Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IP Spoofing and Vendors' attitude

From: mark () zang kcc hawaii edu (Mark)
Date: Thu, 26 Jan 1995 12:43:25 -1000 (HST)


that it took so long before someone actually started exploiting the problem.


How long did it take? When was the first time it was used?


It is pretty sad that you
have to have enough hackers exploiting a problem before these security 
vulnerabilities are addressed and it is unfortunate that many vulnerabilities
are kept quiet by vendors till enough customers have been abused and someone
finally speaks out.  


[crap deleted]

The only reason I can see that its become an issue now is because Shimora
was the only one to spot it because he has logging up the kazoo and SFSU
admins willing to sit there on Xmas eve and read logs. There have been
several accounts of the incident and all of them indicate the victim was
intelligent enough to realise that even though his machines were among the
best protected around, there will always be a technique to defeat his security.
So he logged his wires and although he couldnt stop the incident, his
skills were such that he could piece together an audit trail and identify
the holes that had been exploited. Personally I would have loved to have been
at the conference when he announced it, it would have been a very interesting
discussion, much more than the junk we're reading now.

The moral of last years events is to be vigilant and dont assume.

Mark
Previous By Date Next
Previous By Thread Next

Current thread: