Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!mips!swrinde!cs.utexas.edu!uunet!sunquest!venus.sunquest.com!terry
From: terry@venus.sunquest.com (Terry R. Friedrichsen)
Newsgroups: comp.unix.wizards
Subject: Re: sendmail debug thingy
Summary: more than one thingy?
Keywords: sendmail  debug  breakin  security  dissemination
Message-ID: <18630@sunquest.UUCP>
Date: 2 May 91 00:55:51 GMT
Sender: news@sunquest.UUCP
Followup-To: comp.unix.wizards
Distribution: usa
Organization: Sunquest Information Systems, Tucson
Lines: 27

jkp@cs.HUT.FI (Jyrki Kuoppala) writes:

>For the record, I also don't believe that the sendmail debug feature
>was 'widely known', whatever that means.

And now I read in Unix TODAY! that the "Dutch crackers" are cracking systems
by exploiting a sendmail bug, but "not the same one that the RTM worm used"
(paraphrasing).

Terrific.  ANOTHER hole I could close if I only knew what it was.  The
Dutch crackers evidently have lists of security holes that they're playing
off.  I wish *I* could see those lists.

Maybe I can get the crackers to send me mail, since Dan won't.  ;-)

Controlling security hole distribution is like controlling guns:  if you
do it, only the criminals will have guns (or security hole information).
The ordinary citizen is defenseless.  (Before you flame, please note that
I am not taking sides here, merely pointing out the parallel.)

Terry R. Friedrichsen

terry@venus.sunquest.com  (Internet)
uunet!sunquest!terry	  (Usenet)
terry@sds.sdsc.edu        (alternate address; I live in Tucson)

Quote:  "Do, or do not.  There is no 'try'." - Yoda, The Empire Strikes Back