sendmail/ftpd security-holes raise their ugly heads again...

[Scott Schwartz]

In article <19837 at mimsy.UUCP> chris at mimsy.UUCP (Chris Torek) writes:
   I am tempted to avoid flames by not saying anything at all, but I agree
   with the assertion (perhaps implicit, I forget whether it was in the
   text I deleted) that vendors should have fixed it by now.  I know,
   though, that some have not, and so I am not going to post the trick
   right now.

I don't understand.  Isn't it the case that 90% of the hackers in 
the universe have already heard about this bug?  I mean, what exactly
are we keeping secret?

   There is a bootstrap problem here: until there is pressure to fix things,
   things will not get fixed; until things get fixed, there is pressure not
   to disclose the bugs. . . .

Last year Weemba-from-Berkeley loudly proclaimed that in a years time
everyone would be back to sleep on this issue.  Guess what, looks like
he was right.  I'm pretty well convinced that silence is futile.
--
Scott Schwartz		<schwartz at shire.cs.psu.edu>
for h in `cat /etc/hosts`; do telnet $h smtp; done;
Now back to our regularly scheduled programming....