Bugtraq mailing list archives
Re: toward a binmail replacement
From: bugtraq-owner () fc net (bugtraq-owner () fc net)
Date: Fri, 16 Dec 94 14:41:08 -0500
***** UNDELIVERABLE MAIL sent to glaze, being returned by rclsgi.eng.ohio-state.edu!glaze *****
mail: Error # 2 'Problem with mailfile' encountered on system rclsgi.eng.ohio-state.edu
Received: from freeside.fc.net by rclsgi.eng.ohio-state.edu via SMTP (931110.SGI/931108.SGI.ANONFTP)
for glaze id AA08856; Fri, 16 Dec 94 14:40:30 -0500
Received: (from majordom@localhost) by freeside.fc.net (8.6.8.1/8.6.6) id UAA16463 for bugtraq-outgoing; Thu, 15 Dec
1994 20:50:12 -0600
Received: from relay2.UU.NET (relay2.UU.NET [192.48.96.7]) by freeside.fc.net (8.6.8.1/8.6.6) with ESMTP id UAA16452
for <bugtraq () fc net>; Thu, 15 Dec 1994 20:50:05 -0600
Received: from BGUVMS by relay2.UU.NET with SMTP
id QQxulv04525; Thu, 15 Dec 1994 21:45:23 -0500
Message-Id: <QQxulv04525.199412160245 () relay2 UU NET>
Received: by BGUVMS (HUyMail-V6l); Fri, 16 Dec 94 04:44:24 0200
Date: Fri, 16 Dec 94 4:44 0200
From: Automatic answer system <MAILER () BGUVMS BGU AC IL>
To: bugtraq () fc net
Cc: PostMaster <uunet.UU.NET!BGUVMS!INFO>
Subject: Problems delivering a message
Sender: bugtraq-owner () fc net
Precedence: bulk
Your message could not be delivered to some or all of
it's receipients. The problem is:
Too many Received lines headers; Probably a loop.
The erronous address was: dubman () ivory bgu ac il
If you have problems locating your addressee, try writing
to POSTMASTER@BGUVMS or INFO@BGUVMS
-----------------------------------
Received: from BGUVMS by black.bgu.ac.il (4.1/SMI-4.1)
id AA15365; Fri, 16 Dec 94 04:38:47-020
Errors-To: owner-bugtraq-digest () fc net
Received: by BGUVMS via SMTP (HUyMail-V6l); Fri, 16 Dec 94 04:43:58 0200
Received: from BGUVMS by black.bgu.ac.il (4.1/SMI-4.1)
id AA15362; Fri, 16 Dec 94 04:38:34-020
Errors-To: owner-bugtraq-digest () fc net
Received: by BGUVMS via SMTP (HUyMail-V6l); Fri, 16 Dec 94 04:43:45 0200
Received: from BGUVMS by black.bgu.ac.il (4.1/SMI-4.1)
id AA15359; Fri, 16 Dec 94 04:38:21-020
Errors-To: owner-bugtraq-digest () fc net
Received: by BGUVMS via SMTP (HUyMail-V6l); Fri, 16 Dec 94 04:43:32 0200
Received: from BGUVMS by black.bgu.ac.il (4.1/SMI-4.1)
id AA15356; Fri, 16 Dec 94 04:38:09-020
Errors-To: owner-bugtraq-digest () fc net
Received: by BGUVMS via SMTP (HUyMail-V6l); Fri, 16 Dec 94 04:43:20 0200
Received: from BGUVMS by black.bgu.ac.il (4.1/SMI-4.1)
id AA15353; Fri, 16 Dec 94 04:37:56-020
Errors-To: owner-bugtraq-digest () fc net
Received: by BGUVMS via SMTP (HUyMail-V6l); Fri, 16 Dec 94 04:43:07 0200
Received: from BGUVMS by black.bgu.ac.il (4.1/SMI-4.1)
id AA15350; Fri, 16 Dec 94 04:37:44-020
Errors-To: owner-bugtraq-digest () fc net
Received: by BGUVMS via SMTP (HUyMail-V6l); Fri, 16 Dec 94 04:42:55 0200
Received: from BGUVMS by black.bgu.ac.il (4.1/SMI-4.1)
id AA15347; Fri, 16 Dec 94 04:37:28-020
Errors-To: owner-bugtraq-digest () fc net
Received: by BGUVMS via SMTP (HUyMail-V6l); Fri, 16 Dec 94 04:42:39 0200
Received: from BGUVMS by black.bgu.ac.il (4.1/SMI-4.1)
id AA15344; Fri, 16 Dec 94 04:37:06-020
Errors-To: owner-bugtraq-digest () fc net
Received: by BGUVMS via SMTP (HUyMail-V6l); Fri, 16 Dec 94 04:42:17 0200
Received: from BGUVMS by black.bgu.ac.il (4.1/SMI-4.1)
id AA15334; Fri, 16 Dec 94 04:16:18-020
Errors-To: owner-bugtraq-digest () fc net
Received: by BGUVMS via SMTP (HUyMail-V6l); Fri, 16 Dec 94 04:21:29 0200
Received: from eandm.co.il (bones.eandm.co.il) by black.bgu.ac.il (4.1/SMI-4.1)
id AA15308; Fri, 16 Dec 94 04:11:55-020
Errors-To: owner-bugtraq-digest () fc net
Received: from freeside.fc.net by eandm.co.il (4.1/SMI-4.0)
id AA08750; Fri, 16 Dec 94 04:11:03 IST
Errors-To: owner-bugtraq-digest () fc net
Received: (from majordom@localhost) by freeside.fc.net (8.6.8.1/8.6.6) id OAA04881 for bugtraq-digest-outgoing; Thu, 15
Dec 1994 14:11:10 -0600
Date: Thu, 15 Dec 1994 14:11:10 -0600
Message-Id: <199412152011.OAA04881 () freeside fc net>
From: owner-bugtraq-digest () fc net
To: bugtraq-digest () fc net
Subject: bugtraq-digest V1 #71
Reply-To: bugtraq () fc net
Errors-To: owner-bugtraq-digest () fc net
Precedence: bulk
bugtraq-digest Thursday, 15 December 1994 Volume 01 : Number 071
----------------------------------------------------------------------
From: Pete Hartman <pwh () bradley bradley edu>
Date: Tue, 13 Dec 94 10:35:54 -0600
Subject: [none]
If people want to rant and argue about security through obscurity
and disclosure issues, sign up on disclosure () elmegil bradley edu.
The administrative address is disclosure-request () elmegil bradley edu
On the other hand if all you want to do is flame people, maybe it
should be sent to /dev/null.
------------------------------
From: Casper Dik <casper () fwi uva nl>
Date: Tue, 13 Dec 1994 17:40:32 +0100
Subject: Re: SunOS's xterm pb : again !
The pb is : Under SunOS, the terminal devices (/dev/ttyp?) are owned by root, with rights rw-rw-rw-. When you log on the machine, the login process changes the owner of the terminal, so the tty belongs to you, with minimum access rights. BUT when using an xterm, you don't have the permissions to change the owner and access rights of the newly allocated tty. So the device stays owned by root, WORLD READABLE and WORLD WRITEABLE !!! I think this introduces a major security hole...yes, 666 is not the best mode for tty.. :)I've turned this into Sun as a Security problem, as well as a bug. So far the only response I've gotten from Sun is that this problem was opened a while back, but closed as not a bug. Well, I don't see that happening this time since I have way too many SunOS 4.x machines running around. Of course it's 'fixed in the current release of the OS', unless you count SunOS 4.1.4 as current.
Note that if Sun is to fix this problem, cmdtool and shelltool would be higher on the list of applications with the same problem. (Not to mention script and some other programs). Use R5 xterm, you have to install R5 anyway to get a decent X server under SunOS 4.1.x. The System V way of allocating ptys is really superior. Casper ------------------------------ From: jsz () ramon bgu ac il (jsz) Date: Tue, 13 Dec 94 19:28:47 IST Subject: Re: Security through obscurity, etc.
On Tue, 13 Dec 1994, jsz wrote:CERT consists of beaurocrats; 8lgm of posers -- what's a difference, after all?8lgm does not pretend to be god's gift to the net.
True: but IMHO, posting scripts that would add a "+ +" to /.rhosts -- or add a root entry into passwd file are useless; It'd make me respect Neil & Karl, if they didn't post such scripts, and instead would give detailed information about the vulnerability they found. I do respect the amount of work they did already though.
At least you can't use CERT's advisory to crack root on a site, and wipe out important files; 8lgm's advisories were, and in fact are being used for those purposes as well.I am sure this has been said by doozens of people but: If you restrict exploits to the script hackers then only the script hackers will know what they are. In turn, organizations like CERT will not know what they are until some time after the release; when the effects can be exaimed second hand. Pick your posion.
My position is pretty clear: posting a breakin code on public lists causes nothing but chaos, and needless panic. I vote no for full disclosure, I vote for free information -- but without breakin scripts that give you a root prompt. I am interested in statistics how many times 8lgm scripts were used in malicious purposes. Maybe CERT might tell us? B-) Consider it another fruitless noise on bugtraq. ------------------------------ From: Oliver Friedrichs <iceman () MBnet MB CA> Date: Tue, 13 Dec 1994 11:45:57 -0600 (CST) Subject: Re: Security through obscurity, etc. On Tue, 13 Dec 1994, James M. Chacon wrote:
Wrong...I've used the information in CERT advisories to give me a good idea where and what I'm looking for. I've "reverse-engineered" so to speak a fair amount of Cert's announcements into actaul problems I could show people around here. All Cert's announcements do is delay the time people get to even know a bug exists....I'm not really for the 8lgm concept completely, but at least there they don't feel this overwhelming need to not hurt the various manufacturers feelings....
Poor comparison. A script that guarantee's root on a site is equal to a CERT advisory? I don't know which advisories your reading. (send me one?). The difference is too large to even argue about. A CERT advisory doesn't give root to someone on any unprotected system on the Internet. Perhaps 1 in 10 people will figure out the problem, would you rather have 10 out of 10 people be guaranteed to? Think about it. - - Oliver ------------------------------ From: Timothy Newsham <newsham () wiliki eng hawaii edu> Date: Tue, 13 Dec 1994 09:24:04 -1000 (HST) Subject: Re: Stallman and enable-local-variables in bugtraq-digest V1 #64
/* jladwig () soils umn edu writes: */rms has said to me in mail that he "doesn't like security". Would that I (and others) had that luxury.Just because someone doesn't "like" something, doesn't mean they don't understand the need for it. It's a shame anyone *has* to deal with it at all. I'd much rather *not have* to type a password when su'ing, but the consequences of a password-less root are obvious. I don't like having to take the extra time to do it, but the alternative is even less appealing.
Its the mission of the FSF to wedge the philosophies of RMS upon everyone. This is accomplished through writing free software which becomes a defacto standard with dependancies on other free software which must become a defecto standard. I'm not saying they dont do a good job, but disreguarding other people's need for security just because RMS thinks society should be free and open is evil.
~mitch
------------------------------ From: Leo Bicknell <bicknell () ussenterprise async vt edu> Date: Tue, 13 Dec 1994 15:27:15 -0500 (EST) Subject: Re: Security through obscurity, etc.
The difference is too large to even argue about. A CERT advisory doesn't give root to someone on any unprotected system on the Internet. Perhaps 1 in 10 people will figure out the problem, would you rather have 10 out of 10 people be guaranteed to?
It doesn't matter if 1 in 10, or 10 in 10 can get into your
site as root. One person with root access, can, in one command
obliterate everything on your system.
Frankly, I look at it this way. If the advisory doesn't tell
you specifically what the problem is, someone will have to go look for
it. If they look and find it, this tells me they have some
intelegence/experience -- ie might be able to cover up their tracks,
at least for a little while. With exploit scripts the odds are some
bozo who doesn't know what it is will run it wrong and you'll notice
right way because it's such a botched attempt.
If one person knows how to get root on my site, I want to know
too. And if that means that 10 other people learn in the process
that's ok, because knowing is the only way I'll be able to stop that
first person from doing something I don't want them to do. Keeping
people in the dark only keeps those who don't already know from
finding out. Those who do already know are still just as dangerous
(if not more so because no one is looking for them).
Also, vendors are (in a relative sense) slow to fix problems.
As bad as it may sound, things will get fixed a lot faster if someone
breaks into 50 of vendor x's systems and makes the news. I've seen
vendors not release a patch for months because "no one knew about it".
Perhaps a newspaper headline like "50 sites running x wiped out last
night" would make them work a little faster. Of course, I wouldn't
want it to be my site, but that's a risk you run being on the
Internet, at any moment you might be destroyed.
- --
Leo Bicknell - bicknell () vt edu | Make a little birdhouse
bicknell () csugrad cs vt edu | in your soul......
bicknell () ussenterprise async vt edu | They Might
http://ussenterprise.async.vt.edu/~bicknell/ | Be Giants
------------------------------
From: mitch () corp cirrus com (Mitch Wright)
Date: Tue, 13 Dec 1994 13:12:38 +0800
Subject: Re: this is interesting...
/* dave () esi com au writes: */
On Mon, 12 Dec 1994, Mark wrote:but who identd says is pbergman () netcom com, who's apparently taken it uponWe wont be hearing from that account for a while.Does this mean that IDENTD is actually useful? :-)
Assuming you trust what identd returned. As far as you know it could have been joeuser () netcom com that did it, but was able to trick identd on netcom to return pbergman () netcom com. Given Netcom's track record, I don't think you can rule out this possibility. do svidanya, ~mitch ------------------------------ From: John Ladwig <jladwig () Soils Umn EDU> Date: Tue, 13 Dec 1994 15:27:20 -0600 Subject: Re: Stallman and enable-local-variables in bugtraq-digest V1 #64
On Tue, 13 Dec 1994 09:24:04 -1000 (HST), Timothy Newsham <newsham () wiliki eng hawaii edu> said:
>>
>> /* jladwig () soils umn edu writes: */
>>
>> >rms has said to me in mail that he "doesn't like security".
>> >Would that I (and others) had that luxury.
>> >
>> Just because someone doesn't "like" something, doesn't mean
>> they don't understand the need for it. It's a shame anyone
>> *has* to deal with it at all. I'd much rather *not have* to
>> type a password when su'ing, but the consequences of a
>> password-less root are obvious. I don't like having to take
>> the extra time to do it, but the alternative is even less
>> appealing.
Exactly.
TN> Its the mission of the FSF to wedge the philosophies of RMS
TN> upon everyone. This is accomplished through writing free
TN> software which becomes a defacto standard with dependancies on
TN> other free software which must become a defecto standard. I'm
TN> not saying they dont do a good job,
*Please* let's not get into a big public to-do over FSF philosophy and
politics. If you must vent about it, please feel free to do so with
me, or privately to others, and not on Bugtraq.
TN> but disreguarding other people's need for security just
TN> because RMS thinks society should be free and open is evil.
Personality aside, I thought it relevant to mention on Bugtraq the
philosophical viewpoint of the maintainer of several important
software packages.
-jml
------------------------------
From: Oliver Friedrichs <iceman () MBnet MB CA>
Date: Tue, 13 Dec 1994 15:21:52 -0600 (CST)
Subject: Re: Security through obscurity, etc.
On Tue, 13 Dec 1994, Leo Bicknell wrote:
It doesn't matter if 1 in 10, or 10 in 10 can get into your site as root. One person with root access, can, in one command obliterate everything on your system.
I've taken this to email.. - - Oliver ------------------------------ From: Kenneth.Kron () EBay Sun COM (Kenneth Kron - Network Security) Date: Tue, 13 Dec 1994 13:40:01 -0800 Subject: Re: Stallman and enable-local-variables Excuse me. I'd just like to point out. It's free. Source is included. The idea is if you don't like it modify it. If you have a bug/rfe send it to the author/distributor. If you have a patch distribute it. That's the "price" you pay for free software. If you use it without reviewing it, you're getting what you paid for. I fully support the right of an other to produce exactly what he/she wants. Those who don't appreciate the product need not accept it. This is now very far off the bugtraq charter. If you'd like to continue this discussion you can flame me in a private email :^). ====================== Kenneth Kron -- Network Security Group kron () aiki ebay sun com
From bugtraq-owner () fc net Tue Dec 13 13:21 PST 1994 From: Timothy Newsham <newsham () wiliki eng hawaii edu> Subject: Re: Stallman and enable-local-variables in bugtraq-digest V1 #64 To: mitch () corp cirrus com (Mitch Wright) Cc: jladwig () soils umn edu, bugtraq () fc net Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="US-ASCII" Content-Length: 944 X-Lines: 21/* jladwig () soils umn edu writes: */rms has said to me in mail that he "doesn't like security". Would that I (and others) had that luxury.Just because someone doesn't "like" something, doesn't mean they don't understand the need for it. It's a shame anyone *has* to deal with it at all. I'd much rather *not have* to type a password when su'ing, but the consequences of a password-less root are obvious. I don't like having to take the extra time to do it, but the alternative is even less appealing.Its the mission of the FSF to wedge the philosophies of RMS upon everyone. This is accomplished through writing free software which becomes a defacto standard with dependancies on other free software which must become a defecto standard. I'm not saying they dont do a good job, but disreguarding other people's need for security just because RMS thinks society should be free and open is evil.~mitch
------------------------------ From: Jason Matthews <jason () dickory SDSU Edu> Date: Tue, 13 Dec 1994 14:24:02 -0800 (PST) Subject: Re: this is interesting... yeah, I got the same message. On Mon, 12 Dec 1994, *Hobbit* wrote:
I'm getting mail spammery from someone claiming to be ghoast () gnu ai mit edu but who identd says is pbergman () netcom com, who's apparently taken it upon himself to become a net-cop and WARN any sites from which I may have posted to alt.2600, ever, in the past, that I'm a walking security hole. Oh my. I wonder how many messages are landing in postmaster () anon penet fi's mailbox.. _H*
------------------------------ From: mlvyxk01 () ntmtv com (Stagiaire Yacine Kheddache) Date: Tue, 13 Dec 94 18:51:06 +0100 Subject: Need Info. Hi Who can I receive your digest and could you send me some further more informations on your stuff. Yours. ------------------------------ From: der Mouse <mouse () Collatz McRCIM McGill EDU> Date: Tue, 13 Dec 1994 19:52:08 -0500 Subject: Re: SunOS's xterm pb : again !
[...ownership and permissions of /dev/ttyp*, as they affect security of non-setuid xterm...][...]
The System V way of allocating ptys is really superior.
Which way is that? The one that gave us pt_chmod, or was it pt_chown?
(Sorry, cheap shot.)
Seriously, speaking as an application author, I have been unable to
perceive a "System V way of allocating ptys". I have one piece of code
that allocates ptys the Berkeley way, and it works with zero changes on
every Berkeley-based system I've encountered. I have one more piece of
code for _each_ SysV variant I've managed to port pty-allocating code
to. Each one seems to have invented its own way of allocating ptys,
all incompatible and all documented as being the only supported way
("other methods may not be supported in future releases" is a typical
phrase). Sometimes, even, different releases of the same OS use
different and incompatible ways.
Whatever its technical flaws may be, the Berkeley way has the advantage
of being significantly less nonportable. At least one SV-based system
I've seen has arranged for BSD-style pty allocation to work, or at
least claims to have; I didn't put it to the test.
As for relevance to bugtraq, well, when every vendor is inventing its
own way, sometimes re-inventing it for each release, guess what that
does to the bug density :-)
der Mouse
mouse () collatz mcrcim mcgill edu
------------------------------
From: sameer <sameer () c2 org>
Date: Tue, 13 Dec 1994 20:30:49 -0800 (PST)
Subject: Re: this is interesting...
Gee, last time I reported cracking activity to netcom they emailed me with a note that basicly blew me off saying for me to fix he holes at my site and they they do not have any security problems.
Last time I reported activity to netcom they told me that all
their logs were nuked for that week, because of some problem they were
having..
- --
sameer Voice: 510-841-2014
Network Administrator Pager: 510-321-1014
Community ConneXion: The NEXUS-Berkeley Dialin: 510-549-1383
http://www.c2.org (or login as "guest") sameer () c2 org
------------------------------
From: "Paul 'Shag' Walmsley" <ccshag () cclabs missouri edu>
Date: Tue, 13 Dec 1994 23:20:54 -0600 (CST)
Subject: Re: 8lgm's SCO "at" hole
On Sat, 10 Dec 1994, Steinar Haug wrote:
In HP-UX 9.05 getcwd() traverses the path upwards - it does *not* use popen(). getwd() doesn't exist.
IRIX 5.2 also traverses the tree upwards for getcwd().
- - Paul "Shag" Walmsley <ccshag () everest cclabs missouri edu>
"The only difference between myself and a madman is that I am not mad."
- Salvador Dali
------------------------------
From: "Paul 'Shag' Walmsley" <ccshag () cclabs missouri edu>
Date: Wed, 14 Dec 1994 01:00:50 -0600 (CST)
Subject: Re: Stallman and enable-local-variables in bugtraq-digest V1 #64
On Tue, 13 Dec 1994, Timothy Newsham wrote:
/* jladwig () soils umn edu writes: */rms has said to me in mail that he "doesn't like security". Would that I (and others) had that luxury.Just because someone doesn't "like" something, doesn't mean they don't understand the need for it. It's a shame anyone *has* to deal with it at all. I'd much rather *not have* to type a password when su'ing, but the consequences of a password-less root are obvious. I don't like having to take the extra time to do it, but the alternative is even less appealing.Its the mission of the FSF to wedge the philosophies of RMS upon everyone. This is accomplished through writing free software which becomes a defacto standard with dependancies on other free software which must become a defecto standard. I'm not saying they dont do a good job, but disreguarding other people's need for security just because RMS thinks society should be free and open is evil.
By the same token, couldn't one say that it is the mission of Bugtraq to
wedge the philosophies of full disclosure upon everyone?
Authors of free software really don't have to pander to anyone's needs
other than their own; if you think some aspect of what they produce is
flawed, you're welcome to fix/enhance it.
- - Paul "Shag" Walmsley <ccshag () everest cclabs missouri edu>
"The only difference between myself and a madman is that I am not mad."
- Salvador Dali
------------------------------
From: hobbit () bronze lcs mit edu (*Hobbit*)
Date: Wed, 14 Dec 1994 06:58:02 -0500
Subject: toward a binmail replacement
I've done some minor hacks to 44bsd mail.local so it runs on sunos, and
it seems to be working as I type... has anyone else already done this,
possibly more elegantly than I would, and I just missed any announcements?
If not, I'll hang my dinked source out on the net for other folks to grab
and beat on.
_H*
------------------------------
From: "Michael S. Hines" <MSHINES () freh-02 adpc purdue edu>
Date: 14 Dec 94 07:59:27 EST
Subject: Re: this is interesting...
Pete Shipley says ...
Gee, last time I reported cracking activity to netcom they emailed me with a note that basicly blew me off saying for me to fix he holes at my site and they they do not have any security problems. I fixed this by just blocking all IP traffic from *.netcom.com, (and letting email get delivered via. a MX host) since almost every time someone would telnet/rlogin from *.netcom.com their passwd would be stolen.
And a message yesterday to bobr () netcom com got a reply from the vacation program saying he was away for a while and would read his mail when he returned.... lots a luck!!! - ---------------------------------------------------------------------- Internet: mshines () ia purdue edu | Michael S. Hines Bitnet: michaelh@purccvm | Sr. Information Systems Auditor Purdue WIZARD Mail: MSHINES | Purdue University GTE Net Voice: (317) 494-5845 | 1065 Freehafer Hall GTE Net FAX: (317) 496-1814 | West Lafayette, IN 47907-1065 CompuServe: 73240,1631 | ------------------------------ From: "Jim Littlefield" <little () ragnarok hks com> Date: Wed, 14 Dec 1994 08:17:22 -0500 Subject: Re: Security through obscurity, etc. On Dec 13, 9:04am, James M. Chacon wrote: : : ....I'm not really for the 8lgm concept completely, but at least : there they don't feel this overwhelming need to not hurt the various : manufacturers feelings.... 8lgm gives the vendor some "incentive" to correct the problem in a timely manner, unlike CERT where the problem is reported only to the affected vendors. We never hear a peep until (a) we find the same bug as a result of a breakin of our site, or (b) CERT announces that the vendor (months/years later) has a fix available. Sorry folks, I'll take (c) 8lgm (or equivalent) providing full disclosure. The initial announcement means a scramble to disable/work around the problem, but at least I know if my systems are vulnerable. - -- Jim Littlefield "I've got a bad feeling about this..." -- Han Solo <little () hks com> ------------------------------ From: long-morrow () CS YALE EDU (H Morrow Long) Date: Wed, 14 Dec 1994 13:27:42 -0500 Subject: Re: this is interesting... shipley () merde dis org (Pete Shipley) wrote:
Gee, last time I reported cracking activity to netcom they emailed me with a note that basicly blew me off saying for me to fix he holes at my site and they they do not have any security problems.
sameer <sameer () c2 org> wrote:
Last time I reported activity to netcom they told me that all their logs were nuked for that week, because of some problem they were having..
I don't know... I got a nice note back from them in response to a forwarded
copy of a spam to a bunch of mailing lists by a user at their site (the
actuary () ix netcom com "Choice Trading Company, Court Appointed Liquidators"
spam):
|Thank you for your report. This user has been permanently removed
|from the system for abuse of Usenet and mailing lists. We apologize
|for any inconvenience that was caused.
|
|Margaret
H. Morrow Long, Mgr of Dev., Yale Univ., Comp Sci Dept, 011 AKW, New Haven, CT
06520-8285, VOICE: (203)-432-{1248,1254} FAX: (203)-432-0593
INET: Long-Morrow () CS Yale EDU UUCP: yale!Long-Morrow BITNET: Long-Morrow@YaleCS
WWW: http://www.cs.yale.edu/HTML/YALE/CS/HyPlans/long-morrow.html
------------------------------
From: hoodr () hoodr slip netcom com
Date: Wed, 14 Dec 1994 21:42:49 +0000
Subject: Re: this is interesting...
shipley () merde dis org (Pete Shipley) wrote:Gee, last time I reported cracking activity to netcom they emailed me with a note that basicly blew me off saying for me to fix he holes at my site and they they do not have any security problems.
Ah...you've met Bruce :-) On a more serious note, we do take security VERY seriously at NETCOM. At times we get too busy to handle some events, so I appologize to those who get dropped. With 40,000 to 50,000 customers, security/spamming incedents are happening every day now. For those who are interested, we are hiring sysadmins, network admins, and I believe we have a position open for a security person too. Send me a resume at work (hoodr () netcom com), and I will make sure it gets seen by the appropriate people.
sameer <sameer () c2 org> wrote:Last time I reported activity to netcom they told me that all their logs were nuked for that week, because of some problem they were having..
When we run low on disk space, logs are usually the first to go. We are currently up to 2.2 GIGs of logs every week (and thats just the shell accounts)!
I don't know... I got a nice note back from them in response to a forwarded copy of a spam to a bunch of mailing lists by a user at their site (the actuary () ix netcom com "Choice Trading Company, Court Appointed Liquidators" spam):
------------------------------ From: hoodr () hoodr slip netcom com Date: Wed, 14 Dec 1994 21:44:50 +0000 Subject: Re: this is interesting...
Pete Shipley says ...Gee, last time I reported cracking activity to netcom they emailed me with a note that basicly blew me off saying for me to fix he holes at my site and they they do not have any security problems. I fixed this by just blocking all IP traffic from *.netcom.com, (and letting email get delivered via. a MX host) since almost every time someone would telnet/rlogin from *.netcom.com their passwd would be stolen.And a message yesterday to bobr () netcom com got a reply from the vacation program saying he was away for a while and would read his mail when he returned.... lots a luck!!!
Bobr is the wrong person to send this stuff to. If you read the vacation message, it will tell you where to send it. You can send your spamming problems to netmail () netcom com, and security incedents to me at hoodr () netcom com. ------------------------------ From: alex () c3ot saic com (Alex Tosheff) Date: Thu, 15 Dec 94 12:05:32 PST Subject: UNSUBSCRIBE UNSCUBSCRIBE ------------------------------ End of bugtraq-digest V1 #71 ****************************
Current thread:
- Re: toward a binmail replacement Kimmo Suominen (Dec 16)
- <Possible follow-ups>
- Re: toward a binmail replacement bugtraq-owner () fc net (Dec 16)