According to Brent Chapman:
>
>Tom Fitzgerald <fitz @
wang .
com> writes:
>
>#
># The only people who lose under the new arrangement are the crackers and
># others who already knew the security holes, since now they're no better off
># than us unwashed masses.
>
>I'm honestly curious about your experience: was it enough to know that
>there was a particular class of bug and that it could be worked around
>using methods X, Y, and Z (i.e., was the CERT advisory enough info for
>you), or did you really need to know the details of how to exploit
>this bug in order to analyze the source and fix it yourself?
>
In my case the CERT recommendations gave me a false sense of security.
I took (perhaps foolishly on my part) heart in the fact that since
CERT was recommending an increase in the level of logging that I would
be notified by sendmail if an attempt was made to exploit the bug on
my system. This is NOT so, I tried the instructions for exploiting
the hole on one of our own machines and found that if it is done
correctly then there are NO traces that the hole has been used.
--
Brett Lymn, Computer Systems Administrator, AWA Defence Industries
===============================================================================
"Where a calculator on the ENIAC is equipped with 18,000 vaccuum tubes
and weighs 30 tons, computers in the future may have only 1,000 vaccuum
tubes and perhaps weigh 1 1/2 tons."
-- Popular Mechanics, March 1949
References:
|
|
