         <<< GIDDAY::DISK$NOTES:[NOTES$LIBRARY]SITES_AT_RISK.NOTE;1 >>>
                        -< Environments with loopholes >-
================================================================================
Note 9.0                ReGIS terminals security loophole             No replies
MARVIN::COCKBURN "Craig, PhaseV & FCNS"              39 lines  31-MAR-1989 09:00
--------------------------------------------------------------------------------
            <<< UFP::SYS$SYSDEVICE:[NOTES$LIBRARY]HACKERS.NOTE;1 >>>
                               -< ** Hackers ** >-
================================================================================
Note 549.0  macrograph mail trojan horse warning VT330/VT340/VT240/D  No replies
MARVIN::COCKBURN "Craig, PhaseV & FCNS"            33 lines  Wed 29-Mar-89  3:59
--------------------------------------------------------------------------------
I've just received the mail message below, it mentions hackers so I guess it's
appropriate for this conference - please inform me if it isn't.

	Craig.

[forwarding headers removed, below is the original sender]

From:	HANNAH::MESSENGER "Bob Messenger, DSG 1-2/E6, 235-8438  24-Mar-1989 2140" 24-MAR-1989 21:54:04.08
To:	@DW:[LISTS]TEAM
CC:	
Subj:	Warning: disable macrograph reporting on your terminals!

Apparently there's some discussion about this in some notes files, so it's
going to be common knowledge before too long: a hacker can use the ReGIS
macrograph report command to execute any DCL command, such as DELETE *.*;*,
if you type a file containing the Trojan Horse commands; for example,
someone could send you an Easter greeting in a mail message and tell you
to EXTR TT: to see it.  Normally MAIL won't send embedded escape sequences
(such as the command to enter ReGIS mode) to the terminal, but EXTR TT:
bypasses this protection.

To protect yourself, if you have a VT330 or VT340, go into Graphics Set-Up
and disable Macrograph Reports, then save current settings.  Note that
the factory default is for macrograph reports to be *enabled*!  (Note to
the architects: change this in all future products!)  The same feature
exists in the VT240, but I'm not sure whether reports are enabled or
not by default.

Unfortunately this feature is always enabled in DECterm V1.0, and can't
be disabled.  It is selectable in DECterm X2.0-3 (VMS DECwindows V2 BL2) and
all later versions, and the default is for macrograph reports to be disabled.

				-- Bob