct the lawful use of a government computers; and

to do similar acts in relation to private data or private computers, through the use of Telecom Australia or another go*‘ernment agency.

Research into secure transaction services

Telecom Australia’s Research laboratories (TLR) have demonstrated a secure mailing system as part of research into secure transaction services. It consists of a standard Unix mailer and additional programs to

implement the security features. Describing the system in TLR’s Research Quarterly, Telecom researcher, Mr E.A. Zuk, said, “Currently two programs are available. The first signs mail messages using the sender’s secret key information. The second program

checks that the signature is valid using only publicly available information. Combined,

these programs provide a message integrity and a data origin authentication service. The

integiky service protects against modification of messages, while the data origin service identifies the creator of a message”.

The technique used for origin authentication is based on Public Key Cryptography (PKC). With PKC two keys are

used, one to transform the data into an encrypted form, and the other for the inverse transformation to recover or decrypt the data. But it is feasible to compute one key from the

other, and this characteristic allows one key to be made known publicly while the other remains secret. In the mailing system, PKC is used to calculate a digital signature on the mail

message. The digital signature is formed by hashing or compressing the message and then encrypting the result with a users secret key.

Zuk continued, “Because only the user knows what the secret key is, only that user can create the signature. This signature is then appended to the mail message as proof of the identity for the creator of the message. The recipient of a message with a signature can verify the creator of the message if the creator’s public key is known”.

Research into secure transaction services

The signature can be decrypted using the public key, transforming it to what should be a hashed version of the message. The verification process is completed by hashing

the message and comparing this with the decrypted signature. If both items are identical then all is well, if not, then either the data has been corrupted or a forgery has been attempted. The only problem that remains is to obtain the public key. This cannot be sent

COMPUTER FRAUD & SECURITY BULLETIN

Olw19 Ekevier Science Publkhers Ltd., England./89/$0.00 + 2.20 No part of this publication ma be re educed, stored in a retrieval s stem, or transmitted by any form or b{ any means. electronic, me&&~ photocopying, Fccording or o x envise. without the pnor permission o the publishers. (Readxs in the U.S.A.- please see special regulations listed on back cover.)

Page 2: Australian roundup

Vol. 11, No. 8, Page 6

unprotected with the message as the recipient will have no way of verifying that the public key

corresponds to the claimed creator’s secret key.

This problem is solved by using a third party known as the Certification Authority (CA) who creates ‘certificates’ that associate a user’s name with the user’s public key. The certificates are also produced with the aid of the digital signature, this time using the trusted CA’s secret key. Because a large number of users will subscribe to a particular CA only one public key belonging to the CA has to be known in advance. This key can be obtained from the CA when the certificates are produced. Telecom Australia Research Laboratories’ have also written the software to perform the CA functions.

In the mailing system the creator’s certificate is sent along with the message. Each subscriber user has his or her own copy of the CA’s public key to verify that the certificate is authentic. Once a certificate is verified, the public key contained in the certificate can be used to verify the creator of the mail message. The secure mail services

are based on the current IS0 and CCllT electronic mail recommendations and Telecom Australia is studying the application of the security function to its EDI service ‘Tradelink’.

Frank Rees

Acknowledgements to Telecom Australia’s Research Laboratories.

WATCHDOG

Version 5.2 of Watchdog, the PC security software product, has been released by Fischer International Systems of Naples, Florida in the USA. It can be used on the IBM PC XT, AT and all PS/2 models as well as on Zenith, Compaq and IBM PC compatibles.

Memory support has been expanded to include the LIM expanded memory specifications (version 3.2 or higher). This

enables Watchdog’s primary memory requirement to be reduced by about two thirds

Three new user additions have been added: restricted access to the floppy drive; restricted access to the communication ports; restricted access to the printer ports. The first two in particular increase protection from viruses.

A new utility program can be used to run Watchdog utilities. They can now be activated

from a utility menu or from the DOS command line.

The new release costs US$295 but current users can upgrade at a cost of US$30 a copy.

An OS/2 release of Watchdog is to be released in the summer.

More information from Fischer International Systems Corporation, 4073 Merchantile Avenue, Naples, Florida 33942, USA or telephone (800) 237-4510.

SUSPICIOUS ANNOUNCEMENT

In an effort to advertise the Data Protection Act in the UK, one national newspaper carried an advert with the slogan,

“Even the police have to help you with your enquiries”. Above the slogan is a huge photograph of a suspicious looking police officer. Hardly likely to build confidence

among a public ever ready to fear abuse of power by law enforcement agencies.

PASSWORD PROTECTION

A start-up company based in Cheshire, UK, Manor Park Systems, has refined a product called MPS Privacy which controls access to VME services on ICL mainframes. One market it is addressing concerns the new local tax system in the UK, the ‘poll tax’, which many local authorities intend to run on such systems holding confidential information about members of the public.

COMPUTER FRAUD & SECURITY BULLETIN

01989 Else&x Science Publishers Ltd., England./89/$0.00 + 2.20 No part of this publication ma be re b

r any means, electronic, met h P

roduced, stored in a retrieval s stem, or transmitted by any form or amca , photocopying, recording ore tK._ wwwz, wthout the pnor permission

o the publishers. (Readers in the U.S.A.-please see special regulations listed on back cover.)


Media Roundup

Media Roundup

Documents
ROUNDUP - historycollection.jsc.nasa.gov

ROUNDUP - historycollection.jsc.nasa.gov

Documents
12.07.09 Roundup

12.07.09 Roundup

Documents
Rodent Roundup

Rodent Roundup

Documents
Conference Roundup

Conference Roundup

Documents
Weekly Roundup

Weekly Roundup

Documents
Long term toxicity of a Roundup herbicide and a Roundup-tolerant genetically … · 2016-09-27 · Long term toxicity of a Roundup herbicide and a Roundup-tolerant genetically

Long term toxicity of a Roundup herbicide and a Roundup-tolerant genetically … · 2016-09-27 · Long term toxicity of a Roundup herbicide and a Roundup-tolerant genetically

Documents
Ranch Roundup

Ranch Roundup

Documents
VOCABULARY ROUNDUP

VOCABULARY ROUNDUP

Documents
Wyoming Roundup

Wyoming Roundup

Documents
Sistema roundup

Sistema roundup

Documents
ROUNDUP - History

ROUNDUP - History

Documents
Kindergarten roundup

Kindergarten roundup

Education
Rural Roundup - Kingsdown Village Hallkingsdownvillagehall.org.uk/assets/docs/Rural Roundup April 2013.pdf · Fairmead, Church Lane, ... Rural Roundup Distributor - Lesley Dobby

Rural Roundup - Kingsdown Village Hallkingsdownvillagehall.org.uk/assets/docs/Rural Roundup April 2013.pdf · Fairmead, Church Lane, ... Rural Roundup Distributor - Lesley Dobby

Documents
Roundup 12.10.09

Roundup 12.10.09

Documents
Reindeer Roundup!

Reindeer Roundup!

Documents
Roundup Ready Canola Industry Benefits - Australian … · Timeline for Roundup Ready Canola in Australia 2009 WA Govt Exemption for small scale commercial demonstration late 1990s

Roundup Ready Canola Industry Benefits - Australian … · Timeline for Roundup Ready Canola in Australia 2009 WA Govt Exemption for small scale commercial demonstration late 1990s

Documents
ROUNDUP PROACTIVE

ROUNDUP PROACTIVE

Documents
1943 Roundup

1943 Roundup

Documents
Rugby Roundup

Rugby Roundup

Documents
Roundup unit15

Roundup unit15

Education
Roundup 120430 PDF

Roundup 120430 PDF

Documents
NHL ROUNDUP NBA ROUNDUP Bruins outlast Sabres in SO in

NHL ROUNDUP NBA ROUNDUP Bruins outlast Sabres in SO in

Documents
Long term toxicity of a Roundup herbicide and a Roundup

Long term toxicity of a Roundup herbicide and a Roundup

Documents
Roundup PowerFlex - spiess-urania.comspiess-urania.com/download/produkte/roundup_powerflex/roundup... · Roundup® PowerFlex Roundup ® PowerFlex Unkrautarten Mit 2,25 l/ha gut bekämpfbar:

Roundup PowerFlex - spiess-urania.comspiess-urania.com/download/produkte/roundup_powerflex/roundup... · Roundup® PowerFlex Roundup ® PowerFlex Unkrautarten Mit 2,25 l/ha gut bekämpfbar:

Documents
11.16.09 Roundup

11.16.09 Roundup

Documents
Desplegable Roundup - Roundup Ready Plus Argentina · Title: Desplegable Roundup Created Date: 8/31/2015 5:02:57 PM

Desplegable Roundup - Roundup Ready Plus Argentina · Title: Desplegable Roundup Created Date: 8/31/2015 5:02:57 PM

Documents
CLEVEDON ROUNDUP

CLEVEDON ROUNDUP

Documents
Roundup MONTANAFWP

Roundup MONTANAFWP

Documents
Desert Roundup

Desert Roundup

Documents