[109570] in Cypherpunks
Re: Melissa won't be at the Mozilla.org party
daemon@ATHENA.MIT.EDU (Bill Stewart)
Tue Mar 30 02:57:24 1999
Date: Mon, 29 Mar 1999 21:27:17 -0800
To: Mahou Shoujo Pixy Misa <waste@zor.hut.fi>, cypherpunks@toad.com
From: Bill Stewart <bill.stewart@pobox.com>
In-Reply-To: <Pine.LNX.4.10.9903272008460.21419-100000@zor.hut.fi>
Reply-To: Bill Stewart <bill.stewart@pobox.com>
At 08:10 PM 3/27/99 +0200, Mahou Shoujo Pixy Misa wrote:
>Hey, could someone make a version what would scan the computer
>for documents with keywords like 'secret' or 'confidential' and
>e-mail them for the world?
Any time you've got a mechanism to get a large number of people
to execute an arbitrary program, it's a major security hole,
and somebody could abuse it like that (for instance, packaging it
with the Caligula virus which steals PGP secret key files.
The big difference with Melissa is that it's spreading fast and visibly,
so people kill it off to keep it from clogging their machines
and making them look stupid, unlike the slower Ethan.A virus,
or that virus that Netscape released which keeps replacing the word
"file server" with "network operating system" :-)
Not only is this yet another reason that
Bill Gates and his Minions of Insufficient Light Must Die,
and another reason to go to the Mozilla party this week while those
poor Microsoft-using slobs are cleaning up their infected mail systems,
it's a reason to use Diffie-Hellman keying and Perfect Forward Secrecy
everywhere you can. Occasionally keys do get stolen, or subpoenaed,
or rubber-hosed, or emailed to melissa@kgbvax.su, or copied off the
yellow sticky note by your desk, but it limits the damage that happens
when your keys do get out, and means you can have a private conversation
with somebody even if you don't have current authentication data.
Thanks!
Bill
Bill Stewart, bill.stewart@pobox.com
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
