Internet Worm

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Brad Powell: "Re: finger-bombing"
• Previous message: James Seng: "Re: Internet Worm"
• Next in thread: James Seng: "Re: Internet Worm"

Everyone seems to say "the bugs the worm exploited haven't been fixed yet".
Look at the list:

Bug..					Fix...
Sendmail debug hole			fixed.. use Sendmail 8.6.9

Vax finger stack overflow		fixed.. no fingerd presently uses
					gets()

Guessing users passwords		Use npasswd or passwd+
					Crack 4.1 with UFC is much faster

Trusted hosts and 'r' commands		Not fixed.  Users will always be
					the hole in your system.  Get rid
					of any 'r' commands if this REALLY
					bugs you.

So, this big -secret- that everyone seems to be hiding is that having an
rhosts is a security hole, and it is still exploitable??  So what.  The real
reason that the source is not here is it would be honoring the writer to put
it up for public ftp.  No security expert that spent many hours
disassembling it wants to waste their effort on the public.  It's been said
before, everyone regards their work as infinitely valuable, no matter how
useless it is in the present day.

• Next message: Brad Powell: "Re: finger-bombing"
• Previous message: James Seng: "Re: Internet Worm"
• Next in thread: James Seng: "Re: Internet Worm"