1996-02-04 - XMAS Exec

Header Data

From: Nathaniel Borenstein <nsb@nsb.fv.com>
To: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Message Hash: e2cf6172343ff3c4e05208354e981b0a3022790a38822560e4d8a4b1b5c7783c
Message ID: <ol5DPvGMc50eR2cD0x@nsb.fv.com>
Reply To: <HHiLiD4w165w@bwalk.dm.com>
UTC Datetime: 1996-02-04 18:34:33 UTC
Raw Date: Mon, 5 Feb 1996 02:34:33 +0800

Raw message

From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Mon, 5 Feb 1996 02:34:33 +0800
To: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Subject: XMAS Exec
In-Reply-To: <HHiLiD4w165w@bwalk.dm.com>
Message-ID: <ol5DPvGMc50eR2cD0x@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain

Excerpts from mail.cypherpunks: 31-Jan-96 Re: FV Demonstrates Fatal F..
Dr. Dimitri Vulis@bwalk. (1227)

> I'd like to take an exception to this description of the XMAS EXEC, since
> I had serious doubts that the person who wrote it was malicious.

Agreed completely.  I didn't mean to imply that the author was
malicious, merely that it well-illustrated the "social engineering"
approach to getting users to run untrusted code.  What I was saying is
that someone who *was* malicious could have used the same approach as
the attack vector for getting our credit card snooper (or other nasty
code) onto lots of consumer machines.  This came up, in the discussion,
because most people on this list seem to believe (correctly, I think)
that the hardest part of the attack we outlined is the initial infection
vector.  -- Nathanielx
Nathaniel Borenstein <nsb@fv.com>
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq@nsb.fv.com