Date: Mon, 20 Jul 1998 11:28:33 -0500 (CDT) From: "Gentry A. Bieker" <gbieker@crown.NET> To: security@FreeBSD.ORG Subject: Re: Why is there no info on the QPOPPER hack? Message-ID: <Pine.LNX.3.95.980720112509.22645A-100000@pfunk.crown.net> In-Reply-To: <Pine.SOL.4.00.9807191434410.28070-100000@fs3.ny.genx.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Sun, 19 Jul 1998, Brett Glass wrote: > > > Our system has been penetrated via a buffer overflow exploit in Qualcomm's > > QPOPPER, as obtained from the FreeBSD ports library. But there's no > > advisory about this on FreeBSD's site.... In fact, we learned of the > > exploit only because the cracker was sloppy. > > > > We need advice on resecuring the system and preventing future incidents of > > this kind. CERT has been utterly unresponsive; they seem to have ignored > > our two e-mails asking for help. Any help we can get from members of the > > FreeBSD community would be MUCH appreciated. > > > > --Brett Glass > > Exactly what are you thinking here. In almost EVERY email that I recieved from the security mailinglists at freebsd, and in almost every isp-* mailinglist I subscribe to, it was at least every other message "QPOPPER this, QPOPPER that". You can't expect your system to be automaticly secure. It just won't happen. The CERT isn't there to maintain your systems, YOU are... You don't expect all of your software to automaticly upgrade for you, do you? Then why expect a secure system with little or no effort. ------------------------------------------------------------------------ -[ Gentry A. Bieker ]---------[ 6300 Melton Rd. ]-------- -[ Systems Administrator ]---------[ Portage, Indiana 46368 ]-------- -[ Crown.Net, Inc. ]---------[ Phone: (219)762-1431 ]-------- -[ gbieker@crown.net ]---------[ Fax: (219)762-0917 ]-------- ------------------------------------------------------------------------ ----[ All Unsolicited Commercial E-Mail Sent to this address may be ]--- -----[ subjected to a reading and archival fee not less than $500 ]----- ------------------------------------------------------------------------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.3.95.980720112509.22645A-100000>