|
|
ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #059 [Re: Disassembled virus?] (1 message, 850 bytes)
SOURCE: http://securitydigest.org/exec/display?f=phage/archive/059.txt&t=text/plain
NOTICE: securitydigest.org recognises the rights of all third-party works.
START OF DOCUMENT
From: bostic@okeeffe.Berkeley.EDU (Keith Bostic)
To: phage
Date: Sat 18:37:20 05/11/1988 EST
Subject: Re: Disassembled virus?
References:
[Thread Prev: 057]
[Thread Next: 069]
[Message Prev: 058]
[Message Next: 060]
> I agree with Doug Comer. Was there *really* anything in there that was > terribly sophisticated? No, but you're missing the point. While not terribly sophisticated, it's not something a first year programming student could do without some *serious* effort. You want me to post source that would allow any moron to hear about a bug, replace a few routines, and start the whole mess over again. Let's at least make it as hard as possible, okay? > Let's face it, 99.9% of the virus was the hole in sendmail, he (or > anyone else) could have done *anything* with that, "rm -rf /" after > re-propagating wouldn't take much genius although more nefarious > things are possible. Not true; the sendmail bug gives you daemon, not root. And daemon is not the hole that people seem to think it is, although it's not my idea of a good time. Incidentally, most systems here were attacked through fingerd, not smtp. > I say publish it for the curious though I would agree to wait until > more discussion occurs, there's certainly no rush. I don't see publication as the end of the world, but it's clearly not a good idea. --keith
END OF DOCUMENT
| ISSN 1742-948X 01 (Online) | 2005/03/01 | Copyright 2002-2008 securitydigest.org. All rights reserved. |