RE: 'we should all be uncomfortable with the extent to which luck ..'

[Roeland Meyer <rmeyer () mhsc com>]

> From: k claffy [mailto:kc () ipn caida org]
> Sent: Tuesday, July 24, 2001 10:36 PM

> almost makes me wonder if some white hat might (should?) have 
> been behind CodeRed as some 'vaccination' attempt.

Stop wondering. IMHO "White hats" that crack into systems should be treated
the same as "black hats" that crack into systems. Throw them in jail and RO
them from even thinking the word "computer" ever again (A few years, on a
chain-gang, might do them some good ... sun ... excersize ... daylight ...
fresh air ... they might lose that pasty complexion). <from someone whom has
lost way too many days cleaning up the messes after>.

>       This assault also demonstrates that machines operated by home
>       users or small businesses (hosts less likely to be maintained
>       by a professional sysadmin) are integral to the robustness of
>         the global Internet. As is the case with biologically active

Do you always let your stereotyping lead you by the nose like this ...? Home
users ... maybe. Small businesses ... not.

> From: CERT Advisory [mailto:cert-advisory () cert org]
> Sent: Tuesday, July 24, 2001 6:50 PM

> CERT Advisory CA-2001-21 Buffer Overflow in telnetd
>
>    Original release date: July 24, 2001
>    Last revised: --
>    Source: CERT/CC

> Systems Affected
>
>    Systems running versions of telnetd derived from BSD source.

How many of us here run anything less than SSH and even allow telnetd to
live on any of our hosts?