IMHO TCP/ip is part and parcel of this new "Open Source / Written by Hackers" we are living in. I cannot believe that C.C.I.T.T.would have recommended to IBM to make their product more hack-able - unless Microsoft or SUN had big influence on C.C.I.T.T.
Op di 14 jan. 2020 om 09:51 schreef Dave Wade <[email protected]>: > Folks, > > Its easy to target TCPIP but IMHO the issues are to do with its universal > use, and the libraries used to implement it. > > So I will just remind you all that what I think was one of the first nasty > programs, the "CHRISTMA EXEC" worm, was actually spread over BITNET and > VNET which at the time had no TCPIP. I wonder if any one still has filters > in their RSCS user exists to block such files? > > https://en.wikipedia.org/wiki/Christmas_Tree_EXEC > > Also while the Morris worm > > https://en.wikipedia.org/wiki/Morris_worm > > did spread over TCPIP the holes it exploited did not require TCPIP and the > systems it infected, BSD based systems, are generally thought to be > "secure" but in this case were poorly configured. > > Lastly, many years ago when I was working on the SUCOMMS X.25 package for > UK universities we did find a buffer overrun problem in the VM/SP SNA CCS > code. That is the code that VTAM uses (well I think it still uses) to > present terminals to VM. > > So, if we were using SNA or X25 or BiSync as universal transports, then I > believe we could be finding security holes in them. > > Dave Wade > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
