virus, fix for 3000 part 05 of 05 (last)

root root at sbcs.sunysb.edu
Wed Nov 9 15:11:32 AEST 1988 

In article <21798 at sgi.SGI.COM>, miq at chromavac.SGI.COM (Miq Millman) writes:
> AS I mentioned to Mr. Spanbauer via email, there is nothing stopping it.
> However the possiblity of someone at a backbone site doing the following:
> 
> 	1) knowing EXACTLY when my message will come through his site in
> 	   advance
> 	2) knowing how many sections my post would be in advance
> 	3) having a virus ready and waiting for a post to be made to 
> 	   comp.sys.sgi that included binaries and being aware of 1 & 2
> 	4) doing all of the first three things just about the same time
> 	   a worm is floating around systems

	Look, news batches articles and sends them at a later time. So
	it is not as if the bad guy needs to have everything ready to go at
	the millisecond that your postings come through.  The
	bad guy could hold his batching operation off until the necessary
	modifications were made.

	The bad guy could just as easily notice your posting, make the mods, 
	forge the headers, and resubmit the article 15 days later; since you
	have stablished the policy of shipping binaries via Usenet people would 
	never know they've received and installed a forgery.

	And the attitude of "doesn't happen, extremely rare" is what got
	all of us into this mess in the first place.  I find it strange
	that an otherwise responsible manufacturer would distribute 
	binaries via Usenet when the potential is there to introduce
	trojan horse mods along the way.  As any IBM PC user will tell you
	it is simply bad practice to load any binary off a BBS and run it.
	Why is this point lost on Unix people?

	Also, why is it that you're not distributing source to sendmail?
	After all, the Berkeley sendmail sources are freely available.

> is extremely rare.  And as I mentioned with the 4D version of sendmail, the
> only real way to be safe is to remove your machine from all networks. 

	The only *real* way to be safe under Unix is to shut the machine
	off :-).  Seriously, disconnecting from the Internet is not
	an option for most of us.  What is SGI doing about locating and
	repairing other security holes in their Unix?
	
> --
> BLAM! BLAM! BLAM!
> "Oh thank you thank you thank you"  {hug}
>     "Maam, you are emotionally distraught, I'll contact a rape crisis center"
> Miq Millman -- miq at sgi.com or {sun,decwrl,pyramid,ucbvax}!sgi!miq
> 415 960 1980 x1041 work

	Am I the only one who finds miq's .signature objectionable?

					Rick Spanbauer
					SUNY/Stony Brook

More information about the Comp.sys.sgi mailing list