UNCLASSIFIED 01 04 RR UUUU DIA WASHINGTON DC//DSM-4// AIG 7894 SECDEF WASHINGTON DC//C3I-T// JOINT STAFF WASHINGTON DC//6JT/DIRM-SCD/ NSACSS FT GEORGE G MEADE MD//T03/T711/V531/V34// DCA WASHINGTON DC//DIS/DODM// HQ AFOSI BOLLING AFB DC//IVSC// AFCSC KELLY AFB TX//SRPE// HQ ESC KELLY AFB TX//INAR// DA WASHINGTON DC//DAMI-AM/DAMI-CIC/SAIS-SS// CDRINSCOM FORT BELVOIR VA//IAOPA-OP-I/ IAOPA-OP-TO// CDRUSAOPSGP FT GEORGE G MEADE MD//IAGPC-TSE// CDR902ND MIGP FT GEORGE G MEADE MD//IAGPA-OP-I// CDR730THMIBN MUNICH GE//IAGPE-SCM// HQ AFISA BOLLING AFB DC//IND// COMNAVINTCOM WASHINGTON DC//OOQ/OOJ// CDRINSCOM WASHINGTON DC//22E3/22E1// NAVINVSERVA MUNICH GE//60MK// MICHAEL R. HIGGINS (703) 284-0182, 6 SEP 91 (DEJ) ROBERT L. AYERS, CHIEF, DSM-4, (703) 284-1276 UNCLASSIFIED UNCLASSIFIED 02 RR UUUU NAVINVSERV ERREG LONDON UK//60HQ// NAVINVSERVRA LONDON UK//60LN// AFOSI DET 7008 MUNICH GE//CC// CMC WASHINGTON DC//INTX// USCENTCOM MACDILL AFB FL//J2// USCINCEUR VAHINGEN GE//ECJ2/ECJ2-P/EUCOM AIDES// USCINCLANT NORFOLK VA//J2// USCINCPAC HONOLULU HI//J21// CINCSAC OFFUTT AFB NE//INYSCC// USCINCSO QUARRY HEIGHTS PM//J2// USCINCTRANS SCOTT AFB IL//J2// USCINCFOR FT MCPHERSON GA//J2// USSPACECOM PETERSON AFB CO//J2// USNMR SHAPE BE//DACOS INTEL// NSACSS FT MEADE MD//C912// MIBN (CI)(T) FT MEADE//IAGPA-A-CO// UNCLAS U-8,013/DSM-4 PASS TO SITE/FACILITY/COMMAND INFORMATION SYSTEM SECURITY UNCLASSIFIED UNCLASSIFIED 03 RR UUUU OFFICER (ISSO) AND SITE/FACILITY/COMMAND INFORMATION RESOURCE MANAGER (IRM); COMM CEN MUNICH GE PASS TO NAVINVSERVA MUNICH GE; USNMR SHAPE BE PASS TO COL REYNOLDS AND MAJ HILL SUBJ: SECURITY ALERT FOR NOVELL NETWORK SOFTWARE (ASSIST 91-3). 1. ASSIST HAS RECENTLY BECOME AWARE OF TROJAN HORSE SOFTWARE THAT COULD BE USED TO EXTRACT DATA FROM THE NOVELL NETWORK. SOURCE CODE FROM A TROJAN HORSE HAS BEEN DISCOVERED THAT WOULD PERMIT A LOGGED-ON NETWORK USER TO COPY THE PROTECTED PASSWORD FILE TO ANY LOCATION ON THE NETWORK. THE COMPROMISE OF THE PASSWORD FILE COULD LEAD TO FURTHER EXPLOITATION OF THE NETWORK. ANALYSIS OF THE SOURCE CODE REVEALS THAT IF SLIGHT MODIFICATION WERE MADE TO THE SOFTWARE THEN IT WOULD ENABLE A LOGGED-ON USER TO OBTAIN A COPY OF ANY FILE ON THE NETWORK. 2. ISSO SHOULD REVIEW THEIR NOVELL NETWORK FOR THE PRESENCE OF A PROGRAM NAMED "SECURE.COM". SECURE.COM IS NOT A DELIVERABLE OF NOVELL AND SHOULD BE CONSIDERED A SECURITY RISK. IF THIS PROGRAM IS FOUND MAKE A DUPLICATE COPY OF THE PROGRAM ON DISK, DELETE THE PROGRAM, AND NOTIFY ASSIST IMMEDIATELY. 3. ASSIST CAN BE REACHED BY CALLING (703) 284-0182/1276 OR UNCLASSIFIED UNCLASSIFIED 04 04 RR UUUU DSN 251-0182/1276 DURING DUTY HOURS OR (202) 373-8000 OR DSN 234-8000 AFTER DUTY HOURS. ASSIST IS ALSO AVAILABLE FROM A TOUCH TONE PHONE THROUGH TELEPHONIC PAGER (202) 896-6863 (AT THE TONE, ENTER THE NUMBER YOU WISH TO BE CONTACTED ON AND THE ASSIST DUTY OFFICER WILL CALL YOU BACK IMMEDIATELY). 4. POC FOR THIS ALERT IS MIKE HIGGINS, ASSIST, (703) 284-0182 OR DSN 251-0182. ANY DISCOVERY OF THE PROGRAM "SECURE.COM" SHOULD BE REPORTED IMMEDIATELY FOR FOLLOW-UP ASSIST ACTION. UNCLASSIFIED