Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sun-barr!lll-winken!sol.ctr.columbia.edu!cica!iuvax!noose.ecn.purdue.edu!mentor.cc.purdue.edu!nova.cc.purdue.edu!gerrit
From: gerrit@nova.cc.purdue.edu (Gerrit Huizenga)
Newsgroups: comp.sys.next
Subject: Re: CERT Advisory Update - NeXT Systems
Keywords: CERT security npd NeXT
Message-ID: <14874@mentor.cc.purdue.edu>
Date: 8 Oct 90 23:57:15 GMT
References: <850@cert.sei.cmu.edu> <5701@mace.cc.purdue.edu> <5702@mace.cc.purdue.edu> <881@toaster.SFSU.EDU> <1990Oct8.210301.25300@midway.uchicago.edu>
Sender: news@mentor.cc.purdue.edu
Reply-To: gerrit@nova.cc.purdue.edu (Gerrit Huizenga)
Organization: Purdue University Computing Center
Lines: 18

Scott Deerwester wonders:
> [EPS asks]
>>1) Why is the executable 40961 bytes ( [should be mulitple of 8K] )
>>2) Since this version was apparently built last December(!), why
>>   did it take so long for it to be made available to customers?

>Not to be paranoid, or anything, but... are we all very sure that newnpd@
> cc.purdue.edu is legitimate?  I mean, it's not all that hard to forge
> messages, and it's also not all that hard to build a Trojan horse...

The version of newnpd in the archives was emailed to me by trusted people
at NeXT, followed by my acknowledge and their counter-acknowledge
(generally a fairly safe way to do this email stuff :-).  I wrapped up
the README and newnpd and plopped them in the archives.  

I'm afraid I don't have any answers to Eric's questions, though.

gerrit