Date: Thu, 23 Dec 1999 10:58:23 -0700 From: Darren Wiebe <dkwiebe@heartland.ab.ca> To: MCI Worldcom <David.Nobles@wcom.com> Cc: questions FreeBSD <freebsd-questions@FreeBSD.ORG> Subject: Re: FW: UNIX Security Issue - URGENT Message-ID: <386262BF.92E6A081@heartland.ab.ca> References: <002701bf4c97$7d9d59a0$22a72ca6@david>
next in thread | previous in thread | raw e-mail | index | archive | help
Sounds to me like somebody did not have enough work to do. :-) I will have to admit that I had to chuckle when I read it. I may be to lax with preventative measures, but if it is this bad then I will not have a job on January 1st anyway. :-) Darren Wiebe dkwiebe@hagenhomes.com MCI Worldcom wrote: > > This is being disseminated to all the developers at our office. I've > removed any names but the gist of the issues and 'security problems' are > still there. Anyone on the list heard about anything like this? > > Have you ever heard of Linux? Apparently it's set to explode, so to speak, I don't have a hard time seeing linux exploding. But I don't think that it would happen quite this way... :-) > on December 31, 1999. It's runs on virtually all Unix platforms. I believe > the forwarded information applies to the UK. Than I'm safe in Canada!! HURRAH! > ================================================================== > > I have attached several e-mails relating to this issue, but in summary:- xx > have identified a serious and potentially dangerous rogue program that is > believed to exist in all 'flavors' of UNIX. This is being dealt with > By our support teams in MIS, however, there are developers that are using > unauthorized versions of the Linux system, and it is these that present an > issue. > Linux is an unsupported platform and should not be used (it is against > current agreed policy), however it has come to our attention that developers > (number and location unknown) are using Linux in an unofficial capacity for > development purposes. > The trigger date for the rogue program is Dec 31 1999. > I have discussed this issue with Kevin, and he agrees that the use of Linux > must be stopped. I second the motion. It should definitely be replaced with something stable like FreeBSD. :-) > As I require a champion at a senior level that can influence all development > areas in the international business, may I suggest that you send an e-mail > to all development staff, or an appropriate distribution list, for > dissemination to their staff advising them that all Linux is to be removed > from company equipment prior to 30 Dec 1999. > Please feel free to contact me if you have any queries regarding this or any > other systems security issue. > > <<Linux Update - Threat Received Medium/HIGH Risk>> <<RE: Linux - > Security > Issue>> <<RE: Linux - Security Issue>> <<Linux - Security Issue>> > > Gents, > Further to my e-mail yesterday about Linux, which we are all agreed on, xxx > have today received a warning advisory originated by the FBI which they have > stated "causes significant concern". > In short, the advisory warns of a dormant rogue program embedded in Linux > (and some mainstream UNIX languages) that once activated begins a strong > denial of service attack by 'swamping' its host network with IP traffic, > each compatible box it reaches also initiates the same attack and so on. > Being a switched network makes us particularly vulnerable to this type of > denial of service, and once infected preventing spread would mean attempting > to isolate entire network sections i.e. OPCO or country. > Xxxxx has been advised and will begin sweeping our supported UNIX > systems for the files we have identified as potential carriers of this > attack. > Activation date for the attack is of course 31 Dec 1999. > xxx rate this threat as Medium to HIGH. > Our challenge is to ensure all development boxes (including those 'less > official') are also checked and have Linux removed. Who would be best > placed to send a mail to all international (and OPCO) developers to advise > them to remove Linux and check their boxes for the offending files? I will > of course keep you advised of any further developments. Ha, Ha.. Teach you to run Linux.. :-) > > I support your position, there isn't any good business reason for us to be > running a shareware operating system within our environment. > > Operations view the use of > Linux on the network as potentially dangerous > and a clear threat to the > security of the network. > > > > The following issues are highlighted:- > > > > * Integrity of user ID's, user passwords and their security. > > * Security of data - who will maintain data integrity. > > * Scheduling of data backup - who will maintain a regular cycle of > > archiving. > > * Network integrity - who would have control of insuring that the > > activities of the machine did not affect the network. > > * IP integrity and maintenance - DHCP maintenance. > > * Root privileges - allowing unsupported software utilities to be run, > > such as network monitoring tools, sniffers etc. > > * Root privileges - allowing the owner of a machine to configure it to > > appear to be another on the network, this would make tracing any > malicious > > or unauthorized actions very difficult. > > * Maintenance of the machines both hardware and software - in > > particular the testing and installation of software patches which are > > relevant to the version of operating system and applications being > used. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message Darren Wiebe dkwiebe@heartland.ab.ca To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?386262BF.92E6A081>