Return-Path: XPUM04@prime-a.central-services.umist.ac.uk
Received: from G.SEI.CMU.EDU by ubu.cert.sei.cmu.edu (5.61/2.3)
        id AA04420; Wed, 20 Jun 90 17:06:46 -0400
Received: from SEI.CMU.EDU by g.sei.cmu.edu (5.61/2.5)
        id AA06892; Wed, 20 Jun 90 17:06:47 -0400
Received: from nsfnet-relay.ac.uk by sei.cmu.edu (5.61/2.3)
        id AA22731; Wed, 20 Jun 90 17:06:37 -0400
Received: from sun.nsfnet-relay.ac.uk by vax.NSFnet-Relay.AC.UK 
           via Janet with NIFTP  id aa23083; 20 Jun 90 16:19 BST
From: Anthony Appleyard <XPUM04@prime-a.central-services.umist.ac.uk>
To: DAVIDF@cs.heriot-watt.ac.uk
Date:         Wed, 20 Jun 90 16:31:52 BST 
Message-Id:   <$TGWGCZNQBTQF at UMPA>
Subject:      Virus-L vol 0 issue #1015



Virus-L Digest Sat, 15 Oct 88, Volume 0 : Issue #1015

Today's Topics

Re: Networks
Re : Ex hackers

------------------------------

Date:         Sat, 15 Oct 88 16:20:00 GMT
From:         Danny Schwendener <SEKRETARIAT@CZHETH5A>
Subject:      Re: Networks

>>None of the Mac viruses now known can actively transfer across a network.
>That seems strange to me.  It seems that in any system, if a file is
>writable, then a virus can write to it.  Of course, if read-only
>status can be enforced, then infection of the file can be prevented.

We're speaking about the *currently known* mac viruses.  Theyinfect  either
system  files  on  the  boot-up  disk  or/and  applications  when these are
invoked. No doubt that you can write a virus that detects  all  volumes  on
line  and infects part or all of the applications on these volumes (as long
as they're not write-protected), but apparently no one has  done  this  yet
(knock on wood). -- Danny
+-----------------------------------------------------------------------+
| Mail   :   Danny Schwendener, ETH Macintosh Support Center            |
|            Swiss Federal Institute of Technology, CH-8092 Zuerich     |
| Bitnet :   macman@czheth5a      UUCP   :   {cernvax,mcvax}ethz!macman |
| Ean    :   macman@ifi.ethz.ch   Voice  :   yodel three times          |
+-----------------------------------------------------------------------+

--------------------

Date:         Sat, 15 Oct 88 02:06:30 +0200
Reply-To:     gany@taurus
Sender:       Virus Discussion List <VIRUS-L@LEHIIBM1>
Comments:     If you have trouble reaching this host as MATH.Tau.Ac.IL Please
              use the old address: user@taurus.BITNET
From:         GANY@TAURUS
Subject:      Re : Ex hackers

I think we are getting carried away  with  this  argument  about  employing
ex-hackers so I will try to make this short.

1. I have a friend who used to hack around with our university's giant  CDC
CYBER  a  few  years ago when we were both in high-school. We had access to
the computer as we were doing a form of "graduation paper" for school. That
person was caught messing around with resources he had no access  to  (like
accounts  he  used to "borrow"). He was reported to school and was punished
in the form of "not to lay foot on the computer building as long as  he  in
college".  This person is working up to this date as consultant on the same
computer site (and believe me, he is good at what he is doing (advising  on
languages  and  operating  system).  Just  don't  say  they  (the  computer
operators) have short memory - they knew  exactly  who  they  were  hiring.

2. I remember myself trying to hack around with the same computer ("with  a
little  help  from  my friends") not always doing honest things. Today i am
working next door as member of the system staff on a  UNIX  system  on  the
same university and also have privileged access to that CDC.

So, to the main point - the reason some  of  hackers  do  "bad"  things  is
because  they  are  bounded  and they like the game of trying to loosen the
tights.  (i  hope  my  English  is  right)  Give  them  enough  space  (i.e
privileges) and suddenly they stop hacking and start acting like "grownups"
and  do  useful  things.  Now  don't  get  me  wrong - IN NO WAY YOU SHOULD
ENCOURAGE HACKING !!. But when it  comes  to  hiring  a  person  to  a  job
requiring  "privileged  access", the fact he used to be a hacker should NOT
misqualify him automaticaly ! Don't judge a book by it's  cover.  I'm  sure
most  system  administrators have enough brains to smell a trouble maker in
few days - before he is given enough privileges.

Sorry for the length of this posting - it makes me furious to hear opinions
like "once a hacker always a hacker" as if hacker  means  thief.  I'm  sure
many  of  you  reading  this  posting  used  to  be  hackers  too, so let's
concentrate  in  more  important  things  like  how  to  prevent   unwanted
penetrations to systems (which of course includes trojan-horses).

thanks for listening.
Yair Gany
Tel Aviv University - School of Mathematics and Computer Science.

--------------------

*** end of Virus-L issue ***