I am killing the FoolProof thread. To many posts with to many ideas of how to get past the thing. Maybe someone will write a comprehensive article on the thing and be done with it. I am killing the tcpd -DPARANOID thread. DJB, with his usual candor, is correct in as much as the option does not stop the mentioned attack against the r-services. Nonethless, the point is fairly moot as there exist many other attacks against the same services. Repeat after me, "IP address and host name based authentication without cryptographic controls is bad". In other news, BugTraq past is 26000 subscriber some time ago. Aleph One / aleph1at_private http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:22:50 PDT