[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Counterpane Cracks MS's PPTP

To: Chris Wedgwood <[email protected]>, [email protected], [email protected]
Subject: Re: Counterpane Cracks MS's PPTP
From: Bill Stewart <[email protected]>
Date: Sun, 07 Jun 1998 12:36:50 -0700
In-Reply-To: <[email protected]>
References: <[email protected]><[email protected]>
Sender: [email protected]

>> << > Auto-Launch attached binaries in E-Mail <-- Can we say G**dT*mes?
>> It was my understanding, that the so-called GoodTimes virus was a farce,
>> apparently aimed at specific commercial spammers.
>G**dT*mes is a hoax.
>
>I'm talking about a bug in Outlook (Express?) that will execute code when
>email messages are opened.

G**dT*mes and its ilk are hoaxes, which infect the mind of some readers,
causing Fear and Panic, and propagating around like chain letters.
But the fear-causing part is the assertion that if you read the message,
it will execute on your computer and do Bad Scary Things.
In the case of G**dT*mes, this was bogus, but it doesn't have to be.

In a passive-mail-reader environment, this won't happen,
because there's no reason your mailreader will execute commands 
embedded in email, but if you've got a mail-reader that
executes scripts sent to it in the mail, you don't need the 
human reader's participation to spread things,
you just need to tell the mail-reader to propagate and then
do whatever payload you've sent along as well.

The IBM Christmas-Tree Virus didn't use Fear to execute -
it promised the readers an amusing animated Christmas Tree on their terminals
(back when that was still perceived as cool :-) and if the sucker ran it,
it ran its propagation phase before or during the animation.

And back when we used Real Terminals instead of emulators,
you could send a crafty escape sequence to an HP2621 or VT100
to stash material in a register or on the screen and
get it sent back to the computer.  If you made a good guess
about the environment, this was enough ("Quit mailreader, run /tmp/boom".)
There was an article in the SFChron or Oakland Trib in spring 1979
about how "hackers at Berkeley" discovered a security hole in
"the Unix, a computer made by DEC", which was really a terminal exploit.

How good is that VT100 emulator you're using to telnet to that shell account?
 .
	.
		.
			.
				.
					.
						.
							ESC[42m;
								.

									yeah, that was fake.....

References:
- Re: Counterpane Cracks MS's PPTP
  - From: [email protected]
- Re: Counterpane Cracks MS's PPTP
  - From: Chris Wedgwood <[email protected]>

Prev by Date: E-Mail anything to 57 million people for only $99
Next by Date: PGP International Accused
Prev by thread: Re: Counterpane Cracks MS's PPTP
Next by thread: Foundation for Information Policy Research
Index(es):
- Date
- Thread