Xref: utzoo news.admin:4061 news.sysadmin:1656 comp.mail.uucp:2328
Path: utzoo!attcan!uunet!mstan!frank
From: frank@Morgan.COM (Frank Wortner)
Newsgroups: news.admin,news.sysadmin,comp.mail.uucp
Subject: Re: Dangerous hole in Usenet!
Message-ID: <138@hudson.Morgan.COM>
Date: 22 Nov 88 16:22:18 GMT
References: <1227@vsi1.UUCP> <117@hudson.Morgan.COM> <1160@unisec.usi.com>
Reply-To: frank@Morgan.COM (Frank Wortner)
Organization: Morgan Stanley and Co., NY, NY
Lines: 18

In article <1160@unisec.usi.com> dpw@unisec.usi.com (Darryl P. Wagoner) writes:
[ about a hole in Usenet discovered by Larry Blair ]

>I have gotten mail from Larry about this hole and what he says is true.
>It is a real hole "created by many sysadmins" not by the usenet software.
>Therefore it would do little good to inform Rick Adams of the problem
>except he could fix his system and possibly provide a more secure program.

Since the software comes with documentation, that documentation could be
updated to reflect the possibility of a security breach.  If the nature of
the hole is kept a secret (except to those who read and replied to Larry's
original article), both present and future installations will perpetuate it.
If knowledge of this hole is spread and documented, it can be closed for
good.  An undocumented problem is guarranteed to remain.
-- 
						Frank

"Computers are mistake amplifiers."