"In the previous message, H Morrow Long said..." > > > >I know this sounds naive and stupid to some/most > >of you, but PLEASE enlighten me. What is 8lgm? > >Thanks in advance. > >Tenna Sakai (tws@mrc.com) No, everyone has to be initially informed at some point in time. Nobody was born with all this information... :-) > 8lgm is (supposedly) a group of reformed hackers. > > They post a list of security holes along with script that demonstrate how to > exploit them. That is what I understand they are, too. Whatever, they seem to perform a needed service. Without the information gleaned, I would have a lot more unaddressed vulnerabilities, and worse, would not have the slightest clue how to look for them. One can get an idea of how cracker types think and operate by examiningg some of the examples, so if one has one's own machine (or appropraite permission), and some time, one can look for and try other possibilities, and most important, be able to TEST a fix that is supposed to be all the berries. Not all fixes work as well as claimed. Until they showed up, one pretty much had to rely on CERT, etc., meaningful information was kept to a tiny clique and hardly ever shared. Talk about a day late and a dollar short... people were thinking they were all safe and secure, then BAM! the bubble gets broken. The crackers are sitting there laughing while the 'lamers' are trying to figure out what the hell happened... One asks CERT, and they say "A vulnerability exists". MAYBE. Some vendors may flat deny it, some will say "Its a bug. Look for a fix in the NEXT RELEASE... due out next year..." I am also convinced many cracker groups have someone who has access to source, possibly from school or Daddy's job running some big site, and who has nothing better to do than spend all day looking for possible vulnerabilities and devise ways to exploit them... Then exploit instructions or scripts are passed around and literally everyone EXCEPT the site admins and honest users knows about them... My 2 cents worth... No, I am not a fan of "security through obscurity" or hiding the fact the holes exist and information needed to check ones system out and fix the thing. -- pat@rwing [If all fails, try: rwing!pat@eskimo.com] Pat Myrto - Seattle WA "No one has the right to destroy another person's belief by demanding empirical evidence." -- Ann Landers, nationally syndicated advice columnist and Director at Handgun Control Inc.