Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!seismo!rutgers!ames!ucbcad!ucbvax!CRNLNS.BITNET!SYSTEM
From: SYSTEM@CRNLNS.BITNET
Newsgroups: comp.os.vms
Subject: re: Posting the Security Patch.
Message-ID: <8706090404.AA29837@ucbvax.Berkeley.EDU>
Date: Mon, 8-Jun-87 16:24:00 EDT
Article-I.D.: ucbvax.8706090404.AA29837
Posted: Mon Jun  8 16:24:00 1987
Date-Received: Thu, 11-Jun-87 06:20:41 EDT
Sender: daemon@ucbvax.BERKELEY.EDU
Distribution: world
Organization: The ARPA Internet
Lines: 28

Tom,

I don't know about you, but if I were managing a VAX that was supposed
to be C2 secure, there is NO WAY I would install any patch that came in
over the net, particularly one that modifies SECURESHR.EXE!

You are trusting that the patch you received is the one that Ed
posted, and you are trusting that the patch that was posted was
the one that Ed received from DEC.

While the probability is high that the patch that you received did
indeed come from Ed, and the probability is high that it is the same one
that he received from DEC, would you bet your job on it?

Unfortunately, it is easy to fake the source of a mail message and
only slightly more difficult to modify messages passing through your
system.

Selden E. Ball, Jr.
(Wilson Lab's network and system manager)

Cornell University                 NYNEX: +1-607-255-0688
Laboratory of Nuclear Studies     BITNET: SYSTEM@CRNLNS
Wilson Synchrotron Lab              ARPA: SYSTEM%CRNLNS.BITNET@WISCVM.WISC.EDU
Judd Falls & Dryden Road          PHYSnet/HEPnet/SPAN:
Ithaca, NY, USA  14853             LNS61::SYSTEM = 44283::SYSTEM (node 43.251)

p.s. Thanks, Ed!