BSD tty security, part 4: What You Can Look Forward To
Jeff d'Arcy
jdarcy at seqp4.ORG
Thu May 2 03:24:27 AEST 1991
kdenning at pcserver2.naitc.com (Karl Denninger) writes:
>ISC put their head in the sand until outrageous users started flooding
^^^^^^^^^^^^^^^^
I've met a few of these. 8]
>>Incidentally, offering (threatening?) to post programs that exploit
>>the bugs is in itself a pretty good warrantee. Dan wouldn't risk his
>>reputation if he didn't have those programs written already, I suspect.
>>
>> --Steve Bellovin
>
>This is true. So assume that the crackers already know about this. Where
>does this leave you?
Risk his what? Sorry, couldn't resist. As much as I enjoy Bernstein-bashing,
that's not my purpose here. The fact is that Dan would hardly be the first
person to make such an offer without having the goods to back it up. Maybe he
will have them when the time comes; maybe he won't.
In any case, I think *posting* them would be irresponsible since, as Dan points
out himself, it will be *years* before the number of vulnerable vendors becomes
small enough to be discounted. I think sending the programs to "responsible
individuals" (whoever they are) would be much better.
More information about the Comp.unix.wizards
mailing list