dente@els.ee.man.ac.uk (Colin Dente) (07/19/90)
Well - once again the bringer of bad news (actually - this has been
hinted at before).
SR10.2 has a MASSIVE security hole. In fact, that description doesn't
do justice to the scale of it. Anyone running 10.2 should 'phone
their friendly local HP response centre and ask for advice concerning
the security problem addressed by APR Nr. 455ECD30.
That's all I'm prepared to say on the matter - and I fear that this
might possibly be too much, but I think that this problem is too
serious to rely on the old security by obscurity rubbish.
Pre SR10.2 users can simulate the effects of this security hole quite
simply by writing their root password in large, luminous letters
across the front of their machines (no 8-) - not even a little one!.)
Woefully yours,
Colin
--
Colin Dente | JANET: dente@uk.ac.man.ee.els
Dept. of Electrical Engineering | ARPA: dente@els.ee.man.ac.uk
University of Manchester, UK | UUCP: ...!ukc!man.ee.els!dente
... I am the one you warned me of ...