1996-02-01 - Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit

Header Data

From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
To: cypherpunks@toad.com
Message Hash: 8a3a4c126593c0f83290fbd92560a53ab36bc75df793a4d62eb784c0ab07f250
Message ID: <HHiLiD4w165w@bwalk.dm.com>
Reply To: <199601310100.OAA00804@mycroft.actrix.gen.nz>
UTC Datetime: 1996-02-01 02:16:17 UTC
Raw Date: Thu, 1 Feb 1996 10:16:17 +0800

Raw message

From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Thu, 1 Feb 1996 10:16:17 +0800
To: cypherpunks@toad.com
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit
In-Reply-To: <199601310100.OAA00804@mycroft.actrix.gen.nz>
Message-ID: <HHiLiD4w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Paul Foley <paul@mycroft.actrix.gen.nz> writes:
> > 4.  Imitate the IBM Christmas exec.  Break into someone's site and steal
> > their mail aliases file.  Now send mail to everyone on their alias list,
> > pretending to be them, offering them a cute animation program they can
> > install.  The animation will happen, but it will also send mail to all
> > THEIR aliases (like the Christmas exec) and (unlike that) install our
> > malicious snooping software.
>
> Another trojan horse.

I'd like to take an exception to this description of the XMAS EXEC, since
I too received a copy of it in '87 (but had the smarts not to run it).
It didn't break or steal anything. It did 2 things:

 * Displayed an ASCII Xmas tree;
 * E-mailed a copy of itself to every e-mail address listed in the database of
 e-mail aliases. VM/CMS comes a very convenient, standard, and user-friendly
 program for keeping track of nicknames, real names, and e-mail addresses,
 stored in a flat file with tags, which any REXX program can easily read.

I had serious doubts that the person who wrote it was malicious.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps

Thread

• Return to January 1996

• Return to February 1996

• Return to “dlv@bwalk.dm.com (Dr. Dimitri Vulis)”
• Return to ““Ed Carp, KHIJOL SysAdmin” <erc@dal1820.computek.net>”
• Return to “futplex@pseudonym.com (Futplex)”
• Return to “Jon Lasser <jlasser@rwd.goucher.edu>”
• Return to “m5@dev.tivoli.com (Mike McNally)”
• Return to “Mike Fletcher <fletch@ain.bls.com>”
• Return to “Nathaniel Borenstein <nsb@nsb.fv.com>”
• Return to “Paul Foley <paul@mycroft.actrix.gen.nz>”
• Return to ““Paul M. Cardon” <pmarc@fnbc.com>”
• Return to “Rich Graves <llurch@networking.stanford.edu>”
• Return to “Rich Salz <rsalz@osf.org>”
• Return to ““Richard Martin” <rmartin@aw.sgi.com>”

• Return to “Tim Philp <bplib@wat.hookup.net>”

• 1996-01-30 (Tue, 30 Jan 1996 17:12:29 +0800) - Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit - Rich Salz <rsalz@osf.org>
  • 1996-01-30 (Tue, 30 Jan 1996 19:42:59 +0800) - Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit - Nathaniel Borenstein <nsb@nsb.fv.com>
    • 1996-01-31 (Wed, 31 Jan 1996 12:22:49 +0800) - Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit - Paul Foley <paul@mycroft.actrix.gen.nz>
      • 1996-02-01 (Thu, 1 Feb 1996 10:16:17 +0800) - Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit - dlv@bwalk.dm.com (Dr. Dimitri Vulis)
        • 1996-02-04 (Mon, 5 Feb 1996 02:34:33 +0800) - XMAS Exec - Nathaniel Borenstein <nsb@nsb.fv.com>
          • 1996-02-04 (Mon, 5 Feb 1996 04:23:18 +0800) - Re: XMAS Exec - dlv@bwalk.dm.com (Dr. Dimitri Vulis)
  • 1996-01-30 (Tue, 30 Jan 1996 21:08:44 +0800) - Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit - “Paul M. Cardon” <pmarc@fnbc.com>
  • 1996-02-01 (Fri, 2 Feb 1996 02:16:15 +0800) - Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit - dlv@bwalk.dm.com (Dr. Dimitri Vulis)
  • 1996-02-01 (Fri, 2 Feb 1996 02:19:42 +0800) - Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit - Tim Philp <bplib@wat.hookup.net>
    • 1996-01-30 (Tue, 30 Jan 1996 13:45:13 +0800) - Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit - “Ed Carp, KHIJOL SysAdmin” <erc@dal1820.computek.net>
      • 1996-02-01 (Fri, 2 Feb 1996 01:59:49 +0800) - Re: Java Sniffer (Was: Re: FV Announces That The Sky Is Falling) - futplex@pseudonym.com (Futplex)
        • 1996-01-30 (Tue, 30 Jan 1996 23:03:11 +0800) - Re: Java Sniffer (Was: Re: FV Announces That The Sky Is Falling) - m5@dev.tivoli.com (Mike McNally)
          • 1996-01-30 (Wed, 31 Jan 1996 01:48:05 +0800) - Re: Java Sniffer (Was: Re: FV Announces That The Sky Is Falling) - Jon Lasser <jlasser@rwd.goucher.edu>
          • 1996-01-30 (Wed, 31 Jan 1996 02:29:00 +0800) - Re: Java Sniffer (Was: Re: FV Announces That The Sky Is Falling) - m5@dev.tivoli.com (Mike McNally)
            • 1996-01-31 (Wed, 31 Jan 1996 11:40:37 +0800) - Re: Java Sniffer (Was: Re: FV Announces That The Sky Is Falling) - futplex@pseudonym.com (Futplex)
            • 1996-01-31 (Thu, 1 Feb 1996 03:47:19 +0800) - Re: Java Sniffer (Was: Re: FV Announces That The Sky Is Falling) - m5@dev.tivoli.com (Mike McNally)
        • 1996-01-30 (Tue, 30 Jan 1996 23:42:02 +0800) - Re: Java Sniffer (Was: Re: FV Announces That The Sky Is Falling) - “Richard Martin” <rmartin@aw.sgi.com>
        • 1996-01-30 (Wed, 31 Jan 1996 00:49:47 +0800) - Re: Java Sniffer (Was: Re: FV Announces That The Sky Is Falling) - Mike Fletcher <fletch@ain.bls.com>
        • 1996-01-31 (Wed, 31 Jan 1996 16:55:46 +0800) - Re: Java Sniffer (Was: Re: FV Announces That The Sky Is Falling) - Rich Graves <llurch@networking.stanford.edu>
    • 1996-01-30 (Tue, 30 Jan 1996 23:10:58 +0800) - Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit - m5@dev.tivoli.com (Mike McNally)