Return to BSD News archive
Path: sserve!euryale!newshost.anu.edu.au!harbinger.cc.monash.edu.au!simtel!news.sprintlink.net!EU.net!uunet!in1.uu.net!anshar.shadow.net!anshar.shadow.net!nobody
From: dwhite@anshar.shadow.net (Don Whiteside)
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: FreeBSD mention in RISKS.digest
Date: 30 Jul 1995 13:56:10 -0400
Organization: Shadow Information Services, Inc.
Lines: 55
Message-ID: <3vgh3q$o21@anshar.shadow.net>
NNTP-Posting-Host: anshar.shadow.net
X-Newsreader: TIN [version 1.2 PL2]
I don't know how many of you read comp.risks or saw the original article
this blurb mentions, but I thought it was worth cc:ing here.
I've trimmed all the other bits out and left in just some header and the
article in question from the RISKS digest v20.17.
Newsgroups: comp.risks
Subject: RISKS DIGEST 17.20
Message-ID: <CMM.0.90.1.806794003.risks@chiron.csl.sri.com>
Date: 26 Jul 95 21:26:43 GMT
RISKS-LIST: Risks-Forum Digest Weds 26 July 1995 Volume 17 : Issue 20
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Date: Tue, 27 Jun 1995 11:34:51 -0400
From: jepstein@inetml.cordant.com (Jeremy Epstein -C2 PROJECT)
Subject: Risks of misreporting risks?
The Washington Post Monday business section has a regular "shorts"
called "Digital Flubs", in which they report on interesting goofs.
Many of them appear to be culled (without attribution) from RISKS.
The June 26 edition reads as follows:
A piece of security software widely used on computer networks has
a hole in it. [CERT] said it has distributed instructions on how
to correct the problem in FreeBSD, a program created by a software
engineer in the Netherlands. In some circumstances, the hole lets
people tapping into a computer see and alter information that should
be off-limits to them. FreeBSD is an "enhancement" to S/Key, a
program that controls password access to networked computers.
S/Key itself does not have the problem.
I'm not sure what this is actually trying to say, but whatever it is, it's
wrong. FreeBSD is an operating system, not security software or an
enhancement to S/Key. FreeBSD wasn't developed by an engineer in the
Netherlands, although it's possible that S/Key was ported to FreeBSD by some
such person.
The risk is that someone might read this, think it actually describes
a weakness, and mistakenly take action (or not take action) without
knowing that the article is confused.
------------------------------
--
=========================================================================
Donald Alan Whiteside MDCC Wage Slave School of Computer Science
Official Usenet Dork for the week of Jan 9-13, 1995
GCS d-- -p+(---) l u+(-) e+ m+ s !n h f g+ w+ t+(++) r- y++
"The universe is not in the habit of giving up
explanations to cursory examinations" - Garth Thornton
=========================================================================