Return-Path: smlieu Return-Path: Received: by cygnus.com (4.1/SMI-4.1) id AA15428; Wed, 23 Feb 94 07:00:08 PST Date: Wed, 23 Feb 94 07:00:08 PST From: smlieu (Sun Ming Lieu) Message-Id: <9402231500.AA15428@cygnus.com> To: engnews-distrib Subject: Inside Cygnus Engineering - Vol 3 #2 ------------------------------------------------------------------------- Vol 3 No 2 INSIDE CYGNUS ENGINEERING February 1994 ------------------------------------------------------------------------- Inside Cygnus Engineering (ICE) is published monthly for customers of Cygnus Support. Our objective is to provide a relevant but informal summary of news and ongoing activities. Please send all comments, suggestions, and subscription requests to engnews@cygnus.com. TABLE OF CONTENTS ----------------- . Kerberos Public Release . GDB 4.12 . Progressive Update Process . Software Maintenance Status . Change in IP Address for FTP . Customer Forum (New Platforms) . Customer Forum Responses (Feedback on ICE) . People Notes SPECIAL FEATURE --------------- Kerberos Public Release In response to the recent rash of Internet breakins resulting from `password-sniffing', We have released the latest version of Cygnus Network Security (CNS) to the general public. On an Ethernet-based network, every packet goes to every computer. Normally the network interface discards those packets not addressed to it. However, it is possible to run the interface in `promiscuous' mode so that every packet is collected and passed to software on the host computer. If any user logs in to a system across the Internet, there is no protection against a password-sniffing program that monitors and collects the user name and associated password. This vulnerability has been there for a long time, but the crackers have only noticed it recently. In the last few months, sniffer programs have been found on major networks such as BARRNet and PANIX, a public access unix system, and a Computer Emergency Response Team (CERT) advisory has been issued. CNS is a user authentication and password encryption package based on the Kerberos software from Massachusetts Institute of Technology (MIT). It eliminates the need for passwords from being sent over the Internet in clear text. Kerberos uses DES encryption to validate the user's password on a local machine, rather than sending it across the net to a remote machine. This prevents the password from being captured off the network and used by crackers. CNS provides network-level security and eliminates the single largest risk that Internet users face today. The recent publicity about password-sniffing has increased the need for immediate protection. In response, we are providing an as-is release free of charge to the public. This is available for Sun-3 (SunOS 4), Sun SPARC (both SunOS 4 and Solaris 2), DECstation (Ultrix), and HP9000/700 (HP-UX), and includes installation notes, complete source and binary code, and preliminary documentation. Other ports and enhancements of the CNS product are ongoing at Cygnus. Due to U.S. export restrictions on cryptography, Kerberos is only available in the United States and Canada at this time. Therefore we cannot make the public release directly available for FTP. Potential users must first contact us by calling either +1 800 CYGNUS-1 or at +1 415 903 1401. The caller will be informed of the location from which the software can be downloaded after we have verified the caller's location. Future Kerberos Plans: CNS is based on Kerberos version 4. We are working on the reference implementation of version 5 and expect to have a V5 based CNS by year end. We will also be porting CNS to more platforms. Since it uses a client-server architecture, Microsoft Windows- and Macintosh-based clients are expected by year end. Many of our customers are world-wide operations and would like to use CNS on an international network. We are actively working on the export problem. As a first step, we have obtained a Commodity Jurisdiction from the Department of Commerce that allows us to export `Bones', a version of the Kerberos software with the encryption code removed. OTHER RELEASES AND DEVELOPMENTS ------------------------------- 1. Gdb 4.12 Gdb 4.12 was released to the Internet at the beginning of February. This is primarily a bug fix release, although Irix 5 support has also been added. There are a number of changes that make gdb 4.12 incompatible with gcc 2.5.8 and gas 2.2 or pagas 1.36 on HP9000/700 (HP-PA) computers. These incompatibilities will be addressed in the next release of gcc and gas. 2. Progressive Update Procedure It is time to set up for our 94Q1 distribution of the Cygnus Progressive Release. Last quarter, we asked you for your preference as to whether you want always to get an update or not, and whether to receive the notification in email or via hardcopy. We will be sending you update forms by either means in about 10 days. If we do not hear back from you by the end of March, we will send (or not send) the update, depending on your default preference. If you want to override this preference, or change it and/or how you are notified, please simply return the form or send mail to us at contracts@cygnus.com. SUPPORT ACTIVITIES ------------------- In addition to new development, a significant part of our engineering resources is devoted to answering questions, fixing problems in the GNU software, and providing a range of support services to our customers. 1. Software maintenance status The following table shows the maintenance statistics for the last five weeks. We continue to need your help: please let us know when you agree that a problem has been fixed so that we can move it from a "feedback" state to a "closed" state. # # # # # # Date Open Analzd Fdback Closed Suspnd Total ------------------------------------------------------------ 01/17/94 458 230 785 2,576 143 4,192 02/21/94 436 251 732 2,801 149 4,369 ------------------------------------------------------------ Change -22 +21 -53 +225 +6 +177 Thanks to your help, we have been able to close out a large number of old problem reports in the last month. We hope to continue this effort in the next few months and work down the backlog. 2. Change in IP Address for FTP As part of our security procedures, the IP address of ftp.cygnus.com (also known as majipoor.cygnus.com) has changed to 140.174.1.3. You need to update your host table if it is recorded there. No action is required at sites which use the Domain Name Service. OTHER ITEMS ----------- 1. Customer Forum We value your suggestions, and would like your response to the following questions (to engnews@cygnus.com). We will publish summaries of answers of general interest in a future issue. 1. We are always looking at putting the GNU tools on new platforms. Some current investigations include the Power PC chip, Windows NT, and the Macintosh host. Which new platforms would you like to see as part of the Cygnus Progressive Releases? 2. Customer Forum Responses In the January issue of ICE, we asked you for suggestions on improving ICE. Unlike previous questions, we received only a single response. We hope this means that you are satisfied with what ICE provides. Our lone respondent suggested more information on how we are tracking the GNU project, and more details on PRMS statistics. Look for these in forthcoming issues of ICE. 3. People Notes Brendan Kehoe: A warm thank you to all who contacted us about Brendan. He has been discharged from the hospital and is back at home in Maine and going to therapy on an outpatient basis. He is logging into Cygnus regularly and working on his email backlog. We expect it will still be some months before Brendan is back at work. Jack Woehr: Look out for Jack's series of articles on GNU software in the Embedded Systems Programming magazine, What's GNU January 1994 Getting to know GNU February 1994 --------------------------------------------------------------------- Cygnus Support 1937 Landings Drive One Kendall Square Mountain View, CA 94043 Cambridge, MA 02139 +1 415 903 1400 voice +1 617 494 1040 voice +1 415 903 0122 fax +1 617 494 1325 fax ---------------------------------------------------------------------