(Brent Chapman writes:) > I first heard about it Monday evening at 5pm. I don't have any idea > how long the crackers have known about the problem. I received a copy > of one of the exploit scripts from someone who I won't name (though > they should feel free to name themselves, if they'd like; I know > they're reading this, and I appreciate their work). Yeah, I appreciate it too. I suppose I'm curious if: - one of the 'bad guys' "dropped a dime" on one of his pals - somebody bled over the source code who had enough experience reading the code in that language to see a problem. - somebody had some proactive monitoring in place that we all should know about and implement. The message as I recall it from John said that the holes WERE being actively exploited. How did he positively know that ? Knowing how to prevent holes is important. Making known holes (and fixes/workarounds) known is important. Knowing how to look for evidence of break-ins is important too. I guess the real questions I was asking were more along the lines of: "how did he know that the holes were being exploited?" "assuming it was through some monitoring, how'd he do that monitoring to identify the use of the holes?" -- ----------- Vince Skahan ------ vds7789@aw101.iasl.ca.boeing.com ----------- "All mammals have hair. Whales are mammals. Therefore whales have hair." "Shave the whales." -Dogbert