From: smb@research.att.com
Date: Fri, 8 Oct 93 04:59:24 PDT
To: Stanton McCandlish <mech@eff.org>
Subject: Re: that internet security scanner
Message-ID: <9310081157.AA25996@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


	 anyone actually seen that thing? (to refresh: CERT posted some warning
	 about a security scanner for Internet systems that might be the evil
	 work of themthere hackers so you just better delete it, etc etc.)  

CERT isn't that stupid.  What they said was that ISS has been posted,
and that it was likely that some folks would try to use it to break
into various systems.  Do you disagree with that statement? They also
said that you should consider running it yourself, so that you can
close the holes first.  They even gave the pointer to the directory on
UUNET where it's stored.  What good would it possibly do to delete it
on your own machine, when many thousands of other machines around the
world have copies?  Again -- CERT isn't stupid.


		--Steve Bellovin