Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1994_1

Bugtraq archives for 1st quarter (Jan-Mar) 1994: Re: Hey the crackers have a new twist 8-(.

Re: Hey the crackers have a new twist 8-(.

Brent Chapman (brentgreatcircle.com)
Sat, 26 Mar 1994 11:23:30 -0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Eric Murray: "Re: Hey the crackers have a new twist 8-(."
Previous message: Sean McLinden: "Re: Hey the crackers have a new twist 8-(."
In reply to: Sean McLinden: "Re: Hey the crackers have a new twist 8-(."
Next in thread: Eric Murray: "Re: Hey the crackers have a new twist 8-(."

Sean McLinden <sean+andrew.cmu.edu> writes:

# 
# [Description of mailing a script to a shell on sendmail-based systems deleted.]

I think you missed John's point.  It wasn't that crackers were trying
to trick sendmail into running shell scripts; that's old hat.  The
point was that _what_ they were attempting to trick sendmail into
running was something clearly designed to work from within a
SOCKS-guarded network.  That they were attempting to introduce the
program using old Sendmail bugs is of minor importance.

# This "sort of attack" was the basis for the Morris Internet Worm which
# attracted (inter)national attention a few years back (I always preferred
# the term "Trojan Horse") This "feature" of sendmail and some other
# Unix-based mailers was well documented and, frankly, I am astounded that
# any person who collected a paycheck as a security officer for Unix
# systems would not know about this. In fact, one of the ironies of the
# Morris incident was that Morris used a feature which was actually well
# known in the Unix community and for which the security implications were
# also well known.

This is real close to a flame against John and his client.  There's
no place for such on the Firewalls mailing list.  If you've got
something technical to contribute, great, but if what you've got to
say is essentially "gee, how could you be so stupid?", then just keep
it to yourself or send it via private email; don't include the
Firewalls mailing list.


-Brent
--
Brent Chapman                                   Great Circle Associates
BrentGreatCircle.COM                           1057 West Dana Street
+1 415 962 0841                                 Mountain View, CA  94041

Next message: Eric Murray: "Re: Hey the crackers have a new twist 8-(."
Previous message: Sean McLinden: "Re: Hey the crackers have a new twist 8-(."
In reply to: Sean McLinden: "Re: Hey the crackers have a new twist 8-(."
Next in thread: Eric Murray: "Re: Hey the crackers have a new twist 8-(."