Re: How was the majordomo bug found ?
Vincent D. Skahan (vds7789@aw101.iasl.ca.boeing.com)
Thu, 9 Jun 1994 14:15:03 -0700 (PDT)
(Brent Chapman writes:)
> I first heard about it Monday evening at 5pm. I don't have any idea
> how long the crackers have known about the problem. I received a copy
> of one of the exploit scripts from someone who I won't name (though
> they should feel free to name themselves, if they'd like; I know
> they're reading this, and I appreciate their work).
Yeah, I appreciate it too.
I suppose I'm curious if:
- one of the 'bad guys' "dropped a dime" on one of his pals
- somebody bled over the source code who had enough experience
reading the code in that language to see a problem.
- somebody had some proactive monitoring in place that we all should
know about and implement.
The message as I recall it from John said that the holes WERE being actively
exploited. How did he positively know that ?
Knowing how to prevent holes is important.
Making known holes (and fixes/workarounds) known is important.
Knowing how to look for evidence of break-ins is important too.
I guess the real questions I was asking were more along the lines of:
"how did he know that the holes were being exploited?"
"assuming it was through some monitoring, how'd he do that
monitoring to identify the use of the holes?"
--
----------- Vince Skahan ------ vds7789@aw101.iasl.ca.boeing.com -----------
"All mammals have hair. Whales are mammals. Therefore whales have hair."
"Shave the whales."
-Dogbert