Re: How was the majordomo bug found ?

John Evans (lgas@cs.UMD.EDU)
Thu, 9 Jun 1994 18:37:28 -0400 (EDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Eric Vyncke: "Re: How was the majordomo bug found ?"
Previous message: John P. Rouillard: "Majordomo CERT advisory (modified by rouilj)"
In reply to: Vincent D. Skahan: "Re: How was the majordomo bug found ?"
Next in thread: Eric Vyncke: "Re: How was the majordomo bug found ?"

On Thu, 9 Jun 1994, Vincent D. Skahan wrote:

> I suppose I'm curious if:
> 	- one of the 'bad guys' "dropped a dime" on one of his pals 
> 	- somebody bled over the source code who had enough experience 
> 		reading the code in that language to see a problem.
> 	- somebody had some proactive monitoring in place that we all should
> 		know about and implement.

How about a lot of the 'bad guys' are dumb.  Sooner or later, one of the 
dumb 'bad guys' finds out about a hole like this from one of the more 
intelligent ones and starts abusing the hell out of it, giving it to all 
his friends, etc, and sooner or later everyone knows about it.  My guess 
is this is what happens in 99% of cases where it's not blatantly obvious 
how someone got on a system.

-
John

Next message: Eric Vyncke: "Re: How was the majordomo bug found ?"
Previous message: John P. Rouillard: "Majordomo CERT advisory (modified by rouilj)"
In reply to: Vincent D. Skahan: "Re: How was the majordomo bug found ?"
Next in thread: Eric Vyncke: "Re: How was the majordomo bug found ?"