Security mailing list
Harvey R Moran
moran at tron.UUCP
Wed Nov 16 21:04:52 AEST 1988
In article <4752 at bsu-cs.UUCP> dhesi at bsu-cs.UUCP (Rahul Dhesi) writes:
>In article <17841 at glacier.STANFORD.EDU> jbn at glacier.UUCP (John B. Nagle) writes:
>>I suggest that the security mailing list be posted to a newsgroup,
>>but with a 60-day delay.
>
>This is a good idea. In the case of the oft-quoted ftpd bug, the above
>procedure was roughly followed, and it worked.
>--
>Rahul Dhesi UUCP: <backbones>!{iuvax,pur-ee}!bsu-cs!dhesi
I wonder how many more people out there believe that sites without
access to the security mailing list (or possibly even USENET) should
have their risks increased pretty significantly? How about us binary
liscense sites?
If you consider the UNIX community to include both binary liscense
sites and sites with no access to USENET, the *most* such a newsgroup
would accomplish is to make a larger group of privileged characters --
i.e. anyone with access to USENET. It would *not* get the information
to all concerned SA's.
Please don't take the 60 day suggestion. I wouldn't want to be
forced to abandon UNIX and use VMS. Please note that I do not claim
VMS is any more inherently secure than UNIX, just that DEC doesn't
publish break-in methods around the world. It wouldn't take many
successful break-in's to convince my management to abandon UNIX, or at
least UNIX with *any* communication with the outside world.
Harvey Moran moran at tron.UUCP@umbc3.UMD.EDU
{wb3ffv,netsys}!hrmhpc!harvey
More information about the Comp.unix.wizards
mailing list