[4110] in bugtraq
More on the Java holes
daemon@ATHENA.MIT.EDU (Gary McGraw)
Fri Feb 28 19:21:51 1997
Date: Fri, 28 Feb 1997 16:56:04 -0500
Reply-To: Gary McGraw <gem@RSTCORP.COM>
From: Gary McGraw <gem@RSTCORP.COM>
To: BUGTRAQ@NETSPACE.ORG
This will be a bit of "yadda yadda" for bugtraq folk, but
whatever.
My posting from yesterday did not place proper emphasis on just how
dangerous port scanning can be. Just for the record, port scanning is
*very bad* since you might be able to discover things like weak
sendmails listening on port 25.
Microsoft considered the second attack enough of a problem to release
a patch. MSIE users should go get it. Major Malfunction and Ben
Laurie have performed a valuable service in helping to educate Web
users of the risks of executable content. My posting is not meant to
discredit their work, just to nip any hysteria in the bud by trying to
explain what they have done clearly.
Gary McGraw
*------------------------------------------------------------------*
| Dr. Gary McGraw gem@rstcorp.com | (__) |
|-----------------------------------------| (oo) |
| Research Scientist | /-------\/ |
| Reliable Software Technologies (RST) | / | || |
| Sterling, VA | * ||----|| |
| <http://www.rstcorp.com/~gem> | ^^ ^^ |
*------------------------------------------------------------------*
