Bugtraq mailing list archives
Re: How was the majordomo bug found ?
From: vds7789 () aw101 iasl ca boeing com (Vincent D. Skahan)
Date: Thu, 9 Jun 1994 14:15:03 -0700 (PDT)
(Brent Chapman writes:)
I first heard about it Monday evening at 5pm. I don't have any idea how long the crackers have known about the problem. I received a copy of one of the exploit scripts from someone who I won't name (though they should feel free to name themselves, if they'd like; I know they're reading this, and I appreciate their work).
Yeah, I appreciate it too. I suppose I'm curious if: - one of the 'bad guys' "dropped a dime" on one of his pals - somebody bled over the source code who had enough experience reading the code in that language to see a problem. - somebody had some proactive monitoring in place that we all should know about and implement. The message as I recall it from John said that the holes WERE being actively exploited. How did he positively know that ? Knowing how to prevent holes is important. Making known holes (and fixes/workarounds) known is important. Knowing how to look for evidence of break-ins is important too. I guess the real questions I was asking were more along the lines of: "how did he know that the holes were being exploited?" "assuming it was through some monitoring, how'd he do that monitoring to identify the use of the holes?" -- ----------- Vince Skahan ------ vds7789 () aw101 iasl ca boeing com ----------- "All mammals have hair. Whales are mammals. Therefore whales have hair." "Shave the whales." -Dogbert
Current thread:
- How was the majordomo bug found ? Vincent D. Skahan (Jun 09)
- Re: How was the majordomo bug found ? Brent Chapman (Jun 09)
- Re: How was the majordomo bug found ? Vincent D. Skahan (Jun 09)
- Re: How was the majordomo bug found ? John Evans (Jun 09)
- Majordomo CERT advisory (modified by rouilj) John P. Rouillard (Jun 09)
- Re: How was the majordomo bug found ? Vincent D. Skahan (Jun 09)
- Re: How was the majordomo bug found ? Eric Vyncke (Jun 09)
- Re: How was the majordomo bug found ? Karl Strickland (Jun 10)
- Re: How was the majordomo bug found ? Evil Pete (Jun 10)
- Sequent/DYNIX Security Hole Christian A. Ratliff (Jun 10)
- Re: How was the majordomo bug found ? Brent Chapman (Jun 09)