Bugtraq mailing list archives
Re: security holes, notification protocols, and a clarification
From: elmer_j () UT EE (Elmer Joandi)
Date: Fri, 15 May 1998 20:41:07 +0300
Yep. I am sorry too, for all the people who got damaged within those 17 hours. But I still hold the opinion that my path was correct. Talking to people around me I found that my way of thinking is hard to follow. That is why I want now to make clear points on that. 1. The hole was SUPER-EASY to find. Any responsible sysadmin looks time by time for processes listening on ports. And first telnet into that port (with all of its verbosity) made the problem very clean. Now (major): how did it came that nobody in world found it within 3 months? And (minor): nobody in Cygnus found it in stages of deep software testing Cygnus products are hopefully going trough. There is NO reasonable anwser for me (apart from ones in sci-fi or global paranoia domain). I think it is wider problem than just a security hole in a program. If anyone could explain, I'd be thankful. Otherways the answer is: "kill the internet" or similar out of the band one. 2. Cygnus is in central position in software industry and egcs+gcc users base is a way greater than SN users base. 3. I had my very own right to be paranoid. I used it and I will use it in future in similar cases. Peace, anyway. Elmer Joandi AS Cybernetica, http://www.cyber.ee/ http://www.ut.ee/~elmer_j/
Current thread:
- Re: Bay Networks Security Hole, (continued)
- Re: Bay Networks Security Hole Kirby Dolak (May 14)
- Re: Bay Networks Security Hole Gert Doering (May 14)
- security holes, notification protocols, and a clarification Michael Tiemann (May 14)
- pingflood.c AntireZ (Apr 09)
- Re: pingflood.c Solar Designer (May 18)
- Toshiba notebooks BIOS password backdoor Rop Gonggrijp (May 15)
- Re: Toshiba notebooks BIOS password backdoor Aleph One (May 15)
- May SysAdmin man.sh security hole Aleph One (May 16)
- kde exploit Catalin Mitrofan (May 16)
- Re: kde exploit Aleph One (May 16)
- Re: Bay Networks Security Hole Kirby Dolak (May 14)
- Re: security holes, notification protocols, and a clarification Elmer Joandi (May 15)
- Re: security holes, notification protocols, and a clarification Nathan Neulinger (May 15)