From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
To: cypherpunks@toad.com
Message Hash: 8a3a4c126593c0f83290fbd92560a53ab36bc75df793a4d62eb784c0ab07f250
Message ID: <HHiLiD4w165w@bwalk.dm.com>
Reply To: <199601310100.OAA00804@mycroft.actrix.gen.nz>
UTC Datetime: 1996-02-01 02:16:17 UTC
Raw Date: Thu, 1 Feb 1996 10:16:17 +0800
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Thu, 1 Feb 1996 10:16:17 +0800
To: cypherpunks@toad.com
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit
In-Reply-To: <199601310100.OAA00804@mycroft.actrix.gen.nz>
Message-ID: <HHiLiD4w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain
Paul Foley <paul@mycroft.actrix.gen.nz> writes:
> > 4. Imitate the IBM Christmas exec. Break into someone's site and steal
> > their mail aliases file. Now send mail to everyone on their alias list,
> > pretending to be them, offering them a cute animation program they can
> > install. The animation will happen, but it will also send mail to all
> > THEIR aliases (like the Christmas exec) and (unlike that) install our
> > malicious snooping software.
>
> Another trojan horse.
I'd like to take an exception to this description of the XMAS EXEC, since
I too received a copy of it in '87 (but had the smarts not to run it).
It didn't break or steal anything. It did 2 things:
* Displayed an ASCII Xmas tree;
* E-mailed a copy of itself to every e-mail address listed in the database of
e-mail aliases. VM/CMS comes a very convenient, standard, and user-friendly
program for keeping track of nicknames, real names, and e-mail addresses,
stored in a flat file with tags, which any REXX program can easily read.
I had serious doubts that the person who wrote it was malicious.
---
Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
Return to February 1996
Return to “Tim Philp <bplib@wat.hookup.net>”