*BSD News Article 48106


Return to BSD News archive

Path: sserve!euryale!newshost.anu.edu.au!harbinger.cc.monash.edu.au!simtel!news.sprintlink.net!EU.net!uunet!in1.uu.net!anshar.shadow.net!anshar.shadow.net!nobody
From: dwhite@anshar.shadow.net (Don Whiteside)
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: FreeBSD mention in RISKS.digest
Date: 30 Jul 1995 13:56:10 -0400
Organization: Shadow Information Services, Inc.
Lines: 55
Message-ID: <3vgh3q$o21@anshar.shadow.net>
NNTP-Posting-Host: anshar.shadow.net
X-Newsreader: TIN [version 1.2 PL2]

I don't know how many of you read comp.risks or saw the original article 
this blurb mentions, but I thought it was worth cc:ing here.

I've trimmed all the other bits out and left in just some header and the 
article in question from the RISKS digest v20.17.

Newsgroups: comp.risks
Subject: RISKS DIGEST 17.20
Message-ID: <CMM.0.90.1.806794003.risks@chiron.csl.sri.com>
Date: 26 Jul 95 21:26:43 GMT

RISKS-LIST: Risks-Forum Digest  Weds 26 July 1995  Volume 17 : Issue 20

   FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
   ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Date: Tue, 27 Jun 1995 11:34:51 -0400
From: jepstein@inetml.cordant.com (Jeremy Epstein -C2 PROJECT)
Subject: Risks of misreporting risks?


The Washington Post Monday business section has a regular "shorts"
called "Digital Flubs", in which they report on interesting goofs.
Many of them appear to be culled (without attribution) from RISKS.

The June 26 edition reads as follows:
	A piece of security software widely used on computer networks has
	a hole in it.  [CERT] said it has distributed instructions on how
	to correct the problem in FreeBSD, a program created by a software
	engineer in the Netherlands.  In some circumstances, the hole lets
	people tapping into a computer see and alter information that should
	be off-limits to them.  FreeBSD is an "enhancement" to S/Key, a
	program that controls password access to networked computers.
	S/Key itself does not have the problem.

I'm not sure what this is actually trying to say, but whatever it is, it's
wrong.  FreeBSD is an operating system, not security software or an
enhancement to S/Key.  FreeBSD wasn't developed by an engineer in the
Netherlands, although it's possible that S/Key was ported to FreeBSD by some
such person.

The risk is that someone might read this, think it actually describes
a weakness, and mistakenly take action (or not take action) without
knowing that the article is confused.

------------------------------

--
=========================================================================
 Donald Alan Whiteside     MDCC Wage Slave     School of Computer Science
         Official Usenet Dork for the week of Jan 9-13, 1995
      GCS d-- -p+(---) l u+(-) e+ m+ s !n h f g+ w+ t+(++) r- y++ 
          "The universe is not in the habit of giving up 
       explanations to cursory examinations" - Garth Thornton 
=========================================================================