Xref: utzoo comp.protocols.tcp-ip:5380 comp.unix.wizards:12476
Path: utzoo!attcan!uunet!husc6!bloom-beacon!tut.cis.ohio-state.edu!cwjcc!hal!nic.MR.NET!tank!mimsy!haven!umbc3!tron!moran
From: moran@tron.UUCP (Harvey R Moran)
Newsgroups: comp.protocols.tcp-ip,comp.unix.wizards
Subject: Re: Security mailing list
Keywords: bug reality
Message-ID: <386@tron.UUCP>
Date: 16 Nov 88 11:04:52 GMT
References: <1698@cadre.dsl.PITTSBURGH.EDU> <2060@spdcc.COM> <1240@ucsd.EDU> <8388@nlm-mcs.arpa> <44444@beno.seismo.CSS.GOV> <1727@c <1776@ndsuvax.UUCP> <17841@glacier.STANFORD.EDU> <4752@bsu-cs.UUCP>
Reply-To: moran@tron.UMD.EDU (Harvey R Moran)
Organization: Westinghouse Electronic Systems Group, Baltimore, MD
Lines: 30

In article <4752@bsu-cs.UUCP> dhesi@bsu-cs.UUCP (Rahul Dhesi) writes:
>In article <17841@glacier.STANFORD.EDU> jbn@glacier.UUCP (John B. Nagle) writes:
>>I suggest that the security mailing list be posted to a newsgroup,
>>but with a 60-day delay.
>
>This is a good idea.  In the case of the oft-quoted ftpd bug, the above
>procedure was roughly followed, and it worked.
>-- 
>Rahul Dhesi         UUCP:  <backbones>!{iuvax,pur-ee}!bsu-cs!dhesi

    I wonder how many more people out there believe that sites without
access to the security mailing list (or possibly even USENET) should
have their risks increased pretty significantly?  How about us binary
liscense sites?

    If you consider the UNIX community to include both binary liscense
sites and sites with no access to USENET, the *most* such a newsgroup
would accomplish is to make a larger group of privileged characters --
i.e. anyone with access to USENET.  It would *not* get the information
to all concerned SA's.

    Please don't take the 60 day suggestion.  I wouldn't want to be
forced to abandon UNIX and use VMS.  Please note that I do not claim
VMS is any more inherently secure than UNIX, just that DEC doesn't
publish break-in methods around the world.  It wouldn't take many
successful break-in's to convince my management to abandon UNIX, or at
least UNIX with *any* communication with the outside world.

         Harvey Moran       moran@tron.UUCP@umbc3.UMD.EDU
                            {wb3ffv,netsys}!hrmhpc!harvey