E-mail buffer overflow virus is a REAL threat!

Eugene Leitl (eugene@liposome.genebee.msu.su)
Fri, 31 Jul 1998 20:31:52 +0400 (MSD)

David C. Harris writes:
> Normally messages about e-mail viruses are indeed hoaxes, but this one is

All very well, but _every_ package is riddled with several constructive buffer overflows exploits, so it is sufficient _merely to go online_. Crackers, whose favourite pasttime is to nuke Win95 lusers dialing in via PPP could execute any code they wish on them. HOWTO tutorials to write them are on the web.

The only way to be more or less immune is to run Linux, read Bugtraq digest daily and apply kernel patches on a daily/weekly basis. To be effectively immune, you need dynamic genetic diversity (GP on application code), which probably requires nonalgorithmic systems. Meaning, we're in for several iterations of the digital plagues.