Home page logo
/

bugtraq logo Bugtraq mailing list archives

More on the Java holes
From: gem () RSTCORP COM (Gary McGraw)
Date: Fri, 28 Feb 1997 16:56:04 -0500


This will be a bit of "yadda yadda" for bugtraq folk, but
whatever.

My posting from yesterday did not place proper emphasis on just how
dangerous port scanning can be.  Just for the record, port scanning is
*very bad* since you might be able to discover things like weak
sendmails listening on port 25.

Microsoft considered the second attack enough of a problem to release
a patch.  MSIE users should go get it.  Major Malfunction and Ben
Laurie have performed a valuable service in helping to educate Web
users of the risks of executable content.  My posting is not meant to
discredit their work, just to nip any hysteria in the bud by trying to
explain what they have done clearly.

                                Gary McGraw
*------------------------------------------------------------------*
|  Dr. Gary McGraw      gem () rstcorp com   |              (__)      |
|-----------------------------------------|              (oo)      |
|  Research Scientist                     |       /-------\/       |
|  Reliable Software Technologies (RST)   |      / |     ||        |
|  Sterling, VA                           |     *  ||----||        |
|  <http://www.rstcorp.com/~gem>          |        ^^    ^^        |
*------------------------------------------------------------------*



  By Date           By Thread  

Current thread:
  • More on the Java holes Gary McGraw (Feb 28)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]