From: furballs <furballs@netcom.com>
Date: Wed, 13 Nov 1996 01:06:37 -0800 (PST)
To: Ryan Russell/SYBASE <Ryan.Russell@sybase.com>
Subject: Re: two bogus messages to this list
In-Reply-To: <9611121632.AA26619@notesgw2.sybase.com>
Message-ID: <Pine.3.89.9611130005.A13316-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/mixed


  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

---- next item ----
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII



More to the point, it is the use of constructs such as state machines to 
handle event processing that make it easy to compromise code - even 
without the magic of "hidden" DLL's or trap calls.

The Wintel PC is a virtual treasure trove of opportunity to 
compromise; starting with the BIOS, Boot sector, interrupt handlers and 
winding up with trojan horse applications and colorful file system viruses 
such as Windows. Unfortunately, UNIX on Intel is not immune to low level 
compromises either.

...Paul

On 12 Nov 1996, Ryan Russell/SYBASE wrote:

> All computers have software which capture keystrokes
> in a central way....we call them "keyboard drivers."
> 
> Any machine you have physical access to can 
> be compromised.
> 
>     Ryan
> 
> ---------- Previous Message ----------
> To: wombat
> cc: attila, cypherpunks, ichudov
> From: teddygee @ visi.net (Ted Garrett) @ smtp
> Date: 11/11/96 11:08:59 PM
> Subject: Re: two bogus messages to this list
> 
> 
> On Mon, 11 Nov 1996, Rabid Wombat wrote:
> >On Mon, 11 Nov 1996 attila@primenet.com wrote:
> >
> >> In <199611111238.GAA17346@manifold.algebra.com>, on 11/11/96 
> >>    at 06:38 AM, ichudov@algebra.com (Igor Chudov @ home) said:
> >> 
> >> >.I did not write the two messages below. I did have a small party
> >> >.yesterday, probably some of my guests did that...
> >>         just goes to proof it:  Microslop and Intel boxes are secure
> >>     only when most of their parts are stored under lock and key.
> >
> >Um, not to disagree with you re Intel/Micro$loth, but most UNIX systems 
> >can be brought up in single-user mode and the root password changed by 
> >anyone with physical access to the system. You could end up with even 
> >more trouble than if someone messed with your M$ box.
> 
> Microsloth has, at the heart of it's system, a call which traps ALL
> KEYSTROKES and EVENTS.  This call exists from Win32s on, and can be
> placed inside of a DLL which most users would have no idea was loaded.
> Even under NT, this DLL can be made to remain resident and trapping
> Keystrokes, events, and window contents.
> 
> Does this just BEG to be exploited?
> 
> If you give me normal user access to ANY microsloth machine, I can
> have most of the system's security broken down to NOTHING within a
> week.  And I'm not even a good MS programmer!  <Are my prejudices
> showing?>
> 
> At least under UNIX, you damned well know you have to secure your
> system.  Microsloth attempts to sell itself as a secure platform.
> 
> ---
> "Obviously, the US Constitution isn't perfect, but
> it's a lot better than what we have now." - Unknown
> PGP key id - 0xDEACDFD1 - Full key available from
> pgp-public-keys@pgp.mit.edu
> 
> 
> 
> 
> 
> 
> 
> 
---- next item ----
Content-Type: TEXT/PLAIN; NAME=ATT01
Content-ID: <Pine.3.89.9611130005.A13316@netcom>

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i

iQEVAwUBMof4ac1+l8EKBK5FAQHyHQf7BpV8GBB7EEazflFHoTjsUgBrayH9ibCb
IBYWUqiftuviG7TdKMg/Sj3eh69O9iMqah5lZR0bvpKZqFbeNgbMRGHnytjGvk5z
cmJUQaPgNYupZlLdg0bfbnaNyjJzUYTpNIuNX/fvwUwYQDKtXquTqcoMvWl0tFSI
N0PaiZEj5gsRbNCiJ15Uuzpwxn+FtYhwq92bWCWmSqLkpgn1FbC0PwzmKoEcrHpW
hYICm0LLS5Pp9y846SNEcANOP66/VfAL1pMsiBCL0tLxBa+K/UcB6xnutApQ4K0P
DeMkhqw3Z6fQVBAnJFGsrVJaXOvvtPdH1Lbwo1eIutbqyAaFU2FVGQ==
=dru/
-----END PGP SIGNATURE-----



---- next item ------