Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.2 9/18/84 / QGSI 2.0; site qubix.UUCP Path: utzoo!linus!decvax!decwrl!sun!idi!qubix!msc From: msc@qubix.UUCP (Mark Callow) Newsgroups: net.news.sa Subject: Security Warning Message-ID: <1454@qubix.UUCP> Date: Mon, 22-Oct-84 15:06:49 EDT Article-I.D.: qubix.1454 Posted: Mon Oct 22 15:06:49 1984 Date-Received: Wed, 24-Oct-84 07:55:27 EDT Distribution: net Organization: Qubix Graphic Systems, San Jose, CA Lines: 21 This is a warning to anyone who has installed Chuck Von Rospach's (that's Chuqui) program to unpack the usenet maps. It probably applies to any similar program. By submitting a suitable set of shell commands to net.news.maps I can create untold havoc on all your systems. The recent rash of McCartney's and Springsteen's that have appeared on the net, not to mention kremvax, should demonstrate that I could easily disguise the author of the havoc. Even switching to mod.maps.all won't afford much increased security. Moral: Never install programs that fork shells that execute commands posted to a newsgroup. -- From the TARDIS of Mark Callow msc@qubix.UUCP, qubix!msc@decwrl.ARPA ...{decvax,ucbvax}!decwrl!qubix!msc, ...{amd,ihnp4,ittvax}!qubix!msc ".. I have generally found that those who were most ready to pronounce others bores had the most indisputable claims to that title in their own persons." -- Lord Byron