VIRUS-L Digest              Monday, 14 Nov 1988          Volume 1 : Issue 7

Today's Topics:
Removal of Details on the Recent Virus at Purdue
flushot: which version is bad
Hiring the mischevous hacker
Sendmail security hole (UNIX)

---------------------------------------------------------------------------

Date:         Sat, 12 Nov 88 13:55:06 CST
From:         Bill Goffe <B234WLG@UTARLVM1>
Subject:      Removal of Details on the Recent Virus at Purdue

In yesterday's (11/11) NEW YORK TIMES, p. 12, there is an article titled
"U.S. is Moving to Restrict Access To Facts About Computer Virus." It
describes how the National Computer Security Center, a division of the
National Security Agency, requested that Purdue University remove detailed
information on the recent virus from university computers. The university
complied. The article goes on to describe the debate over this action
(rather considerable, as you might imagine). The article leaves open
the possibility that sother sites may have received similiar requests.
Two questions: (1) what was the NCSC concerned about? (2) have others
been contacted?

Bill Goffe
b234wlg @ utarlvm1

------------------------------

Date:  14-NOV-1988 17:26:37 GMT
Subject: flushot: which version is bad
From:  Doug Moncur <[email protected]>

Function: Microsystems Adviser
Surface mail: Computing Service, University of York, York YO1 5DD
Phone:  uk: 0904-430000x3815 or direct dial: 0904-433815
 international: +44-904-430000x3815 or +44-904-433815
Fax:  0904-432767 (uk) or +44-904-432767 (int'l)
Telecom Gold: 87:YQQ361

can I have an update on which version(s) of flushot are known/
suspected of being bad ?

with my customary efficiency I've flushed all the flushot
messages 3 or 4 days before someone comes in with a possible
virus problem

- -Doug

------------------------------

Date: Mon, 14 Nov 88 15:08 EST
From: X-=*REB*=-X <[email protected]>
Subject: Hiring the mischevous hacker

>Well, I finally heard it the other night -- Ted Koppel, who I happen to
>think is one of the best interviewers in the popular media, had a program
>on the internet events, and (Wozniak's inane remarks aside) Koppel said
>something to the effect that if the culprit was not convicted he would
>certainly going to have a career in computer security.
>
>NUTS !!!!
>
>[stuff deleted]
>We do not hire murders as
>police chiefs, and we do not hire embezzelers to guard the cash drawer.
>Whether the scope of damage was beyond that invisioned, I have NO USE
>WHATSOEVER for anyone who even considers to initiate such a program in
>which there is even the most remote possibility of damaging other's in
>data, stealing their private information, or denying them the use of
>their resources.

Yes, but some people see these  folks as  intelligent  people who have
simply been turning to the   dark side  of the  force.  I  think  it's
better to  put them on  the side  of good than  to let them perpetuate
their  crimes/annoyances.  I think  the feeling is along the  lines of
"They know too  much already  and we'd better have  them on our side."
Or, in other  words, "If  he can do it,  he can help us prevent others
from doing it (or similar things) again."  Sure, none of this prevents
the person from continuing  his activities  on the inside.  Obviously,
those who hire such people feel confident that there  is no risk of it
continuing.

                            Richard Baum
  ________________________________________________________________
 /InterNet:[email protected]  BitNet: [email protected] ",
/  SlowNet: 508 E 4th St Suite #1, Bethlehem, PA 18015 215-867-8433",
/NJ Slownet: 861 Washington Avenue Westwood, NJ 07675   201-666-9207 ",
- -----------------------------------------------------------------------
Was it over when the Germans bombed Pearl Harbor? (On Sept 7 of course!)

------------------------------

Date: Mon, 14 Nov 1988 16:13:19 EST
From: George Young <[email protected]>
Subject: Sendmail security hole (UNIX)

The sure way to determine if your sendmail is subject to this security
hole is to try it yourself.  It is frighteningly easy.  On
questionable unix machine 'phubar' do [machine responses prefixed by
">"]:

telnet phubar 25
>Trying...
>Connected to ll-vlsi.arpa.
>Escape character is '^]'.
>220 phubar Sendmail 5.51/3.2.sst.ll ready at Mon, 14 Nov 88 12:26:21 EST
helo phubar
>250 phubar.cc.hehigh.edu Hello phubar, pleased to meet you
debug
>500 Debug set

If the respose to the 'debug' command is 'Debug set', you are wide
open!  The response should be something like 'Command unrecognized' if
you are safe.  End the telnet session with 'quit'.

I would disable sendmail until you get it fixed.  Even if you didn't
get hit by the recent virus, there are now thousands of curious
hackers out there just itching to try out this newly publicized
security hole.

There are various fixes available on the net, but basically what you
need to do is with adb or emacs or whatever editor you use for binary
files, change the string 'debug' to something else -- 'showq' is
suggested, since that is a valid SMTP command.

Good luck.

George Young,  Rm. B-141        [email protected]
MIT Lincoln Laboratory            [email protected]
244 Wood St.
Lexington, Massachusetts 02173        (617) 981-2756

------------------------------

End of VIRUS-L Digest
*********************
Downloaded From P-80 International Information Systems 304-744-2253

You are viewing proxied material from infinitelyremote.com. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.