The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #228 ["late-breaking news"] (1 message, 807 bytes)
NOTICE: recognises the rights of all third-party works.


From: Mark W. Eichin <eichin@ATHENA.MIT.EDU>
To: phage
Date: Thu 02:36:12 10/11/1988 EST
Subject: "late-breaking news"
References: [Thread Prev: 227] [Thread Next: 233] [Message Prev: 227] [Message Next: 229]

To calm some people down:

The sources which Jean Diaz posted were *FAR* from complete. They do
not contain any of the attack or crack routines, nor the routines
host-search routines. It is only 15-20% of the code anyway. I do not
forsee someone taking this and launching another attack with it, since
there is a large amount of work left to be done... However, it is in
the most dangerous form --- IT WILL ALL COMPILE.

There was no excuse to post this code. The author did finish his work,
and agreed NOT to post it.

I have a paper (which was distributed at the NCSC Virus Conference on
8 November) in draft form; I will (fairly soon) publish a complete
version (electronically as well as physically.) It contains a
routine-by-routine analysis of the code, which supplies all of the
detail WITHOUT THE CODE ITSELF. The experts at the meeting agreed that
this was very useful information, perhaps MORE useful than compilable
C code.

				Mark Eichin
		SIPB Member & Project Athena ``Watchmaker''