Xref: utzoo news.admin:4029 news.sysadmin:1598 comp.mail.uucp:2296
Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!mailrus!ames!vsi1!lmb
From: lmb@vsi1.UUCP (Larry Blair)
Newsgroups: news.admin,news.sysadmin,comp.mail.uucp
Subject: Re: Dangerous hole in Usenet!
Message-ID: <1231@vsi1.UUCP>
Date: 19 Nov 88 19:46:08 GMT
References: <1227@vsi1.UUCP> <117@hudson.Morgan.COM>
Reply-To: lmb@vsi1.UUCP (Larry Blair)
Organization: VICOM Systems Inc., San Jose, CA
Lines: 29

In article <117@hudson.Morgan.COM> frank@Morgan.COM (Frank Wortner) writes:
>Larry (and anyone else who feels that she/he has found a "MAJOR hole" in
>the news software), I think you would do us a service if you sent your
>theory to the maintainer or author of the software involved.  Why not
>drop a note to Rick Adams (rick@seismo.css.gov)?  This way, an update
>can be issued.  This would propogate any fix much more effectively and
>insure that future installations also get the benefit of your change.

The problem is not necessarily in any particular piece of software.  It is
an administative problem.

>If you restrict distribution only to those sites that contact you directly,
>I feel that you are (in effect) guaranteeing that the hole will remain
>open at most sites.

This, unfortunately, is true.  How would you propose distributing the
information?

To date, I have receive mail from about 1% of the systems on Usenet.  This
leaves the other 99% vulnerable.  The funny thing is that if I were to
openly post the problem and solution, I doubt that even 10% of the sites
with this problem would fix it.

On a different posting:

Hey, peter, come on.  After all the problems that have occurred just this
year, why supply _any_ information to potential net-abusers?
-- 
Larry Blair   ames!vsi1!lmb   lmb%vsi1.uucp@ames.arc.nasa.gov