Date: Tue, 21 Jul 1998 14:22:18 -0700 (PDT) From: Ben <spy@tyr.office.efn.org> To: Brett Glass <brett@lariat.org> Cc: Jeremy Shaffner <jer@jorsm.com>, security@FreeBSD.ORG Subject: Re: Why is there no info on the QPOPPER hack? Message-ID: <Pine.BSF.3.96.980721141904.12932A-100000@Tyr.office.EFN.org> In-Reply-To: <199807211928.NAA15499@lariat.lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 21 Jul 1998, Brett Glass wrote: > >How does "have been potentially" work? > > It means they're wide open and ready to be hacked. NOW. > > >Pardon my ignorance, since I haven't used CVS, but isn't that what the > >"ports" are? A skeleton with the necessary patches and a Makefile that > >fetches the distfile if you don't already have it? Like I said before, > >Jordan had an updated -stable port the same day. > > New holes are still being found in Qualcomm's THIRD update. Due to the large cpu usage, and the disk space needed on large production machines for /var/pop when qpopper copies over the users mail spool, we went to using cucipop. You might try this too, it uses about 30% less cpu, and doesn't have these exploits(yet? I haven't looked through it's code) -> ftp://ftp.informatik.rwth-aachen.de/pub/packages/cucipop/ > > >And if you get that new > >port by downloading it manually, or by letting CVSup do it > >"Automagically" does it really matter? It's the same either way. > > Not if you don't get word before you're hit. The only way to be truly secure is to stay on top of things. Why wasn't someone else filling in for you during your vacation? > --Brett -ben@efn.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980721141904.12932A-100000>