From owner-freebsd-questions Wed Dec 22 9:15:20 1999 Delivered-To: freebsd-questions@freebsd.org Received: from PMESMTP02.wcom.com (pmesmtp02.wcom.com [199.249.20.2]) by hub.freebsd.org (Postfix) with ESMTP id 7BB4E14F02 for ; Wed, 22 Dec 1999 09:15:17 -0800 (PST) (envelope-from David.Nobles@wcom.com) Received: from CONVERSION-DAEMON by firewall.mcit.com (PMDF V5.2-32 #41713) id <0FN500C01JWCJP@firewall.mcit.com> for freebsd-questions@FreeBSD.ORG; Wed, 22 Dec 1999 17:14:36 +0000 (GMT) Received: from ndcrelay2.mcit.com ([166.37.172.6]) by firewall.mcit.com (PMDF V5.2-32 #41713) with ESMTP id <0FN500BBUJWB32@firewall.mcit.com> for freebsd-questions@FreeBSD.ORG; Wed, 22 Dec 1999 17:14:36 +0000 (GMT) Received: from omzmta04.mcit.com (omzmta04.mcit.com [166.37.194.122]) by ndcrelay2.mcit.com (8.8.7/) with ESMTP id RAA27610 for ; Wed, 22 Dec 1999 17:09:38 +0000 (GMT) Received: from david ([166.44.167.34]) by omzmta04.mcit.com (InterMail v03.02.05 118 121 101) with SMTP id <19991222171433.HBEN11952@david> for ; Wed, 22 Dec 1999 17:14:33 +0000 Date: Wed, 22 Dec 1999 11:13:31 -0500 From: MCI Worldcom Subject: FW: UNIX Security Issue - URGENT To: questions FreeBSD Message-id: <002701bf4c97$7d9d59a0$22a72ca6@david> MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 Content-type: text/plain; charset="iso-8859-1" Content-transfer-encoding: 7bit Importance: Normal X-Priority: 3 (Normal) X-MSMail-priority: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG This is being disseminated to all the developers at our office. I've removed any names but the gist of the issues and 'security problems' are still there. Anyone on the list heard about anything like this? Have you ever heard of Linux? Apparently it's set to explode, so to speak, on December 31, 1999. It's runs on virtually all Unix platforms. I believe the forwarded information applies to the UK. ================================================================== I have attached several e-mails relating to this issue, but in summary:- xx have identified a serious and potentially dangerous rogue program that is believed to exist in all 'flavors' of UNIX. This is being dealt with By our support teams in MIS, however, there are developers that are using unauthorized versions of the Linux system, and it is these that present an issue. Linux is an unsupported platform and should not be used (it is against current agreed policy), however it has come to our attention that developers (number and location unknown) are using Linux in an unofficial capacity for development purposes. The trigger date for the rogue program is Dec 31 1999. I have discussed this issue with Kevin, and he agrees that the use of Linux must be stopped. As I require a champion at a senior level that can influence all development areas in the international business, may I suggest that you send an e-mail to all development staff, or an appropriate distribution list, for dissemination to their staff advising them that all Linux is to be removed from company equipment prior to 30 Dec 1999. Please feel free to contact me if you have any queries regarding this or any other systems security issue. <> <> <> <> Gents, Further to my e-mail yesterday about Linux, which we are all agreed on, xxx have today received a warning advisory originated by the FBI which they have stated "causes significant concern". In short, the advisory warns of a dormant rogue program embedded in Linux (and some mainstream UNIX languages) that once activated begins a strong denial of service attack by 'swamping' its host network with IP traffic, each compatible box it reaches also initiates the same attack and so on. Being a switched network makes us particularly vulnerable to this type of denial of service, and once infected preventing spread would mean attempting to isolate entire network sections i.e. OPCO or country. Xxxxx has been advised and will begin sweeping our supported UNIX systems for the files we have identified as potential carriers of this attack. Activation date for the attack is of course 31 Dec 1999. xxx rate this threat as Medium to HIGH. Our challenge is to ensure all development boxes (including those 'less official') are also checked and have Linux removed. Who would be best placed to send a mail to all international (and OPCO) developers to advise them to remove Linux and check their boxes for the offending files? I will of course keep you advised of any further developments. I support your position, there isn't any good business reason for us to be running a shareware operating system within our environment. > Operations view the use of > Linux on the network as potentially dangerous and a clear threat to the > security of the network. > > The following issues are highlighted:- > > * Integrity of user ID's, user passwords and their security. > * Security of data - who will maintain data integrity. > * Scheduling of data backup - who will maintain a regular cycle of > archiving. > * Network integrity - who would have control of insuring that the > activities of the machine did not affect the network. > * IP integrity and maintenance - DHCP maintenance. > * Root privileges - allowing unsupported software utilities to be run, > such as network monitoring tools, sniffers etc. > * Root privileges - allowing the owner of a machine to configure it to > appear to be another on the network, this would make tracing any malicious > or unauthorized actions very difficult. > * Maintenance of the machines both hardware and software - in > particular the testing and installation of software patches which are > relevant to the version of operating system and applications being used. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message