moore%cdr.utah.edu@wasatch.UUCP (Tim Moore) (11/14/88)
How many references have people seen to the fingerd bug in the press? I've only seen one article in a newspaper that mentioned it: the Boston Globe, Sunday Nov. 6, mentioned a bug in a "Fingerdaemon" program, but never gave more details on the nature of the bug. I guess the news media thought the public wouldn't understand what a finger program was, let alone how that program was vulnerable. Too bad, it seems that exploiting fingerd represents a much more subtle and clever piece of cracking than turning on DEBUG mode in sendmail does. Note that I am not saying a "good" piece of cracking. -Tim Moore 4560 M.E.B. internet:moore@cs.utah.edu University of Utah ABUSENET:{ut-sally,hplabs}!utah-cs!moore Salt Lake City, UT 84112
rang@cpsin3.cps.msu.edu (Anton Rang) (11/14/88)
In article <545@wasatch.uucp>, Tim Moore (moore@cdr.utah.edu) writes: >How many references have people seen to the fingerd bug in the press? >I've only seen one article in a newspaper that mentioned it: the >Boston Globe, Sunday Nov. 6, mentioned a bug in a "Fingerdaemon" >program, but never gave more details on the nature of the bug. The program All Things Considered ran on Thursday (11/10?) mentioned it, and described both the operation of 'finger' and the nature of the bug (an overflow condition) in some detail (a little dramatized, but...). Just goes to show you public radio's still the best. +---------------------------+------------------------+----------------------+ | Anton Rang (grad student) | "UNIX: Just Say No!" | "Do worry...be SAD!" | | Michigan State University | rang@cpswh.cps.msu.edu | | +---------------------------+------------------------+----------------------+