in.telnetd
Bill Stewart 908-949-0705 erebus.att.com!wcs
wcs at cbnewsh.att.com
Wed Apr 3 13:11:27 AEST 1991
In article <1991Mar31.175455.23513 at unhd.unh.edu> rg at msel.unh.edu (Roger Gonzalez) writes:
]This brought to light one of my chief beefs about CERT:
]they just say that there is a hole, and where to
]get something to fix it. I get queasy when CERT says "quick - go
]replace your in.telnetd" without any explaination of where the hole is.
It's not too bad a compromise between the obscurity method so
successfully practiced by some three-letter-acronynm companies :-)
and just telling everyone the gory details which guarantees that
sites with inattentive sysadmins can be cracked by novices.
Sure, it's nice to know what's really going on, even if it's just
yet-another-telnetd-hole, but it's better to give people a chance to
fix it first. It's a different case if you're talking about bugs
without known fixes, or bugs in equipment whose manufacturers
aren't responsive about releasing fixes.
--
Pray for peace; Bill
# Bill Stewart 908-949-0705 erebus.att.com!wcs AT&T Bell Labs 4M-312 Holmdel NJ
"Don't Use Racist or Sexist Language" - Political Correctness Police Slogan
"Let's Beat Up That African-American" - Los Angeles Police Department Slogan
More information about the Comp.unix.admin
mailing list