Path: utzoo!attcan!uunet!ginosko!brutus.cs.uiuc.edu!psuvax1!psuvax1!schwartz
From: schwartz@psuvax1.cs.psu.edu (Scott Schwartz)
Newsgroups: comp.unix.wizards
Subject: Re: sendmail/ftpd security-holes raise their ugly heads again...
Message-ID: 
Date: 27 Sep 89 19:59:34 GMT
References: <21@minya.UUCP> <19837@mimsy.UUCP>
Sender: news@psuvax1.cs.psu.edu
Organization: Pennsylvania State University, computer science
Lines: 23
In-Reply-To: chris@mimsy.UUCP's message of 27 Sep 89 17:18:54 GMT


In article <19837@mimsy.UUCP> chris@mimsy.UUCP (Chris Torek) writes:
   I am tempted to avoid flames by not saying anything at all, but I agree
   with the assertion (perhaps implicit, I forget whether it was in the
   text I deleted) that vendors should have fixed it by now.  I know,
   though, that some have not, and so I am not going to post the trick
   right now.

I don't understand.  Isn't it the case that 90% of the hackers in 
the universe have already heard about this bug?  I mean, what exactly
are we keeping secret?

   There is a bootstrap problem here: until there is pressure to fix things,
   things will not get fixed; until things get fixed, there is pressure not
   to disclose the bugs. . . .

Last year Weemba-from-Berkeley loudly proclaimed that in a years time
everyone would be back to sleep on this issue.  Guess what, looks like
he was right.  I'm pretty well convinced that silence is futile.
--
Scott Schwartz		
for h in `cat /etc/hosts`; do telnet $h smtp; done;
Now back to our regularly scheduled programming....