BSD tty security, part 4: What You Can Look Forward To
Marcus J. Ranum
mjr at hussar.dco.dec.com
Fri May 3 11:08:40 AEST 1991
kdenning at genesis.Naitc.Com (Karl Denninger) writes:
> brnstnd at kramden.acf.nyu.edu (Dan Bernstein) writes:
>>If a vendor doesn't react by October 1992, its systems will be open to
>>attack[...]
>
>You're giving them WAY too much slack.
I agree - that's giving the vendors a lot of slack. But, bear in
mind that not only are you (hopefully) going to embarrass vendors into
patching broken code - by posting the keys you are leaving a lot of sites
wide open to attack, sites that are not "guilty" and therefore deserve
some slack themselves.
This is a tricky issue, and it's not, I respectfully submit, as
simple as bashing a vendor.
mjr.
More information about the Comp.unix.wizards
mailing list