I agree with this. However, in the Snosoft case the facts has been smeared by
all the different stories going around. I will not get into it in detail but
we have been working with HP on this for 4+ months, bending over backwards
for them to keep everything out of the eyes of the public. All
kf wanted this sent on
-sert
-- Forwarded Message --
Subject: Re: [Full-Disclosure] for the record... (Tru64 / Compaq)
Date: Wed, 31 Jul 2002 20:01:07 -0700
From: "KF" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
I can't seem to get this to bugtraq ... darn mime types keep bar
phased had some comments he wanted me to forward on to the lists in
regards to his latest exploit.
He says that skeys are used via all authentication methods... i.e telnet, so
someone could change the user to someone in the wheel group. Haven't used
skeys via ssh yet but I presume it works. R