[RC5] My impatient cohorts

Roy Wilson emperor at slic.com
Mon Mar 16 00:55:22 EST 1998


On Sun, 15 Mar 1998 23:39:13 -0600 (CST), Joe Zbiciak wrote:

>| 	That isn't scuttlebutt - it's a serious security hole.  13-15 place
>| "names" of bogus websites will cause the condition.
>
>I didn't mean to make it sound like it should be ignored.  Given that
>Winsock 2.0 is in Win98, and that Microsoft is really pushing to get
>that stable, I think a patch for this bug should be available pretty
>soon.  (Although I hear the bug isn't really directly in Winsock 2.0,
>and that Win98 may not be vulnerable.  I take such reports with a grain
>of salt, pepper, and other choice spices. ;-)

	M$ software is riddled with security holes (and outright bugs). 
The problem is that it's all the 8/16b legacy code they've got in it.  It's
not going to be fixed without a ground-up approach, and I don't foresee M$
doing anything more than they are now about the problems - ignore them
until enough people yell, then issue a patch that will work on machines
built during lunchtime on prime-numbered Thursdays.

	If you've applied the M$ patches against Tear, NewTear, and
Teardrop2, you aren't protected against them.  The patches listen on port
4000 for the dummy initiator packet.  That's *it*.  Change the packet
channel and you zip right past it.  Sun and a couple of the Linux systems
put out patches that *work*, simply by preventing the flood condition.

	BTW, don't use the M$ patch I mention above if you're on ICQ - Port
4000 is the one ICQ uses.



Roy Wilson <emperor at slic.com> <ICQ 8094267>
Lat: 44.850959 Lon: -74.40286 [+/- 6']



--
To unsubscribe, send 'unsubscribe rc5' to majordomo at lists.distributed.net
rc5-digest subscribers replace rc5 with rc5-digest



More information about the rc5 mailing list