Information Security News mailing list archives
Re: The Real Y2K Threat to Compaq
From: mea culpa <jericho () DIMENSIONAL COM>
Date: Mon, 13 Dec 1999 06:13:10 -0700
Reply From: Russell Coker <russell () coker com au>
forwarded the same hoax to thousands more people in the company. After that, we had another potential virus situation initiated by a Compaq employee who sent a message to all Compaq employees in an entire country.
Well, of course it's those evil hackers... It could never be a disgruntled employee and 56 cluebies with a "Reply All" button at their disposal, could it? It could never be a company with a single platform, with a single email client, with a single email server platform, could it? *sigh* When will companies learn that totally homogeneous IT systems fail alot harder than heterogeneous ones, especially with simple threats?
That's part of the problem. The other part is that there's no need for emails to thousands of people to take terabytes of data. My opinion is that the best way to store email is in the Maildir format (one file per message). Using this format it's not difficult to create hard links or sym-links from each user's Maildir to where the original copy of the file is stored. Installing 30,000 links to a 1M file takes about a minute and 1M of disk space. Storing 30,000 seperate copies of the file takes 30G of storage and huge amounts of delivery time. I am currently working on a bulletin system based on this. The idea is that any "all users" type address will go to the bulletin program which will create links. The next version will include an "undeliver" program which will read through the home directories of all users and remove files that have the same inode as the file in question or are sym-links to it. Then an administrator of a large email system that includes my Maildir Bulletin program could just remove such messages from the Maildir's of users who haven't read it (containing the problem) and also change the configuration of the mail server to just bounce any inbound message with the same subject or content. What took the Compaq security team hundreds of hours should only have taken a few hours by a small team of administrators and should not have resulted in any reduction in service. Of course this relies on open mail server software which can be easily extended by third-parties. The web page for my bulletin program is below (yes it's so new I haven't even had time to write a web page and I've just got links to the source). http://www.coker.com.au/maildir-bulletin/ Russell Coker ISN is sponsored by Security-Focus.COM
Current thread:
- The Real Y2K Threat to Compaq mea culpa (Dec 09)
- <Possible follow-ups>
- Re: The Real Y2K Threat to Compaq mea culpa (Dec 13)
- Re: The Real Y2K Threat to Compaq mea culpa (Dec 13)