Path: utzoo!mnetor!uunet!mcvax!uvabick!thomas
From: thomas@uvabick.UUCP (Thomas Fruin)
Newsgroups: comp.sys.mac
Subject: Re: VersaTerm 3.2 (Was: VT100 emulators)
Message-ID: <251@uvabick.UUCP>
Date: 5 May 88 22:24:54 GMT
References: <6445@elroy.Jpl.Nasa.Gov> <3645@fluke.COM>
Organization: uvabick
Lines: 32
Summary: Potential danger


Jeff Meyer writes:

 > 3.2 also has [...] Remote file transfer (haven't read up on this, but it
 > seems that if you have a Mac running unattended with VersaTerm 3.2 and a
 > modem set up for auto answer, you can call up from another Mac and do
 > file transfer using this.

This is also potentially very dangerous!  I've just been reading the specs,
and it turns out _anybody_ can dial into your Mac, and download just about
everything on your (hard) disks.  VersaTerm does NOT prompt you for a pass-
word, and you can even use wildcards when downloading.  Since you can type
any pathname, the remote volume is up for grabs.

You can turn off this option by unchecking the 'Enable Remote File Access'
option in the everexpanding Extras dialog, but hear this: by default (right
out of the box) this option is ENABLED...

OK ok, dialing in still requires a modem connected in auto answer mode, but
this is still leaving the back door wide open.  I recommend everybody turning
this option OFF now, including Lonnie Abelbeck if he is listening.

One last thing: the caller can also upload.  I haven't checked yet if that
lets people overwrite any file on your remotely accessible volume.  It would
be the most silent way to install a virus :)

-- Thomas Fruin
   
   fruin@hlerul5.BITNET                  University of Leiden
   thomas@uvabick.UUCP                   University of Amsterdam
   hol0066.AppleLink
   2:512/114.FidoNet                     The Netherlands