[10029] in Commercialization & Privatization of the Internet
Re: If Orson Welles were only alive...
daemon@ATHENA.MIT.EDU (Karl Denninger)
Sat Feb 5 01:23:27 1994
From: karl@mcs.com (Karl Denninger)
To: bzs@world.std.com (Barry Shein)
Date: Sat, 5 Feb 1994 00:21:58 -0600 (CST)
Cc: com-priv@psi.com
In-Reply-To: <199402050553.AA27003@world.std.com> from "Barry Shein" at Feb 5, 94 00:53:25 am
>
> I think CERT has just released the Internet version of War of the
> Worlds with their little advisory.
>
> -Barry Shein
>
> Software Tool & Die | bzs@world.std.com | uunet!world!bzs
> Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD
No, they're right on the money. They also have been much less than honest
with the community about this. We flagged the problem which we saw here more
than two weeks ago.
CERT has NEVER been a responsive OR, IMHO, responsible organization. Due
to this last incursion I intend to do the following:
1) Post ANY and ALL security problems and break-in attempts I become
aware of on the net instantly, BEFORE notifying CERT. They sat
on my rdist bug for over a week. I am severely unhappy about
that.
2) Form a mailing list of <real> admins to discuss issues, including
break-ins in process. I am going to be anal about who gets on the
list, as I want to solicit people to post actual scripts, code, etc
found on their systems that was used to break into things. That
means that if I don't believe you're an admin rather than a
cracker, you won't get on. Yes, this will exclude a few. I do
not feel remorse for this. A filtered version of problems (sans
examples of how to exploit them) will be posted to Usenet for
public consumption.
Note that Rice lost an <entire compute cluster> to these folks this time
around. Slagged systme software and all. We had a user account broken
into, but no root access violations. We got lucky -- I don't run Sun
gear here.
--
Karl Denninger (karl@MCS.COM) | MCSNet - Full Internet Connectivity (shell,
Modem: [+1 312 248-0900] | PPP, SLIP and more) in Chicago and 'burbs.
Voice/FAX: [+1 312 248-8649] | Email "info@mcs.com". MCSNet is a CIX member.
