On Tue, 6 Jan 1998, RANDAL LATHROP wrote:
> But this is true only if you are running a service (daemon) that can
> be exploited. If you do not share any resources on your system, are
Or a client that can be exploited, or if portions of the OS can be
exploited...
If you've got a few thousand users, and you have enough control over the
OS, stack, clients, and configuration, as well as a way to audit that,
then you're doing well enough to probably not worry about it. For the
real world, it's *trivially* easy to get a user to load (a) a demo for
finance/mailroom/logistics/pick_a_target, or (b) a game, or extension to
Quake, or (c) New version of a browser, E-mail client, or IRC program.
If it's done right, most of them will get the IS people to lend them a
modem for the duration of the attack... er demo.
How many places go through testing new Internet clients on a test bed
with modems, LAN cards, and record and decode the traffic? How many
places have enough control over their user population to specify client
versions, and distribution channels? Probably about as many who run
virus suscptable systems with no scanners, no protection, and who get
zero incidents. Next time you see a virus, ask yourself what would have
happened if that was a sleeping trojan...
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
proberts @
clark .
net which may have no basis whatsoever in fact."
PSB#9280
References:
|
|
