FV Demonstrates Fatal Flaw in Software Encryption of Credit

[Dr. Dimitri Vulis]

Paul Foley <paul at mycroft.actrix.gen.nz> writes:
> > 4.  Imitate the IBM Christmas exec.  Break into someone's site and steal
> > their mail aliases file.  Now send mail to everyone on their alias list,
> > pretending to be them, offering them a cute animation program they can
> > install.  The animation will happen, but it will also send mail to all
> > THEIR aliases (like the Christmas exec) and (unlike that) install our
> > malicious snooping software.
>
> Another trojan horse.

I'd like to take an exception to this description of the XMAS EXEC, since
I too received a copy of it in '87 (but had the smarts not to run it).
It didn't break or steal anything. It did 2 things:

 * Displayed an ASCII Xmas tree;
 * E-mailed a copy of itself to every e-mail address listed in the database of
 e-mail aliases. VM/CMS comes a very convenient, standard, and user-friendly
 program for keeping track of nicknames, real names, and e-mail addresses,
 stored in a flat file with tags, which any REXX program can easily read.

I had serious doubts that the person who wrote it was malicious.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps