Yep. I am sorry too, for all the people who got damaged within those 17 hours. But I still hold the opinion that my path was correct. Talking to people around me I found that my way of thinking is hard to follow. That is why I want now to make clear points on that. 1. The hole was SUPER-EASY to find. Any responsible sysadmin looks time by time for processes listening on ports. And first telnet into that port (with all of its verbosity) made the problem very clean. Now (major): how did it came that nobody in world found it within 3 months? And (minor): nobody in Cygnus found it in stages of deep software testing Cygnus products are hopefully going trough. There is NO reasonable anwser for me (apart from ones in sci-fi or global paranoia domain). I think it is wider problem than just a security hole in a program. If anyone could explain, I'd be thankful. Otherways the answer is: "kill the internet" or similar out of the band one. 2. Cygnus is in central position in software industry and egcs+gcc users base is a way greater than SN users base. 3. I had my very own right to be paranoid. I used it and I will use it in future in similar cases. Peace, anyway. Elmer Joandi AS Cybernetica, http://www.cyber.ee/ http://www.ut.ee/~elmer_j/
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:53:39 PDT