The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #132 [Re: some points to make with the media] (1 message, 890 bytes)
NOTICE: recognises the rights of all third-party works.


From: (Don Speck)
To: phage
Date: Sun 23:36:17 06/11/1988 EST
Subject: Re: some points to make with the media
References: [Thread Prev: 403] [Thread Next: 161] [Message Prev: 082] [Message Next: 084]

>   [Erik Fair:]    5. The Internet is basically back on-line now.

The size of my SMTP queue says that it isn't.  Of course, it doesn't
help that JPL dumped their sendmail queue onto mine (with uucp).  JPL
disconnected Wednesday night and I hear that they'll be off the air
for another day.  But they even disconnected for Labor Day weekend.

>  [Doug Comer:]			  (an analogy: even if I leave
>  my office door open, ransacking my office is still unethical/illegal.

I thought everyone agreed that nothing was ransacked.

What puzzles me is that this vax and its twin were not affected.
They're still wide open.  /usr/lib/sendmail is on a filesystem
mounted readonly (dual-ported) so I can't fix it without
bringing both vaxen down.  (/usr/tmp is a symlink, of course).
They're near the top of the /etc/hosts of an infected vax that
they both list in /etc/hosts.equiv and /.rhosts.  Still, nothing.
How could it pass up a hostname like cit-tingduck?.  What stopped it?
Are you SURE that the worm doesn't try to write something on /usr?

Please don't tell me that I have to decompile this myself to find out.

Does the official decompilation compile down to the exact same binary?