Xref: utzoo comp.unix.wizards:25343 alt.security:2408
Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!wuarchive!uunet!pcserver2!genesis!kdenning
From: kdenning@genesis.Naitc.Com (Karl Denninger)
Newsgroups: comp.unix.wizards,alt.security
Subject: Re: BSD tty security, part 4: What You Can Look Forward To
Summary: Too lax, too big a hole.
Message-ID: <1991May2.195305.13628@pcserver2.naitc.com>
Date: 2 May 91 19:53:05 GMT
References: <26844:May100:59:2591@kramden.acf.nyu.edu> <13266@goofy.Apple.COM> <7363:May202:45:0591@kramden.acf.nyu.edu>
Sender: news@pcserver2.naitc.com (Usenet admin)
Organization: AC Nielsen Co., Bannockburn IL
Lines: 23
Nntp-Posting-Host: genesis.naitc.com

In article <7363:May202:45:0591@kramden.acf.nyu.edu> brnstnd@kramden.acf.nyu.edu (Dan Bernstein) writes:
>If a vendor doesn't react by October 1992, its systems will be open to
>attack by any novice with rn and cc. Don't get the idea that I trust
>vendors to fix problems; I just want to give the more sensible ones a
>chance to clean up their act. I suspect that at least some will react.

You're giving them WAY too much slack.

I suggest 90 days.  That's enough time to fix a hole of this magnitude and
ship tapes to anyone who needs them.

Then let 'em have it.

Of course, someone else might do it for 'ya too... (post the nasty code that
is).

--
Karl Denninger - AC Nielsen, Bannockburn IL (708) 317-3285
kdenning@nis.naitc.com

"The most dangerous command on any computer is the carriage return."
Disclaimer:  The opinions here are solely mine and may or may not reflect
  	     those of the company.