Date: Wed, 22 Dec 1999 22:48:35 +0100 (MET) From: Ariel Burbaickij <Ariel.Burbaickij@mni.fh-giessen.de> To: MCI Worldcom <David.Nobles@wcom.com> Cc: questions FreeBSD <freebsd-questions@FreeBSD.ORG> Subject: Re: FW: UNIX Security Issue - URGENT Message-ID: <Pine.GSO.4.10.9912222245460.4399-100000@sun33> In-Reply-To: <002701bf4c97$7d9d59a0$22a72ca6@david>
next in thread | previous in thread | raw e-mail | index | archive | help
Just as simple make insurance agreement with any insurance company what soever about complete coverage of all loses in case they should happen. If they will not you will just pay some hefty sum for your fears.Alternatviely/additionaly go to any mailing list devoted to LINUX and suggest to make bet.See who will win. kind regards, Ariel On Wed, 22 Dec 1999, MCI Worldcom wrote: > This is being disseminated to all the developers at our office. I've > removed any names but the gist of the issues and 'security problems' are > still there. Anyone on the list heard about anything like this? > > > > Have you ever heard of Linux? Apparently it's set to explode, so to speak, > on December 31, 1999. It's runs on virtually all Unix platforms. I believe > the forwarded information applies to the UK. > ================================================================== > > I have attached several e-mails relating to this issue, but in summary:- xx > have identified a serious and potentially dangerous rogue program that is > believed to exist in all 'flavors' of UNIX. This is being dealt with > By our support teams in MIS, however, there are developers that are using > unauthorized versions of the Linux system, and it is these that present an > issue. > Linux is an unsupported platform and should not be used (it is against > current agreed policy), however it has come to our attention that developers > (number and location unknown) are using Linux in an unofficial capacity for > development purposes. > The trigger date for the rogue program is Dec 31 1999. > I have discussed this issue with Kevin, and he agrees that the use of Linux > must be stopped. > As I require a champion at a senior level that can influence all development > areas in the international business, may I suggest that you send an e-mail > to all development staff, or an appropriate distribution list, for > dissemination to their staff advising them that all Linux is to be removed > from company equipment prior to 30 Dec 1999. > Please feel free to contact me if you have any queries regarding this or any > other systems security issue. > > <<Linux Update - Threat Received Medium/HIGH Risk>> <<RE: Linux - > Security > Issue>> <<RE: Linux - Security Issue>> <<Linux - Security Issue>> > > > Gents, > Further to my e-mail yesterday about Linux, which we are all agreed on, xxx > have today received a warning advisory originated by the FBI which they have > stated "causes significant concern". > In short, the advisory warns of a dormant rogue program embedded in Linux > (and some mainstream UNIX languages) that once activated begins a strong > denial of service attack by 'swamping' its host network with IP traffic, > each compatible box it reaches also initiates the same attack and so on. > Being a switched network makes us particularly vulnerable to this type of > denial of service, and once infected preventing spread would mean attempting > to isolate entire network sections i.e. OPCO or country. > Xxxxx has been advised and will begin sweeping our supported UNIX > systems for the files we have identified as potential carriers of this > attack. > Activation date for the attack is of course 31 Dec 1999. > xxx rate this threat as Medium to HIGH. > Our challenge is to ensure all development boxes (including those 'less > official') are also checked and have Linux removed. Who would be best > placed to send a mail to all international (and OPCO) developers to advise > them to remove Linux and check their boxes for the offending files? I will > of course keep you advised of any further developments. > > > I support your position, there isn't any good business reason for us to be > running a shareware operating system within our environment. > > Operations view the use of > Linux on the network as potentially dangerous > and a clear threat to the > security of the network. > > > > The following issues are highlighted:- > > > > * Integrity of user ID's, user passwords and their security. > > * Security of data - who will maintain data integrity. > > * Scheduling of data backup - who will maintain a regular cycle of > > archiving. > > * Network integrity - who would have control of insuring that the > > activities of the machine did not affect the network. > > * IP integrity and maintenance - DHCP maintenance. > > * Root privileges - allowing unsupported software utilities to be run, > > such as network monitoring tools, sniffers etc. > > * Root privileges - allowing the owner of a machine to configure it to > > appear to be another on the network, this would make tracing any > malicious > > or unauthorized actions very difficult. > > * Maintenance of the machines both hardware and software - in > > particular the testing and installation of software patches which are > > relevant to the version of operating system and applications being > used. > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.10.9912222245460.4399-100000>