Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sendmail Bug Tests US Dept Homeland Security

Posted by CmdrTaco on from the not-to-mention-sysadmins-everywhere dept.

yanestra writes "CNET reports that the reported Sendmail bug has been a test for the US Department of Homeland Security which seems to have managed information flow in this case."

5 of 293 comments (clear)

  1. bugs by mschoolbus · · Score: 1, Troll

    I have heard that sendmail is the most complicated program ever developed, is this true in any way? Sendmail can do a lot and there are a frequent amount of security issues, most of which get fixed very timely, but it has to be better than exchange, isn't it?

  2. keeping it secret by sublime99 · · Score: 1, Troll

    i don't see how the US government can even think of taking credit for this patch. From what I have read about it, it has been around since circa. 1987.
    Giving Sendmail Inc. the proper "mask" so terrorists wouldn't find this problem is ridicilious. Anyone can look through the source and find these exploits if they do exist. Just DHS got to it first.
    Scares me that they are running Sendmail though on their mail servers, since it has more holes then a wiffle ball and they are suppose to be about security and defense.
    waiting for the day...

    Caption: "Soldier send an email to the liuetent"
    Soldier: "I can't sir I am getting terrorist spam....scary looking at a naked bin laden....ewwwww"
    Caption: "mmmmm spam!"

  3. An Impressive Debut by Hanashi · · Score: 2, Troll
    IMHO, this was the best-managed vulnerability disclosure in recent years. I read the release pretty early on, and vendor patches were already available! Wow!

    Although there have been a few grumblings, it looks like there are a lot of others who feel the same way I do: it's perfectly OK to have a short lag time between vulnerability discovery and disclosure, as long as the Baddies don't start taking advantage of the situation before the patches are available. In this case, I read that the lag time was about 2 weeks, which seems perfectly reasonable.

    Kudos to all involved!

    --
    Check out my eclectic infosec blog at InfoSecPotpou
  4. sensationalist by SCHecklerX · · Score: 1, Troll
    Dropping the 'terrorism' buzzword again, I see. There is no such thing as 'cyber' terrorism. Even Taking out the whole damned Internet does not equal the TERROR of torturing and killing even ONE human being.

    You want to accuse someone of 'cyberterrorism?' How about the RIAA, the MPAA, or those who passed the DMCA?

    Yes, the handling of this vulnerability was a good joint effort between ISS and the DHS. No, it wasn't anything spectacular. Maybe the DHS will be able to put pressure on our favorite monopoly to 'unenable' some of their terribly insecure features.

  5. As if Ridge and by Archfeld · · Score: 0, Troll

    the HomeLand Defense Force Faciscts HAD ANYTHING to do with this...What a bunch of crap. Is there ANYTHING a politician WON'T claim credit for ?
    Can we hope that lightening will strike the other Bush and the rest of his inbred southern cabinet ? Please GOD PLEASE....

    --
    errr....umm...*whooosh* *whoosh* Is this thing on ?