Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!know!zaphod.mps.ohio-state.edu!ncar!midway!news
From: scott@sage.uchicago.edu (Scott Deerwester)
Newsgroups: comp.sys.next
Subject: Re: CERT Advisory Update - NeXT Systems
Keywords: CERT security npd NeXT
Message-ID: <1990Oct8.210301.25300@midway.uchicago.edu>
Date: 8 Oct 90 21:03:01 GMT
References: <850@cert.sei.cmu.edu> <5701@mace.cc.purdue.edu> <5702@mace.cc.purdue.edu> <881@toaster.SFSU.EDU>
Sender: news@midway.uchicago.edu (News Administrator)
Reply-To: scott@sage.uchicago.edu (Scott Deerwester)
Organization: TIRA / UofC
Lines: 25
In-Reply-To: eps@toaster.SFSU.EDU (Eric P. Scott)

In article <881@toaster.SFSU.EDU>, eps@toaster (Eric P. Scott) writes:
>I have two really stupid questions about newnpd at Purdue:
>
>1) Why is the executable 40961 bytes (we all know it has to be a
>   multiple of 8K)?
>2) Since this version was apparently built last December(!), why
>   did it take so long for it to be made available to customers?
>
>					-=EPS=-

Not to be paranoid, or anything, but... are we all very sure that
newnpd@cc.purdue.edu is legitimate?  I mean, it's not all that hard to
forge messages, and it's also not all that hard to build a Trojan
horse...

Disclaimer:
   I have *no* reason to suspect that newnpd is anything but
   legitimate, and greatly appreciate the effort to make a
   non-compromised version publically available, if the standard one
   is a security hole.  I'm just trying to be a little careful...
-------
Scott Deerwester            | Internet: scott@tira.uchicago.edu  | ~{P;N,5B~}
Center for Information and  | Phone:    312-702-6948             |
   Language Studies         | 1100 E. 57th, CILS                 |
University of Chicago       | Chicago, IL 60637                  |