From: Mark <mark@cheops.anu.edu.au>
Date: Wed, 9 Jun 93 15:20:21 PDT
To: cypherpunks@toad.com
Subject: CERT reply regarding their emails
Message-ID: <9306092220.AA15407@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Just got this:


Forwarded message:
>From mjw@cert.org Thu Jun 10 07:39:35 1993
>Message-Id: <9306092141.AA15453@shuttle.cert.org>
>To: mark@cheops.anu.edu.au
>Cc: cert@cert.org
>Subject: Re: Statement of dissatisfaction with your recent efforts 
>In-Reply-To: Your message of "Wed, 09 Jun 93 10:59:04 +1000."              <9306090100.AA11648@cert.org> 
>Date: Wed, 09 Jun 93 17:41:15 EDT
>From: Moira J West <mjw@cert.org>
>
>Hello Mark,
>        We're sorry for any misunderstandings caused by our e-mail.
>I have appended a copy of our follow-up to Berkeley on this issue.
>
>Regards
>Moira
>
>Moira J. West
>Technical Coordinator, Computer Emergency Response Team
>Software Engineering Institute
>Carnegie Mellon University
>Pittsburgh, Pa. 15213-3890
>
>Internet E-mail: cert@cert.org   (monitored during business hours)
>Telephone: (412) 268-7090        (answers 24 hour a day)
>
>----------------------------------------------------------------------
>
>We've had a lot of feedback from various sites in response to our
>e-mail to you last week referring to possible anonymous FTP abuse on
>Berkeley hosts.
>
>We are concerned at the reaction that our e-mail caused. There's
>obviously been a misunderstanding here and we wanted to follow-up with
>you on this.  There was certainly no intent on the part of CERT to
>make accusations of any sort.  We were simply trying to alert sites to
>the possibility of activity that they might have concerns about.
>
>Our letter to you was one of many which we sent out to a number of
>sites across the world in the form of an FYI of possible abuse of
>their anonymous FTP areas.  We had been receiving complaints from
>sites about wide-scale trading of commercial software on their
>writable anonymous FTP areas.  During the process of helping sites to
>secure their systems we were given copies of files left in abused
>archives which indicated lists of hosts (and in some cases
>directories) that intruders were using to trade of commercial
>software.  We chose to contact the sites so that they could check
>their systems and take any steps that they thought appropriate.
>
>There were several reasons why we didn't attempt to verify the
>information.  There were a large number of hosts involved and with the
>resources that we have available to us, it was not possible for us to
>attempt to confirm the information on each host.  In any case, we felt
>it wouldn't be sufficient to check for specific directories or
>filenames on an archive, the whole archive would need to be checked
>for writable directories and then some verification of the contents of
>those directories would need to take place.
>
>Previously, we have found that sites we contacted with this type of
>information, did find writable areas which are being abused.  In this
>case some sites found such activity on their hosts, others stated that
>the information was dated or incorrect.  In hindsight, we see that it
>would have been better for everyone concerned in this case if we had
>undertaken some initial verification of the information or issued an
>CERT advisory instead of the individual letters.
>
>As so many sites are potentially vulnerable to this activity and may
>be unaware that it exists, we've decided to put together a CERT
>advisory on the topic and hope to issue it in the near future.  
>
>We're sorry if our original e-mail didn't clearly state our intentions
>and was the cause of any misunderstandings.
>
>We'll follow-up with the various sites who have contacted us in regard
>to our original e-mail to you, by passing them a copy of this letter.
>
>Regards
>Moira
>
>Moira J. West
>Technical Coordinator, Computer Emergency Response Team
>Software Engineering Institute
>Carnegie Mellon University
>Pittsburgh, Pa. 15213-3890
>
>Internet E-mail: cert@cert.org   (monitored during business hours)
>Telephone: (412) 268-7090        (answers 24 hour a day)

-----------End of forwarded message

Mark
mark@cheops.anu.edu.au