The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #100 [Re: ftpd] (1 message, 713 bytes)
SOURCE: http://securitydigest.org/exec/display?f=phage/archive/100.txt&t=text/plain
NOTICE: securitydigest.org recognises the rights of all third-party works.

START OF DOCUMENT

From: Piet Beertema <piet@cwi.nl>
To: phage
Date: Mon 10:24:27 07/11/1988 EST
Subject: Re: ftpd
References: [Thread Prev: 072] [Thread Next: 159] [Message Prev: 097] [Message Next: 099]

	I just put an ftpd binary with the anonymous bug fixed for encores
	running bsd for anonymous ftp (still with me?) on multimax.arpa (aka
	encore.com)
Barry, I trust you; all others on this list will too,
I presume. But potentially there's a danger, especially
under the current circumstances: suppose someone puts a
"virused" ftpd (or whatever) binary on some machine, then
sends out a mail, forging it such that it seems to come
from you. Guess what will happen...
Maybe I'm a bit paranoid, but way back in '84 I proved
with the "kremvax incident" (and it has been done a couple
of times after that) that such mail forging is easy. In
these cases it was just for fun (and obvious for the good
reader!) and had nothing to do with ethics, but as Gene
already noted, there are people around who don't care about
ethics in relation to computers.


	Piet

END OF DOCUMENT