Xref: utzoo comp.unix.wizards:25354 alt.security:2414
Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!ncar!hsdndev!husc3.harvard.edu!husc8.harvard.edu!ender
From: ender@husc8.harvard.edu (Matthew Ender)
Newsgroups: comp.unix.wizards,alt.security
Subject: Re: BSD tty security, part 4: What You Can Look F
Message-ID: <1991May2.203506.807@husc3.harvard.edu>
Date: 3 May 91 00:35:04 GMT
References: <26844:May100:59:2591@kramden.acf.nyu.edu> <13266@goofy.Apple.COM> <7363:May202:45:0591@kramden.acf.nyu.edu>
Organization: Harvard University Science Center
Lines: 18
Nntp-Posting-Host: husc8.harvard.edu

In article <7363:May202:45:0591@kramden.acf.nyu.edu> brnstnd@kramden.acf.nyu.edu (Dan Bernstein) writes:
>In article <13266@goofy.Apple.COM> erc@Apple.COM (Ed Carp) writes:
>> In article <26844:May100:59:2591@kramden.acf.nyu.edu> brnstnd@kramden.acf.nyu.edu (Dan Bernstein) writes:
>> There's NO WAY that you're going to
>> get all vendors to distribute fixes, let alone distribute them FOR FREE.
>
>If a vendor doesn't react by October 1992, its systems will be open to
>attack by any novice with rn and cc. Don't get the idea that I trust
>vendors to fix problems; I just want to give the more sensible ones a
>chance to clean up their act. I suspect that at least some will react.

Now I'm confused.  What exactly happens in October 1992?  Based on
what you said, if the system doesn't change, it's going to be
vulnerable.  But the system isn't changed now... so the systems are
'open to attack by any novice with rn and cc'.  So, what's the point
of saying the system will be vulnerable in Oct 1992?

-- Matt