Implications of recent virus (Trojan Horse) attack
Mohamed Ellozy
mohamed at popvax.harvard.edu
Wed Nov 16 06:46:46 AEST 1988
In article <8890 at smoke.BRL.MIL> gwyn at brl.arpa (Doug Gwyn (VLD/VMB) <gwyn>) writes:
>
>People are focusing on the wrong problem. The Internet virus also
>attacked through a hole unrelated to gets(), and I know of at least
^^^^^^^^^^^^^^^^^^^^^^
>three other such holes. The general problem is lack of sufficient
^^^^^^^^^^^^^^^^^^^^^^
This is what irritates the living daylights out of so many of us.
He "knows" of at least three other such holes. He is thus more
learned, perhaps even wiser, than we are.
BUT WHAT THE HELL ARE YOU DOING TO GET THEM CLOSED???
Wizards who "know" about problems and pride themselves about it, but
do nothing, are little better than those who mailiciously exploit them.
This wormy episode will only prove useful if it leads to a serious effort
to eradicate existing holes. I suspect that vendors will now be very
sensitive (for a short period of time) to reports of security problems.
Not too sure, though. What have various vendors done for sites which
run anonymous ftp? Expecting customers to learn of problems from the
net is not acceptable user support.
More information about the Comp.unix.wizards
mailing list