The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #184 [Re: Disassembled virus?] (1 message, 745 bytes)
SOURCE: http://securitydigest.org/exec/display?f=phage/archive/184.txt&t=text/plain
NOTICE: securitydigest.org recognises the rights of all third-party works.

START OF DOCUMENT

From: Theodore Ts'o <tytso@ATHENA.MIT.EDU>
To: phage
Date: Tue 21:27:08 08/11/1988 EST
Subject: Re: Disassembled virus?
References: [Thread Prev: 178] [Thread Next: 195] [Message Prev: 181] [Message Next: 183]

   Date: Tue, 8 Nov 88 15:38:01 PST
   From: Peter E. Yee <yee@AMES.ARC.NASA.GOV>
   X-Lines: 7

   I would prefer to see it distributed, but not until we know that most sites
   have applied suitable patches and will not vulnerable to a mutation of this
   worm.

That will never happen.  Unless you want to be confident enough to say
that there will never be another security hole discovered in UN*X's
network services?  It would be so simple, for example, given source code,
to modify it to take advantage of the sun ftp bug that was posted to
this list.  (Actually, it would require a little bit of thought, since
you can't quite get a running shell, but it wouldn't be that difficult.)

The only way to make sure you're not vulnerable to a mutation of the
worm is to take a fire axe and apply it to your network connection.
Unfortunately, there may be many sites that will make that decision.

						- Ted

END OF DOCUMENT