It isn't a bug. Next.
>believe people at lucent don't think it's important. For a company that's
I don't, it is silly IMHO. Don't shoot yourself in the foot - simple.
It is a useful feature to have the sebugging disassociated from the telnet
interface, or whatever interface, as it is used to stream the data to a
non interactive session.
>It's too bad this little "feature" will pop up on rootshell.com someday,
>since they LOVE finding backdoors into ISP's anyway they can get them.
BFD. I've mentioend this damn thing so many times over the years on
countless forums, here, other lists, USEnet, etc.
>You can say to your employees, "reset console before you quit!" till
>you're blue in the face, but there are times it just doesn't happen. what
Then they've fucked up - simple. There are plenty of other things your
employees can do, from setting bad passwords to setting bad filters, to
a hundred and one other ways to shoot yourself in the foot. It is not,
and SHOULD not, be the vendors responsibility to protect you from being
a moron.
>about WHILE THEY'RE DEBUGGING ? It's vulnerable then.
No, it isn't. While thye are debugging it is connected to their interface,
you can't get at it. If they are actively debugging, then it is linked to
where ever 'set console' is. Period.
-MZ
-- <URL:mailto:megazone@megazone.org> Gweep, Discordian, Author, Engineer, me.. Join ISP/C Internet Service Providers' Consortium <URL:http://www.ispc.org/> "A little nonsense now and then, is relished by the wisest men" 781-788-0130 <URL:http://www.gweep.net/> <URL:http://www.megazone.org/> Hail Discordia! - To unsubscribe, email 'majordomo@livingston.com' with 'unsubscribe portmaster-users' in the body of the message. Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>