didn’t
need anyway. Only the login program needed changing to use
the shadow file instead.
Q. And what about a case where we used security wrongly
and paid the price?
Perhaps understandably, many of us are willing to assume that
anyone who is prepared to confirm his identity must, ipso
facto, be trustworthy. So when we come across an unknown
program which is digitally signed, we sometimes assume that
the signature tells us something about the morals and the
character of the signatory, rather than simply about his name.
So, for example, in late 2002, many people willingly
downloaded and installed software known as FriendGreetings
from a company identifying itself as Permissioned Media [8].
These downloads were in response to an email, usually
received from a friend or acquaintance, which promised an
electronic greetings card.
FriendGreetings displayed two End User Licence Agreements
(EULAs), in the second of which it claimed permission to
email everyone in your Outlook address book. Which, of
course, it promptly did.
For system administrators and for those in your address book,
the side-effects were little different from a mass-mailing virus
such as LoveBug (VBS/LoveLet-A). The signatories, of
course, claimed that the virus-like behaviour of their software
was entirely legal, as it asked for permission before sending
any email.
But who had ever heard of Permissioned Media Inc. of Sun
Towers, First Floor Office #39, Ave. Ricardo J. Alfaro,
Panama City, El Dorado Zona 6, Panama? And why did they
trust this unknown company with their email
Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24