Re: BO2k source code

NBuckley Thu, 28 Oct 1999 14:24:49 -0700



I didn't want to reply, but the thread just wouldn't die ;-)

Call it whatever you want; it can be used as a very effective admin utility.
The risk is not BO2K it's the surrounding environment that supports it.  Many
apps could be wrapped up into other products/services, but that doesn't make
them dangerous or a trojan.  Many commercial apps present the same risks as BO2K
in a poorly designed security architecture.  If you eliminate the avenues that
one would use to install BO2K you will easilly elimnate the threat.  IMO: if
your worried about BO2K as a serious threat you should really be looking at
re-designing your overall security architecture or perhaps start putting one in
place.

my .002 cents.

--Neil







"Michael H. Warfield" <[EMAIL PROTECTED]> on 10/28/99 01:17:08 PM
                                                                                
                                                                                
                                                                                


                                                              
                                                              
                                                              
 To:      Elaine -HFB- Ashton <[EMAIL PROTECTED]>        
                                                              
 cc:      "Bill Lavalette -=- Operations NdrsNet NOC/CERT"    
          <[EMAIL PROTECTED]>, "'Jason Axley'"                
          <[EMAIL PROTECTED]>,                            
          "'[EMAIL PROTECTED]'"                        
          <[EMAIL PROTECTED]>(bcc: Neil Buckley/Lycos) 
                                                              
                                                              
                                                              
 Subject: Re: BO2k source code                                
                                                              







On Thu, Oct 28, 1999 at 09:12:49AM -0500, Elaine -HFB- Ashton wrote:
> *>in the MS operating systems if it was legit you would be paying for it....

> *cough* Open Source *cough*

> *>It is not a trojan horse any more than PC Anywhere is.  See

> That would require that PC Anywhere actually worked well half of the time.
> :)

> I don't think BO is a trojan because it doesn't masquerade as something
> else. It doesn't lie dormant waiting for a perfect time to strike.
> Remember that the 'trojan horse' part of the name comes from the legend
> where warriors hid inside a statue undetected until it was time. BO makes
> itself pretty well known if you are looking for it.

     It may or may not be a "trojan horse", but it is definitely a
trojan.  (The Trojans hid in the horse, remember.)  The thing gets
wrapped up with games and utilities and worms and other nasties which
allow it to be propagated to unsupecting chumps who are stupid enough
to run active content they receive in the mail or off of insecure web
sites.

> e.

     Mike
--
 Michael H. Warfield    |  (770) 985-6132   |  [EMAIL PROTECTED]
  (The Mad Wizard)      |  (770) 331-2437   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!

-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
att1.eml
Re: BO2k source code

Reply via email to
