[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
CERT reply regarding their emails
Just got this:
Forwarded message:
>From [email protected] Thu Jun 10 07:39:35 1993
>Message-Id: <[email protected]>
>To: [email protected]
>Cc: [email protected]
>Subject: Re: Statement of dissatisfaction with your recent efforts
>In-Reply-To: Your message of "Wed, 09 Jun 93 10:59:04 +1000." <[email protected]>
>Date: Wed, 09 Jun 93 17:41:15 EDT
>From: Moira J West <[email protected]>
>
>Hello Mark,
> We're sorry for any misunderstandings caused by our e-mail.
>I have appended a copy of our follow-up to Berkeley on this issue.
>
>Regards
>Moira
>
>Moira J. West
>Technical Coordinator, Computer Emergency Response Team
>Software Engineering Institute
>Carnegie Mellon University
>Pittsburgh, Pa. 15213-3890
>
>Internet E-mail: [email protected] (monitored during business hours)
>Telephone: (412) 268-7090 (answers 24 hour a day)
>
>----------------------------------------------------------------------
>
>We've had a lot of feedback from various sites in response to our
>e-mail to you last week referring to possible anonymous FTP abuse on
>Berkeley hosts.
>
>We are concerned at the reaction that our e-mail caused. There's
>obviously been a misunderstanding here and we wanted to follow-up with
>you on this. There was certainly no intent on the part of CERT to
>make accusations of any sort. We were simply trying to alert sites to
>the possibility of activity that they might have concerns about.
>
>Our letter to you was one of many which we sent out to a number of
>sites across the world in the form of an FYI of possible abuse of
>their anonymous FTP areas. We had been receiving complaints from
>sites about wide-scale trading of commercial software on their
>writable anonymous FTP areas. During the process of helping sites to
>secure their systems we were given copies of files left in abused
>archives which indicated lists of hosts (and in some cases
>directories) that intruders were using to trade of commercial
>software. We chose to contact the sites so that they could check
>their systems and take any steps that they thought appropriate.
>
>There were several reasons why we didn't attempt to verify the
>information. There were a large number of hosts involved and with the
>resources that we have available to us, it was not possible for us to
>attempt to confirm the information on each host. In any case, we felt
>it wouldn't be sufficient to check for specific directories or
>filenames on an archive, the whole archive would need to be checked
>for writable directories and then some verification of the contents of
>those directories would need to take place.
>
>Previously, we have found that sites we contacted with this type of
>information, did find writable areas which are being abused. In this
>case some sites found such activity on their hosts, others stated that
>the information was dated or incorrect. In hindsight, we see that it
>would have been better for everyone concerned in this case if we had
>undertaken some initial verification of the information or issued an
>CERT advisory instead of the individual letters.
>
>As so many sites are potentially vulnerable to this activity and may
>be unaware that it exists, we've decided to put together a CERT
>advisory on the topic and hope to issue it in the near future.
>
>We're sorry if our original e-mail didn't clearly state our intentions
>and was the cause of any misunderstandings.
>
>We'll follow-up with the various sites who have contacted us in regard
>to our original e-mail to you, by passing them a copy of this letter.
>
>Regards
>Moira
>
>Moira J. West
>Technical Coordinator, Computer Emergency Response Team
>Software Engineering Institute
>Carnegie Mellon University
>Pittsburgh, Pa. 15213-3890
>
>Internet E-mail: [email protected] (monitored during business hours)
>Telephone: (412) 268-7090 (answers 24 hour a day)
-----------End of forwarded message
Mark
[email protected]