<Chuckles>
CERT finally managed to publish a warning about the ftp bounce attack
about
12 years
after its use was initiated.....
If you are among the members of this list, you keep far more competent
company than CERT
has in its staff. Sad, but true.
Actually, I expect better from an illustrious institution. Some of
their software products are top-notch, but the folks running CERT have
such a high threshhold for trouble reports (presumably to prevent the
occasional embarrassing hoax) that an exploit affecting all versions of
IIS running on Windows NT through SP5 (remote administrator
status) known since MARCH, has not yet reached reportability. To see
it, go here:
http://www.eeye.com/database/advisories/ad06081999/ad06081999.html
Normally, by the time a linux issue is reported, it has long been
solved.
If you would like a real scare, visit http://www.insecure.org. You may
never want to play Quake over the internet again. Most of the exploits
there are close to two years old and many of them still work.
Civileme
ibi wrote:
> Hello,
>
> I just received a CERT advisory warning about security issues with
> AMD-Daemon, WU-FTPD and others:
> http://www.cert.org/summaries/CS-99-04.html
>
> Pj
> [EMAIL PROTECTED]
