Bob Sutterfield (email@example.com)
7 Nov 88 19:53:26 GMT
In article <19881104194515.0.GLR@MOSCOW-CENTRE.AI.MIT.EDU> glr@WHEATIES.AI.MIT.EDU (Jerry Roylance) writes:
>So the first step might be to (quietly) grep unix filesystems for
>some appropriate (cleartext) substrings that would appear in his
>files (ie, pieces of the infecting shell script). Anyone who owned
>such files before the infection would be suspect.
This would yield circumstantial evidence, at best.
Any information found this way would be obtained illegally, at worst,
unless you have a search warrant against a specific user's files.
Ironically enough, I recall someone else, from another subdomain of
MIT, who recently discussed MIT's refusal to run `arbitron' because it
would glean information from files in users' home directories, which
(in that installation) are considered sacred and private.
Zippy sez, --Bob
- if it GLISTENS, gobble it!!
This archive was generated by hypermail 2.0b3 on Thu Mar 09 2000 - 14:44:29 GMT