virus, fix for 3000 part 05 of 05 (last)
root
root at sbcs.sunysb.edu
Wed Nov 9 15:11:32 AEST 1988
In article <21798 at sgi.SGI.COM>, miq at chromavac.SGI.COM (Miq Millman) writes:
> AS I mentioned to Mr. Spanbauer via email, there is nothing stopping it.
> However the possiblity of someone at a backbone site doing the following:
>
> 1) knowing EXACTLY when my message will come through his site in
> advance
> 2) knowing how many sections my post would be in advance
> 3) having a virus ready and waiting for a post to be made to
> comp.sys.sgi that included binaries and being aware of 1 & 2
> 4) doing all of the first three things just about the same time
> a worm is floating around systems
Look, news batches articles and sends them at a later time. So
it is not as if the bad guy needs to have everything ready to go at
the millisecond that your postings come through. The
bad guy could hold his batching operation off until the necessary
modifications were made.
The bad guy could just as easily notice your posting, make the mods,
forge the headers, and resubmit the article 15 days later; since you
have stablished the policy of shipping binaries via Usenet people would
never know they've received and installed a forgery.
And the attitude of "doesn't happen, extremely rare" is what got
all of us into this mess in the first place. I find it strange
that an otherwise responsible manufacturer would distribute
binaries via Usenet when the potential is there to introduce
trojan horse mods along the way. As any IBM PC user will tell you
it is simply bad practice to load any binary off a BBS and run it.
Why is this point lost on Unix people?
Also, why is it that you're not distributing source to sendmail?
After all, the Berkeley sendmail sources are freely available.
> is extremely rare. And as I mentioned with the 4D version of sendmail, the
> only real way to be safe is to remove your machine from all networks.
The only *real* way to be safe under Unix is to shut the machine
off :-). Seriously, disconnecting from the Internet is not
an option for most of us. What is SGI doing about locating and
repairing other security holes in their Unix?
> --
> BLAM! BLAM! BLAM!
> "Oh thank you thank you thank you" {hug}
> "Maam, you are emotionally distraught, I'll contact a rape crisis center"
> Miq Millman -- miq at sgi.com or {sun,decwrl,pyramid,ucbvax}!sgi!miq
> 415 960 1980 x1041 work
Am I the only one who finds miq's .signature objectionable?
Rick Spanbauer
SUNY/Stony Brook
More information about the Comp.sys.sgi
mailing list