Path: utzoo!utgpu!cs.utexas.edu!usc!orion.oac.uci.edu!cedman From: cedman@lynx.ps.uci.edu (Carl Edman) Newsgroups: alt.sources Subject: Re: GENERAL WARNING Message-ID: Date: 27 Sep 90 04:48:27 GMT References: <1990Sep26.234214.338@ibmpcug.co.uk> Distribution: alt Organization: non serviam Lines: 38 Nntp-Posting-Host: lynx.ps.uci.edu In-reply-to: demon@ibmpcug.co.uk's message of 26 Sep 90 23:42:14 GMT In article <1990Sep26.234214.338@ibmpcug.co.uk> demon@ibmpcug.co.uk (Cliff Stanford) writes: cedman@lynx.ps.uci.edu (Carl Edman) writes: > Now, really: It is very easy to change particularily a programm like > a shell to f.e. put the name of a non-backtraceable account into the > .rhosts file and then send mail to it to inform the hacker that > he has just gotten a new account. Maybe even a su account ? You mean that if that were included in the source to a large program (ELM, for instance) you'd notice it was there before compiling it? I doubt I would. Regards, Cliff. Yes, I think would have a good chance of noticing such a thing (even if for no other reason that I have to tinker around with every programm for a few hours before it compiles anyway :-). Secondly and possibly more importantly: Someone would notice, and fast. I dare say that if some source is available via anonymous ftp and is not completely unpopular, no virus would go undetected for more than one or two weeks, at most. And when it is detected the sources WILL be removed, there will be an outcry and emergency broadcasts on all usenet-channels (:-), and the author (or whoever put the sources there) will be in deep trouble. A virus in binary form , on the other hand, is hard to spot or to trace (if it is intelligently done, of course). It may take months before someone notices effects, and after that it can take many more months before someone can trace this virus back to this particular piece of software. Regards, Carl Edman Theorectial Physicist,N.:A physicist whose | Send mail existence is postulated, to make the numbers | to balance but who is never actually observed | cedman@golem.ps.uci.edu in the laboratory. | edmanc@uciph0.ps.uci.edu