Subject: | |
From: | |
Reply To: | |
Date: | Mon, 10 Jun 1996 14:17:17 -0400 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
In response to the various posts suggesting that public discussion of this
delicate topic is innappropriate, I must respectfully disagree - for the
following reasons:
1. I'm sure the customer who had experienced the failure - after which I had
determined the offending program through dump analysis - wished that he had
known about the problem BEFORE it happened. I hope that others who read my
earlier post will benefit from that knowledge. The bottom line is that I
believe the benefits of this post far outweigh the potential harm.
2. I believe the originator of the question is an HP employee. He wanted to
know how to bring the system down in a controlled environment. For the
method I recommended to be used malicously, it would be necessary for a
devious individual to "sneak" the program into a group possessing PM
capability - something that should not be trivial - assuming the program can
be easily obtained. This is not a realistic assuption.
3. Security which depends upon ignorance is false security. Far better to be
aware of security risks instead of burying one's head in the sand hoping no
one finds ways to circumvent them.
Anyway, my $0.02 worth.
-----------------------------------------------------------------------------
Gilles Schipper Voice: 905/889-3000
GSA Inc. Fax: 905/889-3001
300 John Street, Box 87651 Internet: [log in to unmask]
Thornhill, ON Canada L3T 7R4 Compuserve: 71203,474
-----------------------------------------------------------------------------
|
|
|