Posting easily-exploited security holes

[John Chambers]

In article <63...@ncoast.UUCP>, all...@ncoast.UUCP (Brandon Allbery) writes:
>
> Wonderful idea, by the way -- don't you get a warm glow from having posted
> an easily-exploited security hole to the Net? Please be more circumspect
> next time.

No, no, no!!! I get real exasperated by all the people who think that
system managers (like me) should be kept in the dark about security holes.
I want to hear all about them. How the @#$^% do you think I can plug
them, if I don't learn about them? Huh?

A couple weeks ago, I startled some folks around where I'm working now
by typing six chars on a logged-in terminal, and getting a super-user
prompt. It was the first time I'd ever typed anything at that machine.

I then explained to the machine's manager (who was watching, horrified)
just what they were doing wrong. I got a few points from that one. The
method I used was mentioned in unix.wizards a couple years back. I would
like to hear some more good ways of earning points.....

--
John Chambers <{adelie,ima,maynard,mit-eddie}!minya!{jc,root}> (617/484-6393)