From: kevin lyda (kevin at domain suberic.net)
Date: Wed 31 Mar 1999 - 11:44:56 IST
>Apparently the Melissa macro virus, like everything else that comes out of an
>MS app, contains the MAC address of the user's machine that created it, and
>someone tracked down the user responsible (since, of course, his FrontPage-
>created docs were also littered with that ID#).
it's not quite that simple.
first, only the creator of a document has a guid (globally unique id)
inserted into the document. want to frame someone? - get a doc they
made and replace the contents with your stuff (like, oh, say, a macro
virus and a list of porno sites and passwords).
second, the guid isn't linked to the document (recall the discussion
previously about pgp signatures). you can make a document and then
rewrite the field with anything you want.
microsoft was correct when they stated a guid can't be used like a
fingerprint to track people. sadly they aren't saying it loudly enough
now. just like the pentium iii id fiasco, these "unique id's" can't be
used to do any *real* identification at all. both are probably used to
deal with licensing issues (the pentium iii id isn't really useful for
anything else) and other issues on single user machines. attempts by
*anyone* to use them for other purposes is useless. at best they point
suspicion, but prove nothing. the id's themselves are harmless; the way
intel positioned theirs in a product announcement, and the way people
are using the ms-word guid now: that is harmful.
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:04:06 GMT