From: Christopher Wright <chrisw(--nospam--at)skypoint.com>
Date: Fri, 30 Jun 00 10:51:45 -0500
>Stuart McClure is president and CTO and Joel Scambray
>is Managing Principal at security consultant Foundstone
You want to watch out for these guys--the same people who brought us the
doomsday Y2K scenarios. Security is important, and maybe it takes a
doomsday prediction to get the PhB's out of the quarterly reports. My own
opinion is that a Maginot line strategy is no better now than in
1940--you only learn about weak points when the opposition shows up
inside. Tracking open links and insecure servers so the people who run
them can seal off the gaps makes it just that much harder for hackers to
skip from machine to machine. And it helps get spam and other rogue
accounts closed or at least identified.
I've gotten a couple of spams recently which apparently originated from
an ARPA server or one that identified itself with ARPA in the dns name.
I'm pretty much certain it was either an inadvertent open relay or a
spoofed name. Whatever secret plot ARPA is hatching, I doubt it includes
sending out ads for porn sites or organic viagra or whatever. BTW
relaying access is nothing new. Cliff Stoll's book _The Cuckoo's Egg_
outlines a similar series of attacks more than 10 years ago. Turns out it
was bug in UNIX in that case. The really interesting part wsa the
ignorance on the part of people who should have been running things.
PhB's don't change, I guess.
Christopher Wright P.E. |"They couldn't hit an elephant from
chrisw(--nospam--at)skypoint.com | this distance" (last words of Gen.
___________________________| John Sedgwick, Spotsylvania 1864)