Nathaniel Borenstein <nsb@nsb.fv.com> writes:
Dr. Dimitri Vulis@bwalk. (1227)
I'd like to take an exception to this description of the XMAS EXEC, since ............. I had serious doubts that the person who wrote it was malicious.
Agreed completely. I didn't mean to imply that the author was malicious, merely that it well-illustrated the "social engineering" approach to getting users to run untrusted code. What I was saying is that someone who *was* malicious could have used the same approach as the attack vector for getting our credit card snooper (or other nasty code) onto lots of consumer machines. This came up, in the discussion, because most people on this list seem to believe (correctly, I think) that the hardest part of the attack we outlined is the initial infection vector. -- Nathanielx
In '87, many people received an unsolicited executable from a known source, and ran it without thinking twice. (If A has B's address in his nickname file, then B probably knows and trusts A to some extent.) I hope users today know better. I don't see why stopping a keyboard sniffer is any harder than stopping any other virus/trojan - and most shops manage to keep them out. --- Dr. Dimitri Vulis Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps