Return to BSD News archive
Path: sserve!euryale!newshost.anu.edu.au!harbinger.cc.monash.edu.au!simtel!news.sprintlink.net!EU.net!uunet!in1.uu.net!anshar.shadow.net!anshar.shadow.net!nobody From: dwhite@anshar.shadow.net (Don Whiteside) Newsgroups: comp.unix.bsd.freebsd.misc Subject: FreeBSD mention in RISKS.digest Date: 30 Jul 1995 13:56:10 -0400 Organization: Shadow Information Services, Inc. Lines: 55 Message-ID: <3vgh3q$o21@anshar.shadow.net> NNTP-Posting-Host: anshar.shadow.net X-Newsreader: TIN [version 1.2 PL2] I don't know how many of you read comp.risks or saw the original article this blurb mentions, but I thought it was worth cc:ing here. I've trimmed all the other bits out and left in just some header and the article in question from the RISKS digest v20.17. Newsgroups: comp.risks Subject: RISKS DIGEST 17.20 Message-ID: <CMM.0.90.1.806794003.risks@chiron.csl.sri.com> Date: 26 Jul 95 21:26:43 GMT RISKS-LIST: Risks-Forum Digest Weds 26 July 1995 Volume 17 : Issue 20 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Date: Tue, 27 Jun 1995 11:34:51 -0400 From: jepstein@inetml.cordant.com (Jeremy Epstein -C2 PROJECT) Subject: Risks of misreporting risks? The Washington Post Monday business section has a regular "shorts" called "Digital Flubs", in which they report on interesting goofs. Many of them appear to be culled (without attribution) from RISKS. The June 26 edition reads as follows: A piece of security software widely used on computer networks has a hole in it. [CERT] said it has distributed instructions on how to correct the problem in FreeBSD, a program created by a software engineer in the Netherlands. In some circumstances, the hole lets people tapping into a computer see and alter information that should be off-limits to them. FreeBSD is an "enhancement" to S/Key, a program that controls password access to networked computers. S/Key itself does not have the problem. I'm not sure what this is actually trying to say, but whatever it is, it's wrong. FreeBSD is an operating system, not security software or an enhancement to S/Key. FreeBSD wasn't developed by an engineer in the Netherlands, although it's possible that S/Key was ported to FreeBSD by some such person. The risk is that someone might read this, think it actually describes a weakness, and mistakenly take action (or not take action) without knowing that the article is confused. ------------------------------ -- ========================================================================= Donald Alan Whiteside MDCC Wage Slave School of Computer Science Official Usenet Dork for the week of Jan 9-13, 1995 GCS d-- -p+(---) l u+(-) e+ m+ s !n h f g+ w+ t+(++) r- y++ "The universe is not in the habit of giving up explanations to cursory examinations" - Garth Thornton =========================================================================