Market value of VAX 4000-96 - Re: Can anyone explain this to me ?

On Nov 5, 2011, at 5:42 PM, leaknoil wrote: OK, I became uninterested in internet pissing contests when I finished puberty, but this is low hanging fruit. Sorry. So 2 of 9 vulnerabilities are unpatched? Let's take a look at those. Number 1: There's an unpatched bug in the finger client. Great. I guess all those VMS users out there are going to have to stop fingering people they don't know (which, in a different sense, is probably a good idea). Proposed solution: "Do not run the finger client against untrusted finger servers." Let's not forget how often the finger dameons AND clients had security vulnerabilities on Linux (hint: it's more than once in my memory, which on this topic doesn't even extend to when VMS 5 was a current product). Let's also not forget that this isn't a hole in a network-exposed service, it's a client bug for a program that has to be run from the command line by a user. Number 2: The POP mail server allows you to discover usernames and doesn't use the OS' built-in intrusion detection to prevent brute force attacks. Neither of these are great, and the first one probably ought to have been patched, but neither of them are really holes so much as poor practices. It's not like they're buffer overflows. Side note: calling someone you've never met (I assume) a "fat hick" and then giving Theo deRaadt a pass on his asinine behavior isn't likely to earn you points in civilized circles. Most of us grew out of that kind of thing a decade or more ago. Come back when your acne clears up. - Dave