Path: utzoo!utgpu!attcan!uunet!husc6!ukma!rutgers!sunybcs!sbcs!root
From: root@sbcs.sunysb.edu (root)
Newsgroups: comp.protocols.tcp-ip
Subject: Re: Getting Vendors To Fix Bugs
Message-ID: <1801@sbcs.sunysb.edu>
Date: 10 Nov 88 15:42:48 GMT
References: <2120@kalliope.rice.edu>
Organization: State University of New York at Stony Brook
Lines: 19

In article <2120@kalliope.rice.edu>, hd@kappa.rice.edu (Hubert D.) writes:
> We've been looking at software to connect our PCs and MACs
> to SUNs and VAXn.  Now, with the possibity of holes and 
> backdoors left in place by software vendors,  I don't see
> how one can trust object code for communications software
> anymore.  I'm going to take a hard think on wheather to
> go commercial or install/modify/develop public domain
> packages such as KA9Q, NCSA or PCIP (MIT & CMU).

	Huh?  If you let anyone on your Ethernet cable with a PC you've
	basically just given up any hope for security.  Even active
	methods like Kerberos will not protect you from people who
	just listen to eg TCP sessions on the cable.  

> Hubert Daugherty
> hd@rice.edu

				Rick Spanbauer
				SUNY/Stony Brook