From owner-freebsd-security Sun Mar 21 1: 3:21 1999 Delivered-To: freebsd-security@freebsd.org Received: from ncc1701.cell2000.net (ncc1701.cell2000.net [206.228.197.5]) by hub.freebsd.org (Postfix) with SMTP id ABB0D150AE for ; Sun, 21 Mar 1999 01:03:14 -0800 (PST) (envelope-from steve@cell2000.net) Received: from pandora-s-box [206.228.196.160] by ncc1701.cell2000.net (SMTPD32-4.06) id A565A90E01F4; Sun, 21 Mar 1999 01:01:25 PDT Message-ID: <000a01be7379$6e98b050$a0c4e4ce@pandora-s-box.cell2000.net> Reply-To: "Steven Alexander" From: "Steven Alexander" To: Cc: Subject: Re: question about e-bay breakin last week Date: Sun, 21 Mar 1999 01:01:38 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.5 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I honestly wonder how accurate the Forbes article is. I don't think it's too bright to talk to journalists after hacking several major sites. At any rate, there are still many undiscovered buffer overflows in most OS's and freebsd is not immune. I wouldn't doubt that somebody wrote an exploit for an as of yet undiscovered(publicly) one. my $.02 -steven -----Original Message----- From: mike@seidata.com To: Steven Grady Cc: freebsd-security@FreeBSD.ORG Date: Saturday, March 20, 1999 11:17 PM Subject: Re: question about e-bay breakin last week >On Sun, 21 Mar 1999, Steven Grady wrote: > >> According to the story, the cracker who got into e-Bay last week got >> in via FreeBSD. Does anyone know anything more about this? > >Does anyone else think the story sounds a bit fishy? The 'hacker' >mentions little more than well-known 'hacking cliches', and the >'proof' that is mentioned (a bogus page placed on one of Ebay's web >servers) could have just as easily been accomplished by spoofed DNS. > >*shrug* > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message