From: rthomas@pamd.cig.mot.com (Robert Owen Thomas)
Date: Wed, 4 Oct 95 07:50:54 PDT
To: Christian Wettergren <cwe@it.kth.se>
Subject: Re: Netscape hole without .Xauthority (fwd)
In-Reply-To: <199510041102.MAA17689@piraya.electrum.kth.se>
Message-ID: <9510040947.ZM16462@pamd.cig.mot.com>
MIME-Version: 1.0
Content-Type: text/plain


good points, Christian!

more and more, networks are becoming flooded with X traffic.  although X
has always been known to be a potential security hole, i think X-attacks
are going to increase dramatically in the coming months.

i commonly hear of sights with Xauthority enabled, only to have the user
community type "xhost +" at the prompt.  bad karma.  the days of pumping
rude & crass noises to someone else's workstation will soon graduate to
more nefarious and insidious attacks.

is anyone looking into a means of securing X (above and beyond the current
weak solutions)?

regards,
--robert
--

o  robert owen thomas: unix consultant. cymro ydw i. user scratching post.  o
o       e-mail: Robert.Thomas@pamd.cig.mot.com --or-- robt@cymru.com        o
o               vox:  708.435.7076   fax:  708.435.7360                     o
o        "When I die, I want to go sleeping like my grandfather...          o
o              Not screaming like the passengers in his car."               o