For mgetty users with non-trusted shell logins

Gert Doering (gert@greenie.muc.de)
Thu, 28 Jan 1999 17:00:53 +0100

Messages sorted by:[ date ][ thread ][ subject ][ author ]

Hi,

On Wed, Jan 27, 1999 at 11:30:06PM +0100, l41484@alfa.ist.utl.pt wrote:
> Ah the old debate, security through obscurity or security through openess.
> :-)

Well, partially.  We tell people where the problem is, and how to
protect themselves, but I'm kind of reluctant to do full disclosure
(after all, "full disclosure" is there to force the vendor to fix it - I
*am* the "vendor" and we have found a workaround :) ).

> > To my knowledge, noboy had been aware of this exploit, or was even
> > actively using it.  It needs some evil thinking to figure out *all*
> > the nasties of this issue...
> 
> Never say never. :-) But i think we can say with same assurance, that
> direct dial in access (of untrusted users) is becoming, less and less
> common. For example i myself only use it, when my PPP access is
> unavailable.

Yes...

gert
-- 
Gert Doering
Mobile communications ... right now writing from *AWAY* :-)) 
... mobile phone: +49 177 2160221 ... or mail me:  gert@greenie.muc.de