Reply From: Trevor Schroeder <tschroed@acm.org>
> (Data Interception and Remote Transmission), it was released in June by
> Codex Data Systems. Investigators need only know your e-mail address to
> secretly install the program. Once they do, investigators can read your
Eh? The similarity between this and Good Times is striking. *smirk* Does
anyone have any solid information on this product? There are so many reasons
why this simply can't be the case:
* Vector of transmission: how EXACTLY does this thing infect your
system? Even the best of remote attacks require a remote
insecurity. (the classic being RTM, Jr's exploitation of fingerd)
What if my system is secure?
* Differences in OS's: What affects Win95 won't necessarily affect NT
almost certainly (unless very cleverly crafted) won't affect NetBSD,
etc.
* Different Platforms: Will this same beast attack a Win95 computer
and a Mac and a Cray? Or maybe it's a really fat binary. ;/
I'm so tired of all the hype around security software. Rent a clue. Even the
nefarious BackOrifice can't infect your computer (your Intel Win95/Win95
computer at that) without you executing the program manually. *sigh*
_____________________________________________________________________________
I'll always remember the words that he said,// Trevor Schroeder
over and over, they ring through my head. // tschroed@acm.org
"Go ahead, shoot me, I'm already dead." // E-Mail for PGP public key.
I can see there's more than one victim. -- Black 47
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Fri Sep 11 09:35:36 1998