(mobile-ip 732) New List on Computer/Telephone Problems/Bugs/Viruses/Dangers
Paul Robinson <PAUL@tdr.com> Fri, 11 February 1994 19:38 UTC
Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa05294; 11 Feb 94 14:38 EST
Received: from CNRI.RESTON.VA.US by IETF.CNRI.Reston.VA.US id aa05290; 11 Feb 94 14:38 EST
Received: from rara.ossi.com by CNRI.Reston.VA.US id aa11645; 11 Feb 94 14:37 EST
Received: from localhost (daemon@localhost) by rara.ossi.com (8.6.6.Beta1/8.6.6.Beta1) id LAA26787 for mobile-ip-dist; Fri, 11 Feb 1994 11:32:04 -0800
Reply-To: mobile-ip@ossi.com
Received: from access1.digex.net (access1.digex.net [164.109.10.3]) by rara.ossi.com (8.6.6.Beta1/8.6.6.Beta1) with SMTP id LAA26625 for <mobile-ip@ossi.com>; Fri, 11 Feb 1994 11:21:40 -0800
Received: by access1.digex.net id AA26871 (5.67a8/IDA-1.5 for Mobile IP list <mobile-ip@ossi.com>); Fri, 11 Feb 1994 13:39:56 -0500
Newsgroups: tdr.paul.private.mail
Date: Fri, 11 Feb 1994 13:38:11 -0500
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Paul Robinson <PAUL@tdr.com>
Subject: (mobile-ip 732) New List on Computer/Telephone Problems/Bugs/Viruses/Dangers
To: Everyone Lurking on Com-Priv <com-priv@psi.com>, Risks in computing <RISKS@csl.sri.com>, Comp Privacy <COMP-PRIVACY@uwm.edu>, IETF List <ietf@CNRI.Reston.VA.US>, "Newsgroup alt.Internet.services" <alt.internet.services.usenet@decwrl.dec.com>, "Info-Vax list & comp.os.vms" <info-vax@crvax.sri.com>, IBM Mainframe <IBM-MAIN@ricevm1.rice.edu>, Ethics in Computing <ETHICS-L@vm.gmd.de>, Ethics in Software Engineering <ETHCSE-L@utkvm1.bitnet>, telecom@delta.eecs.nwu.edu, new-list@pucc.princeton.edu, Cellular List <cellular@slcdec.dfv.rwth-aachen.de>, My Account <TDARCOS@mcimail.com>, Mobile IP list <mobile-ip@ossi.com>, OPERS-L@vm1.cc.uakron.edu
Message-Id: <01.1994Feb11.12h56m23s.PAUL-c100000@TDR.COM>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; CHARSET="US-ASCII"
X-Orig-Sender: owner-mobile-ip@ossi.com
From: Paul Robinson <PAUL@TDR.COM> Organization: Tansin A. Darcos & Company, Silver Spring, MD USA ----- This is to announce the creation of a list for the public disclosure of bugs, system problems, viruses, and any other conditions in a computer system that people should be aware of so they can fix the problem. It is also appropriate to report security holes, dangerous conditions in PBXs, cellular and wire telephone systems, and other computer-controlled devices. Also reports of things such as default accounts and passwords on systems that should be changed, etc. The focus will be on reporting clear descriptions of problems including how to generate them. The idea being that this will alert people to the nature of certain problems that they might be unaware of. Reproducing these conditions lets others know what is being done, and can allow people to post solutions on how to block them. The purpose in creating this list is that currently, the only means currently available for reporting discovered security holes in computer systems and possibly other areas is via the Computer Emergency Research Team (CERT) out of Carnegie Mellon University. The problem with CERT reporting is that the reports generally tend to be done in secrecy, and it fails to let system administrators and others know about what is happening so that these things can be fixed. In short, CERT acts like a black hole and takes too long to publicize problems until lots of places get hit because they didn't know about it. Some people feel that reports should not be publicized because potential reports might become available to "the bad guys." Well, the truth of the matter is that "the bad guys" trade their discoveries around all the time; the current use of secrecy is only hurting "the good guys" who want to protect their systems. This list has just been created, and pending creation of an automated processor will be temporarily moderated since my current equipment does not yet tell me what address the message is sent to. This will be changed in the next two weeks. There will, however, be two addresses. The general list will be PROBLEMS@TDR.COM which is used to post a report to the list. To subscribe to the list, use PROBLEMS-REQUEST@TDR.COM Currently, both addresses are moderated. This will change shortly as I upgrade the software on my system. Persons wishing to make a report but not be identified should state so in the text of their message. In the future, they will do so by using the -request address which will come to me directly. Persons wanting to receive this service by facsimile should contact me for details. All messages requesting subscriptions or posting information will be acknowledged. Please pass this announcement around. It is my intent to set this up such that people can publicly report known bugs, viruses and problems in clear detail so everyone knows about them and can encourage much faster response to these problems than is currently available. It may even embarass some manufacturers into making fixes sooner when their errors are glaringly exposed in public. --- Paul Robinson - Paul@TDR.COM ----- The following Automatic Fortune Cookie was selected only for this message: Never call a man a fool; borrow from him.
- (mobile-ip 732) New List on Computer/Telephone Pr… Paul Robinson