[340] in bugtraq
Re: Full Disclosure works, here's proof:
daemon@ATHENA.MIT.EDU (Bela Lubkin)
Sun Dec 4 05:33:50 1994
From: Bela Lubkin <belal@sco.COM>
Date: Sun, 4 Dec 1994 01:11:43 -0800
To: bugtraq@fc.net
Karl Strickland wrote:
Bela> This is ridiculous. You'd decline to install a security patch because
Bela> you think not enough hackers know about the hole?
Karl> One important point is, if you dont know what the hole is, you cant be
Karl> sure its fixed. Some people are more reluctant to take these things
Karl> on trust, after seeing what happened with Sun's binmail patches.
If the reader believes that the holes originally exist as stated and
that SCO has made a good faith effort to fix them, it is sensible to
install the fixes even if it eventually turns out that a narrower hole
remains. It's analogous to a terminal cancer patient being told that he
can try a promising but untested new drug -- except in this case it's
cured all the lab rats, so the doctor has very high hopes for the drug.
I suppose some readers could think the whole thing was an elaborate
collaborative hoax between 8LGM and SCO to *introduce* Trojan horses...
I can't help anyone who is that paranoid.
>Bela<
