Crackers and Worms
Glen Overby
ncoverby at ndsuvax.UUCP
Mon Nov 14 08:39:22 AEST 1988
In article <1727 at cadre.dsl.PITTSBURGH.EDU> sean at cadre.dsl.pittsburgh.edu (Sean McLinden) writes:
>It is clear from Rick Adams' comments that 'not wanting to tip anyone off'
>is no excuse. Even binary-only sites can be protected fairly rapidly if
>the appropriate channels are used.
This sort of thing has been a pretty big issue lately, so I thought I'd chip
in a few comments. If information about bugs (or, should I say,
"misfeatures") in Unix (or really any OS) should not be publicly disclosed to
protect those who either do not or can not repair them, then HOW should
such "classified" information be distributed to those who want/need it, and
can and will fix the holes?
Not but a few weeks ago there was a "discussion" on one of the news.* groups
about the Security mailing list (there are two of them, but thats irrevalent
here) which is restricted to "trusted" people (those who are "root" on a
"major machine" -- whatever that means). Now, if information about security
bugs is too risky for distribution among that elite group of "system gods",
then should that information be exchanged over network mail systems at all?
(e.g. to 4bsd-bugs at ucbvax).
I think all of this sort of information should be distributed at least over
the private security forum; Vendor releases just aren't frequent enough to
fix these problems in a timely manner.
Glen Overby
ncoverby at plains.nodak.edu uunet!ndsuvax!ncoverby
ncoverby at ndsuvax (Bitnet)
More information about the Comp.unix.wizards
mailing list