Re: a holiday gift from Robert "wormer" Morris


Don Ferencz (cwjcc!cwsys3!ferencz@tut.cis.ohio-state.edu)
7 Nov 88 15:55:05 GMT


In article <24@jove.dec.com> vixie@decwrl.dec.com (Paul Vixie) writes:
>
>I've known about it for a long time. I thought it was common knowledge
>and that the Internet was just a darned polite place. (I think it _was_
>common knowledge among the people who like to diddle the sendmail source.)
>
>The bug in fingerd was a big surprise, though. Overwriting a stack frame
>on a remote machine with executable code is One Very Neat Trick.

I wasn't aware of these tricks, but I find them interesting now, knowing
what security hazards they pose. Is there some place interested
[sick, twisted] individuals like me could get more information on
Morris' handiwork? It would be a benefit from a security aspect. I also
realize that presenting such information could be considered another
risk, perhaps "inviting" someone else to subject us to the same
peril (although most of the net is now "immunized" against this
particular virus).

===========================================================================
| Don Ferencz | "And in the end/ |
| ferencz@cwsys3.cwru.EDU | The love you take/ |
| Department of Systems Engineering | Is equal to the love you make." |
| Case Western Reserve University | -- The Beatles |
===========================================================================



This archive was generated by hypermail 2.0b3 on Thu Mar 09 2000 - 14:44:29 GMT