1996-02-04 - XMAS Exec

Header Data

From: Nathaniel Borenstein <nsb@nsb.fv.com>
To: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Message Hash: e2cf6172343ff3c4e05208354e981b0a3022790a38822560e4d8a4b1b5c7783c
Message ID: <ol5DPvGMc50eR2cD0x@nsb.fv.com>
Reply To: <HHiLiD4w165w@bwalk.dm.com>
UTC Datetime: 1996-02-04 18:34:33 UTC
Raw Date: Mon, 5 Feb 1996 02:34:33 +0800

Raw message

From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Mon, 5 Feb 1996 02:34:33 +0800
To: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Subject: XMAS Exec
In-Reply-To: <HHiLiD4w165w@bwalk.dm.com>
Message-ID: <ol5DPvGMc50eR2cD0x@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from mail.cypherpunks: 31-Jan-96 Re: FV Demonstrates Fatal F..
Dr. Dimitri Vulis@bwalk. (1227)

> I'd like to take an exception to this description of the XMAS EXEC, since
.............
> I had serious doubts that the person who wrote it was malicious.

Agreed completely.  I didn't mean to imply that the author was
malicious, merely that it well-illustrated the "social engineering"
approach to getting users to run untrusted code.  What I was saying is
that someone who *was* malicious could have used the same approach as
the attack vector for getting our credit card snooper (or other nasty
code) onto lots of consumer machines.  This came up, in the discussion,
because most people on this list seem to believe (correctly, I think)
that the hardest part of the attack we outlined is the initial infection
vector.  -- Nathanielx
--------
Nathaniel Borenstein <nsb@fv.com>
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq@nsb.fv.com

Thread

• Return to January 1996

• Return to February 1996

• Return to “dlv@bwalk.dm.com (Dr. Dimitri Vulis)”
• Return to ““Ed Carp, KHIJOL SysAdmin” <erc@dal1820.computek.net>”
• Return to “futplex@pseudonym.com (Futplex)”
• Return to “Jon Lasser <jlasser@rwd.goucher.edu>”
• Return to “m5@dev.tivoli.com (Mike McNally)”
• Return to “Mike Fletcher <fletch@ain.bls.com>”
• Return to “Nathaniel Borenstein <nsb@nsb.fv.com>”
• Return to “Paul Foley <paul@mycroft.actrix.gen.nz>”
• Return to ““Paul M. Cardon” <pmarc@fnbc.com>”
• Return to “Rich Graves <llurch@networking.stanford.edu>”
• Return to “Rich Salz <rsalz@osf.org>”
• Return to ““Richard Martin” <rmartin@aw.sgi.com>”

• Return to “Tim Philp <bplib@wat.hookup.net>”

• 1996-01-30 (Tue, 30 Jan 1996 17:12:29 +0800) - Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit - Rich Salz <rsalz@osf.org>
  • 1996-01-30 (Tue, 30 Jan 1996 19:42:59 +0800) - Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit - Nathaniel Borenstein <nsb@nsb.fv.com>
    • 1996-01-31 (Wed, 31 Jan 1996 12:22:49 +0800) - Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit - Paul Foley <paul@mycroft.actrix.gen.nz>
      • 1996-02-01 (Thu, 1 Feb 1996 10:16:17 +0800) - Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit - dlv@bwalk.dm.com (Dr. Dimitri Vulis)
        • 1996-02-04 (Mon, 5 Feb 1996 02:34:33 +0800) - XMAS Exec - Nathaniel Borenstein <nsb@nsb.fv.com>
          • 1996-02-04 (Mon, 5 Feb 1996 04:23:18 +0800) - Re: XMAS Exec - dlv@bwalk.dm.com (Dr. Dimitri Vulis)
  • 1996-01-30 (Tue, 30 Jan 1996 21:08:44 +0800) - Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit - “Paul M. Cardon” <pmarc@fnbc.com>
  • 1996-02-01 (Fri, 2 Feb 1996 02:16:15 +0800) - Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit - dlv@bwalk.dm.com (Dr. Dimitri Vulis)
  • 1996-02-01 (Fri, 2 Feb 1996 02:19:42 +0800) - Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit - Tim Philp <bplib@wat.hookup.net>
    • 1996-01-30 (Tue, 30 Jan 1996 13:45:13 +0800) - Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit - “Ed Carp, KHIJOL SysAdmin” <erc@dal1820.computek.net>
      • 1996-02-01 (Fri, 2 Feb 1996 01:59:49 +0800) - Re: Java Sniffer (Was: Re: FV Announces That The Sky Is Falling) - futplex@pseudonym.com (Futplex)
        • 1996-01-30 (Tue, 30 Jan 1996 23:03:11 +0800) - Re: Java Sniffer (Was: Re: FV Announces That The Sky Is Falling) - m5@dev.tivoli.com (Mike McNally)
          • 1996-01-30 (Wed, 31 Jan 1996 01:48:05 +0800) - Re: Java Sniffer (Was: Re: FV Announces That The Sky Is Falling) - Jon Lasser <jlasser@rwd.goucher.edu>
          • 1996-01-30 (Wed, 31 Jan 1996 02:29:00 +0800) - Re: Java Sniffer (Was: Re: FV Announces That The Sky Is Falling) - m5@dev.tivoli.com (Mike McNally)
            • 1996-01-31 (Wed, 31 Jan 1996 11:40:37 +0800) - Re: Java Sniffer (Was: Re: FV Announces That The Sky Is Falling) - futplex@pseudonym.com (Futplex)
            • 1996-01-31 (Thu, 1 Feb 1996 03:47:19 +0800) - Re: Java Sniffer (Was: Re: FV Announces That The Sky Is Falling) - m5@dev.tivoli.com (Mike McNally)
        • 1996-01-30 (Tue, 30 Jan 1996 23:42:02 +0800) - Re: Java Sniffer (Was: Re: FV Announces That The Sky Is Falling) - “Richard Martin” <rmartin@aw.sgi.com>
        • 1996-01-30 (Wed, 31 Jan 1996 00:49:47 +0800) - Re: Java Sniffer (Was: Re: FV Announces That The Sky Is Falling) - Mike Fletcher <fletch@ain.bls.com>
        • 1996-01-31 (Wed, 31 Jan 1996 16:55:46 +0800) - Re: Java Sniffer (Was: Re: FV Announces That The Sky Is Falling) - Rich Graves <llurch@networking.stanford.edu>
    • 1996-01-30 (Tue, 30 Jan 1996 23:10:58 +0800) - Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit - m5@dev.tivoli.com (Mike McNally)