Just got this: Forwarded message:
From mjw@cert.org Thu Jun 10 07:39:35 1993 Message-Id: <9306092141.AA15453@shuttle.cert.org> To: mark@cheops.anu.edu.au Cc: cert@cert.org Subject: Re: Statement of dissatisfaction with your recent efforts In-Reply-To: Your message of "Wed, 09 Jun 93 10:59:04 +1000." <9306090100.AA11648@cert.org> Date: Wed, 09 Jun 93 17:41:15 EDT From: Moira J West <mjw@cert.org>
Hello Mark, We're sorry for any misunderstandings caused by our e-mail. I have appended a copy of our follow-up to Berkeley on this issue.
Regards Moira
Moira J. West Technical Coordinator, Computer Emergency Response Team Software Engineering Institute Carnegie Mellon University Pittsburgh, Pa. 15213-3890
Internet E-mail: cert@cert.org (monitored during business hours) Telephone: (412) 268-7090 (answers 24 hour a day)
----------------------------------------------------------------------
We've had a lot of feedback from various sites in response to our e-mail to you last week referring to possible anonymous FTP abuse on Berkeley hosts.
We are concerned at the reaction that our e-mail caused. There's obviously been a misunderstanding here and we wanted to follow-up with you on this. There was certainly no intent on the part of CERT to make accusations of any sort. We were simply trying to alert sites to the possibility of activity that they might have concerns about.
Our letter to you was one of many which we sent out to a number of sites across the world in the form of an FYI of possible abuse of their anonymous FTP areas. We had been receiving complaints from sites about wide-scale trading of commercial software on their writable anonymous FTP areas. During the process of helping sites to secure their systems we were given copies of files left in abused archives which indicated lists of hosts (and in some cases directories) that intruders were using to trade of commercial software. We chose to contact the sites so that they could check their systems and take any steps that they thought appropriate.
There were several reasons why we didn't attempt to verify the information. There were a large number of hosts involved and with the resources that we have available to us, it was not possible for us to attempt to confirm the information on each host. In any case, we felt it wouldn't be sufficient to check for specific directories or filenames on an archive, the whole archive would need to be checked for writable directories and then some verification of the contents of those directories would need to take place.
Previously, we have found that sites we contacted with this type of information, did find writable areas which are being abused. In this case some sites found such activity on their hosts, others stated that the information was dated or incorrect. In hindsight, we see that it would have been better for everyone concerned in this case if we had undertaken some initial verification of the information or issued an CERT advisory instead of the individual letters.
As so many sites are potentially vulnerable to this activity and may be unaware that it exists, we've decided to put together a CERT advisory on the topic and hope to issue it in the near future.
We're sorry if our original e-mail didn't clearly state our intentions and was the cause of any misunderstandings.
We'll follow-up with the various sites who have contacted us in regard to our original e-mail to you, by passing them a copy of this letter.
Regards Moira
Moira J. West Technical Coordinator, Computer Emergency Response Team Software Engineering Institute Carnegie Mellon University Pittsburgh, Pa. 15213-3890
Internet E-mail: cert@cert.org (monitored during business hours) Telephone: (412) 268-7090 (answers 24 hour a day)
-----------End of forwarded message Mark mark@cheops.anu.edu.au