From owner-freebsd-security  Wed Jul 22 14:06:14 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id OAA24217
          for freebsd-security-outgoing; Wed, 22 Jul 1998 14:06:14 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from mail1.its.rpi.edu (root@mail1.its.rpi.edu [128.113.100.7])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA24194
          for <security@FreeBSD.ORG>; Wed, 22 Jul 1998 14:06:09 -0700 (PDT)
          (envelope-from drosih@rpi.edu)
Received: from [128.113.24.47] (gilead.acs.rpi.edu [128.113.24.47])
	by mail1.its.rpi.edu (8.8.8/8.8.6) with ESMTP id RAA43108;
	Wed, 22 Jul 1998 17:05:49 -0400
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Sender: drosih@pop1.rpi.edu
Message-Id: <v04011700b1dbf76d45ac@[128.113.24.47]>
In-Reply-To: <Pine.BSF.3.96.980722130309.9891C-100000@sasami.jurai.net>
References: <199807221640.KAA06112@lariat.lariat.org>
Date: Wed, 22 Jul 1998 17:09:46 -0400
To: "Matthew N. Dodd" <winter@jurai.net>
From: Garance A Drosihn <drosih@rpi.edu>
Subject: Re: Why is there no info on the QPOPPER hack?
Cc: security@FreeBSD.ORG
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

At 1:17 PM -0400 7/22/98, Matthew N. Dodd wrote:
>On Wed, 22 Jul 1998, Brett Glass wrote:
>> This is Laramie, Wyoming! The person watching the system was an NT
>> expert, and Heaven knows they have to know about security. But this
>> happened so fast after first postings of exploits that there was no
>> time. And there was no CERT advisory.
>
> This is clearly the cause of your problem.  Your attempts to solve
> your administrative problem with a technical solution will only give
> you a false sense of security.
>
> Most people don't let the village idiot watch their horse for them.

This really is overly hostile.  I can sympathize with Brett, who just
got bit bad over pathetic code, a lot more than someone who is just
peeved because Brett is so worked up.  Yes, he's a bit over the top,
but at least I can understand *why* he might be.  Seems to me you
could reply at a few decibels lower volume than he's running at.

It is also not going to do anything but add fuel to a fire, and the
security list is probably already busier right now than it really
needs to be.  I can just see it now, we're going to have people
quiting the security list because it's too busy with dueling
flame-wars, and thus they'll miss the announcement of the next
security problem.


---
Garance Alistair Drosehn           =   gad@eclipse.its.rpi.edu
Senior Systems Programmer          or  drosih@rpi.edu
Rensselaer Polytechnic Institute

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message