1998-06-07 - Re: Counterpane Cracks MS’s PPTP
Header Data
From: Bill Stewart <bill.stewart@pobox.com>
To: Chris Wedgwood <cypherpunks@toad.com
Message Hash: aa92edfe2817cfd7adbeb729fc781e15e744242bf714ea896305e42e6b6fa7ff
Message ID: <3.0.5.32.19980607123650.008cf970@popd.ix.netcom.com>
Reply To: <e01acc58.35737d7c@aol.com>
UTC Datetime: 1998-06-07 19:40:45 UTC
Raw Date: Sun, 7 Jun 1998 12:40:45 -0700 (PDT)
Raw message
From: Bill Stewart <bill.stewart@pobox.com>
Date: Sun, 7 Jun 1998 12:40:45 -0700 (PDT)
To: Chris Wedgwood <cypherpunks@toad.com
Subject: Re: Counterpane Cracks MS's PPTP
In-Reply-To: <e01acc58.35737d7c@aol.com>
Message-ID: <3.0.5.32.19980607123650.008cf970@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain
>> << > Auto-Launch attached binaries in E-Mail <-- Can we say G**dT*mes?
>> It was my understanding, that the so-called GoodTimes virus was a farce,
>> apparently aimed at specific commercial spammers.
>G**dT*mes is a hoax.
>
>I'm talking about a bug in Outlook (Express?) that will execute code when
>email messages are opened.
G**dT*mes and its ilk are hoaxes, which infect the mind of some readers,
causing Fear and Panic, and propagating around like chain letters.
But the fear-causing part is the assertion that if you read the message,
it will execute on your computer and do Bad Scary Things.
In the case of G**dT*mes, this was bogus, but it doesn't have to be.
In a passive-mail-reader environment, this won't happen,
because there's no reason your mailreader will execute commands
embedded in email, but if you've got a mail-reader that
executes scripts sent to it in the mail, you don't need the
human reader's participation to spread things,
you just need to tell the mail-reader to propagate and then
do whatever payload you've sent along as well.
The IBM Christmas-Tree Virus didn't use Fear to execute -
it promised the readers an amusing animated Christmas Tree on their terminals
(back when that was still perceived as cool :-) and if the sucker ran it,
it ran its propagation phase before or during the animation.
And back when we used Real Terminals instead of emulators,
you could send a crafty escape sequence to an HP2621 or VT100
to stash material in a register or on the screen and
get it sent back to the computer. If you made a good guess
about the environment, this was enough ("Quit mailreader, run /tmp/boom".)
There was an article in the SFChron or Oakland Trib in spring 1979
about how "hackers at Berkeley" discovered a security hole in
"the Unix, a computer made by DEC", which was really a terminal exploit.
How good is that VT100 emulator you're using to telnet to that shell account?
.
.
.
.
.
.
.
ESC[42m;
.
yeah, that was fake.....
Thread
Return to June 1998
- Return to “Bill Stewart <bill.stewart@pobox.com>”
- Return to “Chris Wedgwood <chris@cybernet.co.nz>”
Return to “StanSqncrs@aol.com”
- 1998-06-02 (Mon, 1 Jun 1998 21:25:13 -0700 (PDT)) - Re: Counterpane Cracks MS’s PPTP - StanSqncrs@aol.com
- 1998-06-02 (Tue, 2 Jun 1998 00:17:02 -0700 (PDT)) - Re: Counterpane Cracks MS’s PPTP - Chris Wedgwood <chris@cybernet.co.nz>
- 1998-06-07 (Sun, 7 Jun 1998 12:40:45 -0700 (PDT)) - Re: Counterpane Cracks MS’s PPTP - Bill Stewart <bill.stewart@pobox.com>