From owner-freebsd-security Fri Dec 1 4: 3:22 2000 Delivered-To: freebsd-security@freebsd.org Received: from winston.osd.bsdi.com (winston.osd.bsdi.com [204.216.27.229]) by hub.freebsd.org (Postfix) with ESMTP id 6EBF937B400 for ; Fri, 1 Dec 2000 04:03:19 -0800 (PST) Received: from winston.osd.bsdi.com (jkh@localhost [127.0.0.1]) by winston.osd.bsdi.com (8.11.1/8.11.1) with ESMTP id eB1C32M34608; Fri, 1 Dec 2000 04:03:06 -0800 (PST) (envelope-from jkh@winston.osd.bsdi.com) To: Nevermind Cc: freebsd-security@FreeBSD.ORG Subject: Re: Important!! Vulnerability in standard ftpd In-Reply-To: Message from Nevermind of "Fri, 01 Dec 2000 12:21:24 +0200." <20001201122124.H2185@nevermind.kiev.ua> Date: Fri, 01 Dec 2000 04:03:02 -0800 Message-ID: <34604.975672182@winston.osd.bsdi.com> From: Jordan Hubbard Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > It is ttyp* and ttyv* sniffer, logger, password cracker. > Please, check it out! These are the kinds of "reports" we can actually do without because all they do is alarm people without actually informing them of anything. You make some vague reference to a tool but don't provide any information on where to get it, you make vague reference to a hack but don't give any details on how you confirmed it or the evidence you gathered, all you're essentially doing is making unsupported assertions which are basically difficult or impossible to verify. In short, if you're going to send messages with subject lines like "Important!! Vulnerability in XXX" at all, we expect you to follow some very basic common-sense guidelines for doing advance research and presentating sufficient evidence for your claims. If you are unable to meet that criteria, do not send such messages. It is very simple. - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message