From: smb@research.att.com
Date: Tue, 8 Jun 93 13:59:09 PDT
To: Eric Hughes <hughes@soda.berkeley.edu>
Subject: Re: CERT: the letter from CERT to berkeley.edu admin
Message-ID: <9306082059.AA26522@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


	 >Any public spooling directory is fair game for their antics. [...]
	 >My guess is that your CERT problems have NOTHING to do with
	 >PGP distribution.

	 There is only one directory on the cypherpunks site that is writable,
	 and that is the incoming directory and it's not readable.

It doesn't have to be.  Anyone could create ``incoming/.. '', stick
some files in it, and tell his/her friends.  The new directory would
be readable.

Again, I'm not speaking hypothetically here.  In our case, it was ..^T,
and contained pirated PC software.  (We decided not to infect those files
with viruses...  We didn't even replace them with programs that just
printed nasty messages.)