moore%cdr.utah.edu@wasatch.UUCP (Tim Moore) (11/14/88)
How many references have people seen to the fingerd bug in the press?
I've only seen one article in a newspaper that mentioned it: the
Boston Globe, Sunday Nov. 6, mentioned a bug in a "Fingerdaemon"
program, but never gave more details on the nature of the bug.
I guess the news media thought the public wouldn't understand what a
finger program was, let alone how that program was vulnerable. Too
bad, it seems that exploiting fingerd represents a much more subtle
and clever piece of cracking than turning on DEBUG mode in sendmail does.
Note that I am not saying a "good" piece of cracking.
-Tim Moore
4560 M.E.B. internet:moore@cs.utah.edu
University of Utah ABUSENET:{ut-sally,hplabs}!utah-cs!moore
Salt Lake City, UT 84112rang@cpsin3.cps.msu.edu (Anton Rang) (11/14/88)
In article <545@wasatch.uucp>, Tim Moore (moore@cdr.utah.edu) writes: >How many references have people seen to the fingerd bug in the press? >I've only seen one article in a newspaper that mentioned it: the >Boston Globe, Sunday Nov. 6, mentioned a bug in a "Fingerdaemon" >program, but never gave more details on the nature of the bug. The program All Things Considered ran on Thursday (11/10?) mentioned it, and described both the operation of 'finger' and the nature of the bug (an overflow condition) in some detail (a little dramatized, but...). Just goes to show you public radio's still the best. +---------------------------+------------------------+----------------------+ | Anton Rang (grad student) | "UNIX: Just Say No!" | "Do worry...be SAD!" | | Michigan State University | rang@cpswh.cps.msu.edu | | +---------------------------+------------------------+----------------------+