From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 27 Aug 1996 16:54:56 +0800
To: cypherpunks@toad.com
Subject: Re: Hackers invade DOJ web site
Message-ID: <199608270627.XAA02547@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:35 PM 8/20/96 -0700, some anonym remailer user wrote:
>All webservers (except maybe Spinner?) are riddled with buffer overrun
>bugs and other similar security holes.  If you run a webserver, you
>should basically assume that anyone who really wants a shell on your
>machine can get one.  Grab your favorite webserver and grep for
>sprintf.

Fred Cohen put out an 80-line-C GET-only HTTP server which is
short enough to verify that it doesn't have security bugs
like memory leaks, etc.  It's not blazingly fast,
and all it does is server pages, but it's clean.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Reassign Authority!