X-Message-Index: 164
X-Message-Prev: 163
X-Message-Next: 166
X-Thread-Prev: 161
X-Thread-Next: 085
From: encore!pinocchio!bzs@talcott.harvard.edu (Barry Shein)
To: phage
X-To: smb@research.att.com, fair@apple.com, phage
Subject: some points to make with the media
Date: Tue, 8 Nov 88 12:54:22 est
X-Date: Tue 12:54:22 08/11/1988 EST


>Your second point is too strong; while only Sun-3s and VAXen were
>susceptible to this particular incarnation, there is clearly no reason
>to think that any UNIX system on the net couldn't have been targeted.
>All it would have taken was a few more .o files, or even source if
>the author had wanted to expose the code.

There clearly *is* a reason, try:

"Any system which shipped sendmail with debug enabled and/or had
the fingerd bug (or even shipped a fingerd)"

Surely you don't claim that all vendors shipped their software this
way? (you're wrong if you do.) And if not, why implicate them? Misery
loves company? AT&T doesn't even *ship* TCP/IP last I checked
(third-party only, right?), much less shipping sendmail and fingerd
with the aforementioned bugs.

You're treading into murky waters of what might have been. I say stick
to the facts. (Isn't it true that Ultrix shipped w/o the debug option?
Now *that* should be mentioned.)

	-Barry Shein, ||Encore||