Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!bu.edu!snorkelwacker.mit.edu!bloom-beacon!eru!hagbard!sunic!mcsun!hp4nl!tuegate.tue.nl!svin02!wsinis03!debra
From: debra@wsinis03.info.win.tue.nl (Paul De Bra)
Newsgroups: comp.unix.sysv386
Subject: Re: Hack-Attempt on dobag (ISC-Bugs)
Message-ID: <1862@svin02.info.win.tue.nl>
Date: 3 Apr 91 11:24:40 GMT
References: <UTKPKWH@dobag.in-berlin.de> <1991Apr02.041525.14582@rfengr.com>
Sender: news@svin02.info.win.tue.nl
Reply-To: debra@info.win.tue.nl
Organization: Eindhoven University of Technology, The Netherlands
Lines: 18

In article <1991Apr02.041525.14582@rfengr.com> rfarris@rfengr.com (Rick Farris) writes:
>You know, we piss and moan about the security bugs in ISC,
>but the month doesn't go by that I don't get an "URGENT
>SECURITY VIOLATION IN PROGRESS" message from CERT/CC about
>SUNs. 
>
>Speaking of which, how come the ISC bug never showed up
>there?

Cert only posts announcements of this nature after
the vendor has developed a fix and distributed it to its
major distributors and customers.

The purpose of Cert announcements is to help sysadmins protect their
systems agains hackers, not to help hackers break in to systems.

Paul.
(debra@win.tue.nl)