[2019] in WWW Security List Archive
Re: Hacking a Personal Computer via E-mail
daemon@ATHENA.MIT.EDU (Dan Stromberg)
Thu May 9 00:05:34 1996
Date: Wed, 08 May 1996 18:31:22 -0700
From: Dan Stromberg <strombrg@hydra.acs.uci.edu>
To: Chris Garrigues <cwg@DeepEddy.Com>
CC: Rolf Weber <weber@iez.com>, 69100476@bdi-stu.hsmaastricht.nl,
www-security <www-security@ns2.rutgers.edu>, cwg@deepeddy.DeepEddy.Com
Errors-To: owner-www-security@ns2.rutgers.edu
Chris Garrigues wrote:
> > another true story is that any protocol can be used to tunnel another,
> > will say email can be used to tunnel for example telnet. but this requires
> > help from inside.
>
> eh?
>
> There is no turing equivalence between protocols....If you're saying that you
> can run telnet on port 25 to get past packet filters, that's true, but that's
> not "using email to tunnel telnet".
Of course not - turing equivalence applies to computational equivalence
barring speed and storage size issues, not equivalency of a data channel
barring bandwidth and synchroneity. You could formulate a sort of
"church's thesis" for data channels, but I suspect the proofs would be
far less interesting.
He's saying (correct me if I'm wrong) that if you have nearly infinite
patience, you could "tunnel" telnet through e-mail, by sending an e-mail
message for each character of the telnet session.
Sure it'd be so slow that it'd be rediculous to call it telnet, but the
point is, it could be done.
> You can tunnel a streaming protocol on top of a another streaming protocol,
> but I hardly see that this means you can run telnet on top of RFC822.
Given sufficient fiddling, of course you could. It's not exactly a
sleek design, or even trivial to implement, but its quite possible.
