FASTEDDY@DFTBIT.BITNET (John McMahon - NASA GSFC ADFTO -) (06/19/89)
A few comments on the latest issue of VIRUS-L... ***> From: Ken De Cruyenaere <KDC%ccm.UManitoba.CA@CUNYVM.CUNY.EDU> ***> ***> He indicated large systems could be infected more easily than was ***> commonly believed. In particular, he said a glaring weakness existed in ***> Communications Monitoring System (CMS) version 4 for IBM's MVS operating ***> system where a dangerous virus could be introduced by simply programming ***> 16 lines of code. Well, the problem I see here (although I may be wrong also) is the perennial problem of the media getting their facts straight (or lack of proper verification). I thought CMS was the "Conversational Monitor System" and ran under the IBM VM (Virtual Machine) operating system, not MVS. My favorite media confusion story is when a newspaper in a college town near here blamed the failure of the local ATMs on the release of a computer virus... The virus in question was the Internet Worm. What really happened ? Backhoe Bill plowed through one of the main phone circuits into town, and the ATMs couldn't reach their home offices to verify transactions. I think there is a need to promote computer literacy in the media... ***> From: ZDEE699@ELM.CC.KCL.AC.UK ***> ***> I agree with Ken that there should be more discussions on network ***> security issues. I joined the discussion list in November 88, on the ***> exact day when the RTM virus struck the internet community, and most of ***> the talk was about networks. Nowadays, it looks like the list has gone ***> to microcomputer-based viruses discussions... I too joined the discussion after a major "big machine" event. In my case it was the SPAN/HEPnet Father Xmas Worm. The PC stuff is nice, and I find a few raw bits in their that is useable... but I am more concerned about my big machines, and the WANs they are connected to. ***> Coming back to network security, here is the question: ***> " Would another major disaster like the November 1988 Internet Worm be ***> possible now, more than 6 months later ? " Probably... but I doubt we will see another "big" event real soon. However, there are probably "small" events which happen every day out on the network that noone ever catches. For example... This mail message claims to be from FASTEDDY@DFTBIT.BITNET... but did I (being the owner of that account) really write it ? Could you verify it if you had to ? If I didn't write it, could you figure out who did ? What is the risk of having an unsecured network mail system ? Just some food for thought... +------------------------------------+----------------------------------------+ |John "Fast Eddie" McMahon | Span: SDCDCL::FASTEDDY (Node 6.9) | |Advanced Data Flow Technology Office| Arpa: FASTEDDY@DFTNIC.GSFC.NASA.GOV | |Code 630.4 - Building 28/W255 | Bitnet: FASTEDDY@DFTBIT | |NASA Goddard Space Flight Center |GSFCmail: JMCMAHON | |Greenbelt, Maryland 20771 | Phone: x6-2045 | +------------------------------------+----------------------------------------+