Volume 15, Number 1 - January 1999
by Gil Kloepfer
Well, it seems a "CACTUS" year is winding down, and I guess it's a good time to review what state the newsletter is in at this point.
This past year we have moved to a fully electronic newsletter, eliminating the paper newsletter. This provides the capability of not only saving the organization money, but also allows more timely distribution of information. Unfortunately having the capability for "timely distribution" doesn't mean much if there's no information to distribute. In the past several months (since September), the newsletter has been void of content or non-existant (there was not a newsletter in December). After repeated pleas for articles from both the membership and from the officers, I have received little substance to publish. There is little motivation to construct a newsletter that has almost no input from the membership. I hope this trend does not continue into the new year.
The Web-version of the newsletter continues to happen manually. I originally had planned to move to a strictly- HTML newsletter, with a plaintext newsletter constructed from the HTML. This hasn't been done yet, so we're still doing the newsletter in nroff with hand-editing done afterward. Again, there is a lot more motivation to do this when there is content to publish, and lately this has been sorely lacking.
Next year's newsletter is going to require some work - whether it is I or someone else handling the responsibility. The nroff version needs to be converted to HTML. Officers need to be held accountable when they don't contribute even the minimum information necessary to get a newsletter published. An up-to-date e-mailing list needs to be made so that members may receive their newsletter. All of these things require time and dedication to complete.
Regardless of the state of the newsletter, I hope that you all have a happy and prosperous new year, and that CACTUS will move-ahead in 1999.
by Ron Roberts
Only twenty-two members attended the November meeting, despite an excellent program. President Jack McKinney introduced each of the officers and had them describe what they duties they performed because we will be electing new officers in January. Except for the program chair, all officers were present. Lindsay and Jack then spoke about the new 600 bogoMIPs CACTUS machine. Problems with the initial Slackware install caused Lindsay to reinstall it with Debian Linux. Essential services such as HTTP and mail will migrate from the old SPARC II eventually. There was some discussion about how close the two CACTUS machines were on the network. It's fourteen hops between them averaging about 200 milliseconds a piece. Lenny Tropiano indicated that was the same count he gets between his cable modem in the living room and his ISDN routers in the wiring closet.
The membership indicated that it would rather have a no program meeting than cancel the December meeting even though several people indicated that Christmas time makes it more difficult to attend. [The Lounge Lizards are scheduled to play at the Armadillo Christmas Bizaar for the second straight December CACTUS meeting.]
The featured speaker was David Phillips of Cisco Systems. Cisco recently acquired the Wheel Group, a security consulting company for whom David worked in San Antonio. Cisco is moving this group to Austin to office with another recent acquisition: Netspeed. Netspeed talked to us earlier about ASDL.
The membership was keenly interested in how the Wheel Group goes about conducting security audits. David emphasized that a security policy is not static--it's an ongoing dynamic process. It's reiterative, not fix and forget. Though he couldn't mention any client names, he did indicate that a certain large retail chain based in Arkansas had used the services of the Wheel Group.
The Wheel Group conducts audits internally and externally. On one occasion, a customer gave them the wrong range of telephone numbers, and the group wound up cracking into a police department. David indicated that once they have a regular login, it's only a matter of time before they get root access. The most secure commercial Unix is HPUX 10.20, which took thirteen different attempts before cracking.
David presented examples of output from finger, hosts and rpcinfo targeted at Cactus.Org. He noted that we had the ToolTalk port enabled, which is the most popular unpatched buffer overrun security hole for SunSoft products. Several members began worrying about security on our machine. Lindsay asked David to try to crack us. Jack McKinney was inspired to run crack on our passwords. No word yet on the results.
The top vulnerabilities are: SMTP (89%), NFS (67%), XServer (62%), ToolTalk (58%), and HTTP (14%). David discussed resources such as RootShell, CERT, TatooMan and others. WheelGroup.com also contains a library of security white papers.
Thanks to David Phillips and Cisco for a great presentation.
To renew your membership, please send check or money order payable to CACTUS ($25/yr for regular membership and $96/yr for corporate sponsorship):
PO BOX 9786
AUSTIN, TX 78766-9786
You can also pay in person at the general meetings. The date on the upper right hand of the newsletter mailing label indicates when your membership expires. Please direct any inquiries or address changes to membership [at] cactus <dot> org.
CACTUS meets on the third Thursday of each month at the UT Applied Research Labs (ARL) in the JJ (Jake) Pickle Research Campus (JJ PRC). We'll meet in the main auditorium located directly behind the guard's desk and main lobby.
Please do not show up earlier than 6:20 pm on the specified day. Enter through the main entrance at 10000 Burnet Road for ARL:UT. Tell the guard that you are here for the CACTUS meeting. You will be required to sign a log book, but not required to wear a badge. The guards will direct you to the auditorium entrance. Limited parking in the front of the building is available, but more extensive parking is available in the large parking lot just north of the ARL building. After 6:30 pm, all entrances to JJ PRC, except for the Burnet Road entrance, are closed and locked. You can still enter the parking lot in front of the ARL building. No parking tags are necessary after 6:00 pm. See maps for further details.
Online maps are available at:
As always, please leave the facility as you saw it when you arrived. So let's clean up all pizza and soda items before we leave. Thanks and hope to see all of you there.
| | ^ <---- to MOPAC | | | | | | North | | B | to Braker Lane ---------------+ | U -+ /-----------+ | R | | | | N | +--------+ | | E | Parking | | | T | Lot | | | +----------+ | | R | | D +------------+ | | | | +-------+ | | | | +---+ | | | | | | | Rutland | ARL | | | | +--------- | | | | | +--------- | | | +---+ | | | +---+---+ | +------------+ | | | | | | South | | | to US 183 | | v