Xref: utzoo news.sysadmin:1918 news.admin:4265
Path: utzoo!attcan!uunet!mcvax!unido!altger!blue
From: blue@altger.UUCP (blue)
Newsgroups: news.sysadmin,news.admin
Subject: rnews: security hole. Too bad.
Keywords: bug
Message-ID: <1219@altger.UUCP>
Date: 10 Dec 88 01:11:54 GMT
Organization: Altos Computer Systems Munich
Lines: 15

Well, it seems that UUCP  &C. really lack on security..
I just realized that a registered node on a unix system, which
is NOT authorized to get News of ANY kind, can on the contrary
SEND any news-message ANYWHERE on ANY distribution.
THIS IS REALLY AMAZING.
On ANY Buletin Board Service new users are allowed to read
at least some message base, but cannot write messages.
Protection should be made on the POSTING of new messages.
Not only on the "sendbatch"!
Usenet News are a living BUG.
	b.b.
-- 
Mr. BlueBoy, DTE222/hck  - Milano, Italy
Usenet: blue@altger  | Unix has no bugs. Unix itself IS a bug.
Subnet: blue@i2ack   | Let's use ProDos.. :-)