As I pointed out to Ian on Sunday, this is a very old, very well-known bug. As I also pointed out, it is a well- understood fact about Internet security as it stands today that if you can't trust the people on your subnet, you're screwed. I also mentioned the facts that have been mentioned by others on this list (firewalls, most home users don't use NFS, etc.) It is profoundly irritating to find this splashed on the front page of the NYT, contributing to the FUD that largely benefits luddites like First Virtual and those, like MS$, pushing for a return to proprietary networks. (One quote from FV marketing director Pierre Wolfe at the ML conference I recently attended, "The Internet may end up as a ghetto, where people are afraid to engage in commercial activity.") Furthermore, neither the original post or the NYT article place any blame on the role of government regulation or greedy patent-holders in disrupting the formation of protocols based on strong cryptography, which are two of the major culprits in this matter.