Xref: utzoo alt.security:724 comp.protocols.tcp-ip:11519 alt.sys.sun:928
Path: utzoo!utgpu!news-server.csri.toronto.edu!rutgers!mit-eddie!snorkelwacker!think!sdd.hp.com!uakari.primate.wisc.edu!aplcen!unmvax!sci.ccny.cuny.edu!cucard!dasys1!cooper!phri!sci.ccny.cuny.edu!rpi!zaphod.mps.ohio-state.edu!usc!cs.utexas.edu!husc6!hscfsas1!chrome
From: chrome@hscfsas1.harvard.edu (David C. Kovar)
Newsgroups: alt.security,comp.protocols.tcp-ip,alt.sys.sun
Subject: Re: anonymous ftp, and the dangers thereof
Message-ID: <2616@husc6.harvard.edu>
Date: 3 Jun 90 07:25:01 GMT
References: <EMV.90Apr18204600@picasso.math.lsa.umich.edu>
Sender: news@husc6.harvard.edu
Reply-To: chrome@hscfsas1.UUCP (David C. Kovar)
Organization: Health Sciences Computing Facility, Harvard University
Lines: 18

In article <EMV.90Apr18204600@picasso.math.lsa.umich.edu> emv@math.lsa.umich.edu (Edward Vielmetti) writes:
>ftpd identifies itself in the login banner like so:
>
>220 xxxxxxxxxxxxxxxxxxxxxxx FTP server (Version 5.55 Tue Apr 17 20:44:35 EDT 1990) ready.
>

  I am not up on which versions of FTP are currently vulnerable but it
strikes me as quite irresponsible to use actual host names in an example.
If nothing else, you're going to get some people FTPing to it just to
see what the scoop is. (I just did to see if you really were using an
actual example.)

  I'm all for securing systems, but you've got to be somewhat intelligent
about doing it. If posts show up in this newsgroup that cause certain
systems to be broken into (ie, by attracting attention to them) then
the newsgroup will go away. Worse still, there is a small chance,
very small given current laws, that you will be held responsible for
any break in caused by your post.