Non Delivery Report

• To: World Wide Web Security <WWW-SECURITY@ns2.rutgers.edu>
• Subject: Non Delivery Report
• From: System Administrator <IMCEAMS-MEDAPHIS_IMONATL_POSTMASTER@medaphis.com>
• Date: Sun, 2 Jun 1996 13:52:00 -0400

[002] Mail was received that was addressed to unknown addresses.  
Mail item was not delivered to:  
MEDAPHIS/IMONATL/C0PSCIGL

-------------------------------------------------------------------------
----- 
-----BEGIN PGP SIGNED MESSAGE-----

On 29 May 96 18:15:58 EDT David Kennedy <76702.3557@compuserve.com>
wrote:
<snip>
>      Further reading:
> 
>         Tom Christiansen has a Web page with details about this problem
>         and a script that can be used to test for it:
>                 http://perl.com/perl/news/latro-announce.htm
> 
>          Lincoln Stein's WWW Security FAQ includes a section on "Problems
>          with Specific Servers," which discusses this and related problems:
>                 http://www.genome.wi.mit.edu/WWW/faqs/www-security-faq.htm
> 

It didn't sink in how serious the situation is, until going to the first
link 
at perl.com above.

To get everyone's attention as to HOW serious, the web page starts out,

``Urgent Security Announcement

How'd you like to let anyone anywhere run any program they feel like on
your 
system, even sending you new ones of their own devising? Sound
frightening? 
Well, that's what's going on out there.''

It goes on to describe the software culprit, a threat ``called latro, a 
program anyone can use to run any program they feel like on any system
so 
unfortunate as to have ignored those warnings. If I hadn't written it, 
someone else would have.''

There's a note with the assurance:  ``This problem probably affects only

amateur machines: those running Microsoft or Apple operating systems.'' 

Although I find this reassuring, I'd still like to know if anyone on the

list as experienced an attack from latro or other mechanisms, and if so,

to please relay their experiences and solutions here.  Thanks.

Gene

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMa9vd84N33uf66GRAQELLwQAlxqywHyOkIKGjWXAmFLq0KDlDTccwcQo
Z1kmVSy4a5NzHpJVjnisbSJZtLe3OonHRDh8GT7PbLKbu9S+iX91KaPDIx1bueKH
EpFryTcZZfVpY5j23MDTfPoAVjKF7ypIrvBho15AUSUZY3ONQBCYiPy5KMwZc8hQ
CcSMN2woiSM=
=s1TA
-----END PGP SIGNATURE-----

-- 
``Imagine if every Thursday your shoes exploded if you tied them 
  the usual way. This happens to us all the time with computers, 
  and nobody thinks of complaining.''  -Jeff Raskin

   ______                  gene@cup.hp.com
  /\__  _\                   ingram@pubs.holosys.com
  \/_/\ \/     ___      __   _ __    __      ___ ___
     \ \ \   /' _ `\  /'_ `\/\`'__\/'__`\  /' __` __`\
      \_\ \__/\ \/\ \/\ \L\ \ \ \//\ \L\.\_/\ \/\ \/\ \
      /\_____\ \_\ \_\ \____ \ \_\\ \__/.\_\ \_\ \_\ \_\
      \/_____/\/_/\/_/\/___L\ \/_/ \/__/\/_/\/_/\/_/\/_/
                        /\____/
________________________\_/__/____________________________________
PGP UserID: "Gene Ingram <gene@cup.hp.com>"
Key Size: 1024 bits; Creation date: 21 March 1996; KeyID: 9FEBA191
Key fingerprint:  93 E1 15 E6 35 BC B2 84  B2 7B 39 76 29 72 32 72

--3D signature created courtesy of ``Figlet Ascii Font Converter''
  <http://mediacube.datacom.de/cgi-bin/moniteurs/figlet>

------ Message Header Follows ------
Received: from medaphis.com by msm.medaphis.com
  (PostalUnion/SMTP(tm) v2.1.8d for Windows NT(tm))
  id AA-1996Jun01.042527.1196.130028; Sat, 01 Jun 1996 04:25:27 -0400
Received: from ns2.rutgers.edu by medaphis.com (8.6.12/8.6.12) with
ESMTP id
EAA05248 for <paul.scigliano@medaphis.com>; Sat, 1 Jun 1996 04:15:22
-0400
Received: (from daemon@localhost) by ns2.rutgers.edu
(8.6.12+bestmx+oldruq+newsunq/8.6.12) id SAA10608 for
www-security-outgoing;
Fri, 31 May 1996 18:11:38 -0400
Received: from paloalto.access.hp.com (daemon@paloalto.access.hp.com
[15.254.56.2]) by ns2.rutgers.edu (8.6.12+bestmx+oldruq+newsunq/8.6.12)
with
ESMTP id SAA10603 for <WWW-SECURITY@ns2.rutgers.edu>; Fri, 31 May 1996
18:11:33
-0400
Received: from hpfsvr01.cup.hp.com (allan.cup.hp.com) by
paloalto.access.hp.com
with ESMTP
	(1.37.109.16/15.5+ECS 3.3) id AA103170761; Fri, 31 May 1996 15:12:41
-0700
Received: from allan by hpfsvr01.cup.hp.com with SMTP
	(1.37.109.15/15.5+IOS 3.20+cup+OMrelay) id AA155930975; Fri, 31 May
1996
15:16:15 -0700
Message-Id: <31AF6FAE.5384@cup.hp.com>
Date: Fri, 31 May 1996 15:16:14 -0700
From: Gene Ingram <gene@hpfsvr01.cup.hp.com>
Reply-To: World Wide Web Security <WWW-SECURITY@ns2.rutgers.edu>
Organization: Hewlett-Packard Co.
X-Mailer: Mozilla 2.02 (X11; I; HP-UX A.09.05 9000/720)
Mime-Version: 1.0
To: World Wide Web Security <WWW-SECURITY@ns2.rutgers.edu>
Subject: Re: BoS: CERT Advisory CA-96.11 - Interpreters in CGI bin
Directories
References: <960529221557_76702.3557_CHN54-1@CompuServe.COM>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-www-security@ns2.rutgers.edu
Precedence: bulk
Errors-To: owner-www-security@ns2.rutgers.edu

• Previous: RE: BoS: CERT Advisory CA-96.11 - Interpreters in CGI bin Directories
• Next: Re: Accessing http://-files thu email
• Index(es):
  • Index
  • Thread