EFF "Security/Computer Security" Archive

Files in this Archive

comp_sec.analysis

File containing June 11, 1987 Committee on Science, Space and Technology's analysis of the Computer Security Act of 1987. The Committee on Science, Space, and Technology, to whom was referred the bill (H.R. 145) to provide for a computer standards program within the National Bureau of Standards, to provide for Government-wide computer security, and to provide for the training in security matters of persons who are involved in the management, operation, and use of Federal Computer systems, and for other purposes, having considered the same, report favorably thereon with an amendment and recommend that the bill as amended do pass.

comp_sec_gao.report

File containing May 1990 US General Accounting Office's report to the Committee on Science, Space, and Technology (House of Representatives) regarding the government-wide review of computer security, as required by the Computer Security Act. GAO believes that The planning and review process implemented under the Computer Security Act did little to strengthen computer security governmentwide. Although agency officials believe that the process heightened awareness of computer security, they typically described the plans as merely "reporting requirements" and of limited use in addressing agency-specific problems.

goldstein.testimony

File containing inofrmation abotut the June 9, 1993 testimony of Emmanuel Goldstein (Editor, '2600 Magazine') before the House of Representatives. Included is a summary of the proceedings (as given by Goldstein), as well as a copy of Goldstein's statement to the House. While the topics to be discussed included network security, toll fraud, and the social implications of rapidly emerging technologies, Goldstein claims to have been unfairly attacked by several representatives who claimed his 2600 Magazine' is nothing more than a manual for computer crime.

markey_goldstein.testimony

File containing the actual transcript of the second panel of the June 9, 1993 testimony of Emmanuel Goldstein before the House of Representatives. Includes comments by a variety of experts in the computer security field, as well as the angry comments of Rep. Markey and Rep. Fields, who seemed intent on bashing 'computer hackers' and 'demonstrat[ing] their ignorance on the subject and their unwillingness to listen to anything that didn't match their predetermined conclusions.

net_protection.article

File containing Steve Cisler's October 1993 article entitled "Protection and the Internet." Article originally appeared in The Apple Library Users Group Newsletter, Fall 1993. Cisler's summary: Now that the Internet is becoming popular, many people and organizations want to protect the Internet, protect people from the Internet, protect individual systems from casual visitors, protect children from access to certain files and online interactions, and protect whole cultures from outside influences.

net_security.paper

File containing December 1993 paper by Dan Farmer, 'Improving the Security of Your Site by Breaking Into It' describing how to improve network security by fighting fire with fire - use sophisticated cracking techniques to find weaknesses in your own systems.

nist_net_security.testimony

File containing statement of F. Lynn McNulty Associate Director for Computer Security National Institute of Standards and Technology U.S. Department of Commerce before the Subcommittee on Science Committee on Science, Space, and Technology U.S. House of Representatives, March 22, 1994. McNulty discusses the role that NIST plays in the security of both the Internet and the evolving national information infrastructure..."In essence, then, NIST has the responsibility -- through standards, guidance, and technology transfer -- for helping agencies protect their information technology and applications."

nist_security.faq

File containing NIST publication 'Computer Viruses and Related Threats: A Management Guide.' NIST says 'Computer viruses and related threats represent an increasingly serious security problem in computing systems and networks. This document presents guidelines for preventing, deterring, containing, and recovering from attacks of viruses and related threats. This section acquaints senior management with the nature of the problem and outlines some of the steps that can be taken to reduce an organization's vulnerability.

nsa_employee.manual

File containing National Security Agency's employee manual. Ultimate source unknown, but this has been confirmed as the real thing. Though it is classified, NSA stated that it would require a FOIA demand to get a copy of this, and it appears that the manual was leaked, and thus found it's way onto the net. It is presented here for several reasons: 1) it's appearance on the net indicates that secretive governments have a hardtime maintaining secrets when networks like this exist, and an even harder time controlling leaks when they appear; 2) it is a relevant document indicating some of the character of the agency responsible for the Clipper proposal; 3) it's leakage is a good example of how "wetware" can compromise even the most secure hard- and software setup; and 4) it actually has some useful security tips in it.

ota_priv_sec.report

File containing the very large and very detailed report from the U.S. Congress Office of Technology Assessment on "Information Security and Privacy in Network Environments". Report dated September 15, 1994, and focuses on several issues, including U.S. cryptography export restrictions, key "escrow", etc.

ota_priv_sec_report.summary

File containing 8-page summary of the OTA report in ota_priv_sec.report file.

priv_sec_resource.list

File containing David Johnson's report 'Staying Informed: Resources for Privacy Seekers & Computer Security', which lists security resources and companies (this is not a net-resource list, but a list of non-virtual-world materials). Released March of 1994.

s1948_natl_security.bill

File containing the full text of Senate Bill S1948 "Counterintelligence and Security Enhancements Act of 1994," whose purpose is to amend the National Security Act of 1947 to improve the counterintelligence and security posture of the United States intelligence community and to enhance the investigative authority of the Federal Bureau of Investigation in counterintelligence matters, and for other purposes. Bill introduced March of 1994.

security_doc.tar.gz

This is the complete text for SRI Information and Telecommunications Sciences and Technology Division Technical Report ITSTD-721-FR-90-21 on computer security. To format it, you need to have the "troff" text formatter and the "-ms" macro package. Except for printing the cover (which you don't really need), you do not need a PostScript printer. This is a gzip-compressed tar archive.

tempest_legal.draft

File containing Cristopher Seline's 1990 article, 'Eavesdropping On the Electromagnetic Emanations of Digital Equipment: The Laws of Canada, England and the United States', dealing with laws relating to eavesdropping on the elctromagnietic emanations of digital equiptment using TEMPEST technology (surveillance technology allowing information on any digital device to to be intercepted and reconstructed into useful intelligence.

tempest_monitoring.article

File containing Grady Ward's March 22, 1993 article on TEMPEST technology and electronic eavesdropping. The article examines some practical aspects of reducing the susceptibility of your personal computer equipment to remote monitoring using easily-installed, widely available after-market components.

unix_security.paper

File containing April 1990 article by David Curry, Systems Programmer for the Information and Telecommunications Sciences and Technology Division of SRI, entitled 'Improving the Security of Your UNIX System.'

unix_security_paper.ps.gz

File containing compressed version of unix_security_paper file.

Subdirectories in This Archive

Up to the Parent Directory

Hacking_cracking_phreaking/

Link to Hacking_cracking_phreaking directory, an extensive archive on the 'hacker culture,' with publications lists and legal information.

Related On-Site Resources

Clipper Link to a directory

pertaining to the Clipper Chip and electronic privacy issues; an extensive archive on these topics.

Crypto Miscellaneous directory

pertaining to cryptography issues.

Clipper/

Link to a directory pertaining to the Clipper Chip and electronic privacy issues; an extensive archive on these topics.

Crypto_misc/

Link to directory pertaining to cryptography issues.

Secure Internet Directory of info on

IPNG, IPv6, IPSec, S/WAN, SHTTP, TLS, Oakley, ISAKMP, SHTML, DNSS, Kerberos, SSL, and other Internet privacy & security efforts.

EFF Privacy/Crypto Main Archive

EFF Anonymity/Pseudonymity Archive

EFF Surveillance Archive

EFF Digital Money Archive

EFF Crypto Tools Archive

Government documents on Clipper

(& info about them) from Feb. 4, 1994

Doug Monroe's Privacy Information & Resources Index

Links to Related Off-Site Resources

Cypherpunks FTP Archive at Berkeley

Brian Combs' Cryptography WWW Archive

CuD (Computer Underground Publications) FTP Archive

Full Disclosure, a journal on privacy, security, surveillance, and public access to government information.

Security Management online magazine

CDT Crypto Pages

The Codex's Privacy & Security Links page