Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.2 9/18/84 / QGSI 2.0; site qubix.UUCP
Path: utzoo!linus!decvax!decwrl!sun!idi!qubix!msc
From: msc@qubix.UUCP (Mark Callow)
Newsgroups: net.news.sa
Subject: Security Warning
Message-ID: <1454@qubix.UUCP>
Date: Mon, 22-Oct-84 15:06:49 EDT
Article-I.D.: qubix.1454
Posted: Mon Oct 22 15:06:49 1984
Date-Received: Wed, 24-Oct-84 07:55:27 EDT
Distribution: net
Organization: Qubix Graphic Systems, San Jose, CA
Lines: 21

This is a warning to anyone who has installed Chuck Von Rospach's
(that's Chuqui) program to unpack the usenet maps.  It probably
applies to any similar program.

By submitting a suitable set of shell commands to net.news.maps
I can create untold havoc on all your systems.  The recent rash
of McCartney's and Springsteen's that have appeared on the net,
not to mention kremvax, should demonstrate that I could easily
disguise the author of the havoc.  Even switching to mod.maps.all
won't afford much increased security.

Moral:  Never install programs that fork shells that execute commands
posted to a newsgroup.
-- 
From the TARDIS of Mark Callow
msc@qubix.UUCP,  qubix!msc@decwrl.ARPA
...{decvax,ucbvax}!decwrl!qubix!msc, ...{amd,ihnp4,ittvax}!qubix!msc

".. I have generally found that those who were most ready to pronounce
others bores had the most indisputable claims to that title in their
own persons." -- Lord Byron