The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #164 [some points to make with the media] (1 message, 809 bytes)
SOURCE: http://securitydigest.org/exec/display?f=phage/archive/164.txt&t=text/plain
NOTICE: securitydigest.org recognises the rights of all third-party works.

START OF DOCUMENT

From: encore!pinocchio!bzs@talcott.harvard.edu (Barry Shein)
To: phage
Date: Tue 12:54:22 08/11/1988 EST
Subject: some points to make with the media
References: [Thread Prev: 161] [Thread Next: 085] [Message Prev: 163] [Message Next: 166]


>Your second point is too strong; while only Sun-3s and VAXen were
>susceptible to this particular incarnation, there is clearly no reason
>to think that any UNIX system on the net couldn't have been targeted.
>All it would have taken was a few more .o files, or even source if
>the author had wanted to expose the code.

There clearly *is* a reason, try:

"Any system which shipped sendmail with debug enabled and/or had
the fingerd bug (or even shipped a fingerd)"

Surely you don't claim that all vendors shipped their software this
way? (you're wrong if you do.) And if not, why implicate them? Misery
loves company? AT&T doesn't even *ship* TCP/IP last I checked
(third-party only, right?), much less shipping sendmail and fingerd
with the aforementioned bugs.

You're treading into murky waters of what might have been. I say stick
to the facts. (Isn't it true that Ultrix shipped w/o the debug option?
Now *that* should be mentioned.)

	-Barry Shein, ||Encore||

END OF DOCUMENT