[10035] in Commercialization & Privatization of the Internet
If Orson Welles were only alive...
daemon@ATHENA.MIT.EDU (Barry Shein)
Sat Feb 5 02:30:59 1994
Date: Sat, 5 Feb 1994 02:30:21 -0500
From: bzs@world.std.com (Barry Shein)
To: sob@tmc.edu
Cc: karl@mcs.com, com-priv@psi.com
In-Reply-To: Stan Barber's message of Sat, 5 Feb 1994 01:00:33 -0600 <199402050700.BAA03417@tmc.edu>
>From: sob@tmc.edu (Stan Barber)
>Did you send any of this to the Sun Users' Group? Aren't you an officer in
>SUG? Don't they play a role here? How about "security@sun.com"?
What are you referring to here? Do you mean did I send a description
of the security problem to the Sun User Group? No, I did not send it
to the Boy Scouts of America either (what has SUG got to do with
anything? Much less my status as an officer of that corporation?)
I'm not sure what you are getting at.
I am quite sure that CERT advised Sun of the problem at the time. I am
not sure that this is a peculiarly Sun problem. Are they the only
vendor with a promiscuous-mode ethernet interface? I know I had one on
my Xerox Dandelion Lisp Machine in 1981. The underlying problem was
how these fellows were getting root access so easily, the /dev/nit
thing was the symptom (and should require root access on any
reasonably set up system but hey if not maybe the disks are writeable
also), there were other ways to do the same thing once you had root
access on a machine, /dev/nit was just the example at hand (and
perhaps the one the crackers happened to exploit.)
-Barry Shein
Software Tool & Die | bzs@world.std.com | uunet!world!bzs
Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD
