Ahh..Red Leb....those were the days........ -----Original Message----- From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] Sent: Wednesday, October 05, 2005 3:54 PM To: ISA Mailing List Subject: [isalist] RE: ISA get EAL4+ rating http://www.ISAserver.org Totally--- in fact, checksum hashes are one of the several methods for one to specify allowed code when defining SAFER restrictions on XP/2003. It was just the words "hash" and "audit" that got my attention. Actually, it was just the word "hash." Ah, Lebanon. t ----- Original Message ----- From: "Troy Radtke" <TRadtke@xxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Wednesday, October 05, 2005 11:41 AM Subject: [isalist] RE: ISA get EAL4+ rating http://www.ISAserver.org Oh no, I agree with you on that. It won't verify -functional- integrity at all. What I'd need is to verify that the code has not -changed- since it was released from the vendor. Heck if it erases the disk drives and installs FreeBSD on the system that's for QA/QC to catch..... =?) I just expect to know if someone slipped me a different version or not. Ah, but then again, you are referencing internal developed apps vs. a 3rd party application acquired from Microsoft. I am not strong in the way of code-fu, so I can not comment on how bank/remittance/saving and loan auditor do that portion of it. All I usually have to do is prove that I knew exactly what and where that executable came from, and a hash can supply me with the ability to do that. For instance - Program A has hash "XYZ" and came from Bob's Computer-Programs-R-Us and matches their hash of "XYZ" which is version 1.2.3.4.5 which is approved for use. -----Original Message----- From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] Sent: Wednesday, October 05, 2005 11:42 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA get EAL4+ rating http://www.ISAserver.org Read one? Dude, I can't even *spell* EULA. Oh, wait... Anyway, I guess we have different auditors... Before I joined Anchor, I had a private development company. My base included financial/banking institutions-- I designed varied algorithms to calculate finance rates, verify disclosed rates against "true" rates (as dictated by Appendix J of the FTC's Reg Z documentation), balloon payments, mid-term rates based on odd-days before first payment and all kinds of other crap that made my head hurt... I then wrote the code that integrated said algorithms into various applications as well as stand alone apps. Never once was I asked to provide file hashes for my executables, even from the auditors. They did, however, require sit-down audits with me and the source code to verify my math theory, implementation, and exception handling... So I guess we just have two different viewpoints- from mine, any audit that uses a file hash to verify operational integrity is worth about as much as hen poop on a pump handle. ;) t ----- Original Message ----- From: "Troy Radtke" <TRadtke@xxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Wednesday, October 05, 2005 9:12 AM Subject: [isalist] RE: ISA get EAL4+ rating http://www.ISAserver.org True, but have you ever read a EULA? Basically it says that a bunch of monkeys could have banged on the keyboard and accidentally had it compile into a program and that they aren't liable if it makes your computer start on fire. The integrity of the bits is all an auditor cares about; since there is no warranty as to what the software does, if anything at all. If it can prove that the software on the disk that I have is what Microsoft says it should be, then it's good enough. It's the software's fingerprint, nothing more, nothing less. Right now, I can't even be sure it's the correct software that they are referencing. If I don't know that, then what it does is a moot point. -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Wednesday, October 05, 2005 10:57 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA get EAL4+ rating http://www.ISAserver.org Good point. Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls > -----Original Message----- > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] > Sent: Wednesday, October 05, 2005 10:47 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: ISA get EAL4+ rating > > http://www.ISAserver.org > > I'm not so sure... If the true concern is surviving an audit, > a published > file hash is worthless, really. I can publish the hash of > any of my Hammer > o' God tools, but unless you have the source code and compile > it yourself, > you have no way of knowing what I'm really doing in my code > when you run it. > The presence (or absence) of a hash has nothing to do with > the integrity of > a tool's operation, purpose, or effect - it's only the > integrity of the > bits. > > t > > > ----- Original Message ----- > From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > Sent: Wednesday, October 05, 2005 6:58 AM > Subject: [isalist] RE: ISA get EAL4+ rating > > > http://www.ISAserver.org > > Good point. > > Thomas W Shinder, M.D. > Site: www.isaserver.org <http://www.isaserver.org/> > Blog: http://spaces.msn.com/members/drisa/ > Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> > MVP -- ISA Firewalls > > > > > ________________________________ > > From: Troy Radtke [mailto:TRadtke@xxxxxxxxxxxx] > Sent: Wednesday, October 05, 2005 8:49 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: ISA get EAL4+ rating > > > http://www.ISAserver.org > > > That Integrity Check Tool is a joke. Where's the published > known good file hash for me to verify that it has not been > tampered with > before I downloaded it? Sure as heck isn't on the web page > that you can > download it from. > > Using an unverified tool to verify another piece of software > would have any auditor laughing at you pretty dang quick.... > Just like > a cashier at a store shouldn't be comparing the back of your > credit card > to your signature but to your state/government (hopefully checked and) > issued ID, since anyone can sign a credit card after it's been mailed > out..... > > > > > ________________________________ > > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > Sent: Tuesday, October 04, 2005 10:00 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: ISA get EAL4+ rating > > > > http://www.ISAserver.org > > I did ;-P > > > > Thomas W Shinder, M.D. > Site: www.isaserver.org <http://www.isaserver.org/> > Blog: http://spaces.msn.com/members/drisa/ > Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> > MVP -- ISA Firewalls > > > > > > > ________________________________ > > > From: Greg Mulholland > [mailto:gmulholland@xxxxxxxxxxxxxx] > Sent: Tuesday, October 04, 2005 9:57 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: ISA get EAL4+ rating > > http://www.ISAserver.org > > same to you :p > > > > > ________________________________ > > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > Sent: Wednesday, 5 October 2005 12:54 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: ISA get EAL4+ rating > > http://www.ISAserver.org > > Blog. > > > > Thomas W Shinder, M.D. > Site: www.isaserver.org <http://www.isaserver.org/> > Blog: http://spaces.msn.com/members/drisa/ > Book: http://tinyurl.com/3xqb7 > <http://tinyurl.com/3xqb7> > MVP -- ISA Firewalls > > > > > > > ________________________________ > > > From: Greg Mulholland > [mailto:gmulholland@xxxxxxxxxxxxxx] > Sent: Tuesday, October 04, 2005 9:51 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: ISA get EAL4+ rating > > http://www.ISAserver.org > > got a link? > > > > > ________________________________ > > > From: Thomas W Shinder > [mailto:tshinder@xxxxxxxxxxx] > Sent: Wednesday, 5 October 2005 12:26 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] ISA get EAL4+ rating > > http://www.ISAserver.org > > 'nuf said. > > > > Thomas W Shinder, M.D. > Site: www.isaserver.org > <http://www.isaserver.org/> > Blog: http://spaces.msn.com/members/drisa/ > Book: http://tinyurl.com/3xqb7 > <http://tinyurl.com/3xqb7> > MVP -- ISA Firewalls > > > > > ------------------------------------------------------ > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > Visit TechGenix.com for more information about > our other sites: > http://www.techgenix.com > > ------------------------------------------------------ > You are currently subscribed to this > ISAserver.org Discussion List as: gmulholland@xxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > ------------------------------------------------------ > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > Visit TechGenix.com for more information about > our other sites: > http://www.techgenix.com > > ------------------------------------------------------ > You are currently subscribed to this > ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > > > > > > All mail to and from this network has been scanned for viruses > > ------------------------------------------------------ > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: > http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other > sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org > Discussion List as: gmulholland@xxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > ------------------------------------------------------ > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: > http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other > sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org > Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: > http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: tradtke@xxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: > http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: > thor@xxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tradtke@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: thor@xxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tradtke@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: thor@xxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: isalist@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx The correct technical term for haggis stalking is "havering".