Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!uunet!husc6!mit-eddie!minya!jc From: jc@minya.UUCP (John Chambers) Newsgroups: comp.unix.wizards Subject: Re: Posting easily-exploited security holes Message-ID: <422@minya.UUCP> Date: Wed, 2-Dec-87 20:37:14 EST Article-I.D.: minya.422 Posted: Wed Dec 2 20:37:14 1987 Date-Received: Sun, 6-Dec-87 07:45:25 EST Organization: home Lines: 22 Summary: No, keep posting... In article <6305@ncoast.UUCP>, allbery@ncoast.UUCP (Brandon Allbery) writes: > > Wonderful idea, by the way -- don't you get a warm glow from having posted > an easily-exploited security hole to the Net? Please be more circumspect > next time. No, no, no!!! I get real exasperated by all the people who think that system managers (like me) should be kept in the dark about security holes. I want to hear all about them. How the @#$^% do you think I can plug them, if I don't learn about them? Huh? A couple weeks ago, I startled some folks around where I'm working now by typing six chars on a logged-in terminal, and getting a super-user prompt. It was the first time I'd ever typed anything at that machine. I then explained to the machine's manager (who was watching, horrified) just what they were doing wrong. I got a few points from that one. The method I used was mentioned in unix.wizards a couple years back. I would like to hear some more good ways of earning points..... -- John Chambers <{adelie,ima,maynard,mit-eddie}!minya!{jc,root}> (617/484-6393)