Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!mailrus!wasatch!cdr.utah.edu!moore
From: moore%cdr.utah.edu@wasatch.UUCP (Tim Moore)
Newsgroups: news.sysadmin
Subject: The fingerd Bug in the Popular Press
Message-ID: <545@wasatch.UUCP>
Date: 13 Nov 88 22:32:51 GMT
Sender: news@wasatch.UUCP
Reply-To: moore%cdr.utah.edu@wasatch.UUCP (Tim Moore)
Organization: University of Utah, Computer Science Dept.
Lines: 16

How many references have people seen to the fingerd bug in the press?
I've only seen one article in a newspaper that mentioned it: the
Boston Globe, Sunday Nov. 6, mentioned a bug in a "Fingerdaemon"
program, but never gave more details on the nature of the bug.

I guess the news media thought the public wouldn't understand what a
finger program was, let alone how that program was vulnerable. Too
bad, it seems that exploiting fingerd represents a much more subtle
and clever piece of cracking than turning on DEBUG mode in sendmail does.

Note that I am not saying a "good" piece of cracking.

			-Tim Moore
	4560 M.E.B.		   internet:moore@cs.utah.edu
	University of Utah	   ABUSENET:{ut-sally,hplabs}!utah-cs!moore
	Salt Lake City, UT 84112