Path: utzoo!attcan!uunet!ncrlnk!ncrcae!ece-csc!ncsuvx!gatech!bloom-beacon!apple!bionet!agate!violet.berkeley.edu!rob
From: rob@violet.berkeley.edu (Rob Robertson)
Newsgroups: news.sysadmin
Subject: Re: Two digit security IQs in action
Message-ID: <16880@agate.BERKELEY.EDU>
Date: 12 Nov 88 00:40:13 GMT
References: <361@itivax.UUCP> <367@execu.UUCP> <1294@tmpmbx.UUCP> <2517@cs.Buffalo.EDU> <16653@agate.BERKELEY.EDU> <241@taux02.UUCP>
Sender: usenet@agate.BERKELEY.EDU
Organization: University of California, Berkeley
Lines: 19

In article <241@taux02.UUCP> amos@taux02.UUCP (Amos Shapir) writes:
>I don't think I have seen anybody mention Sun's contribution to the spread
>of the worm.  It may be ok for a university-grade software to be distributed
>with a debug option compiled in by default, especially when it's distributed
>almost free and with its source; but taking the same program, and selling
>it to unsuspecting customers without any quality check, is certainly
>negligent.

That combined with the notion that you think your buying a fairly
secure product in SunOS 4.0 with "Secure RPC" and that someone from
Sun announced on the network that he had known about the sendmail hole
for several years, makes for a great case of negligence.

Hey, if all those wasted man/staff hours have got you down here is an
all-American way to recoup it.

rob
			"In Japan the ratio of lawyers to engineers 
			 is 1 : 10.  In the US it's 10 : 1."