George and Brewster, Please take note of this and act accordingly. (Thanks for the heads-up, Scott! I took the liberty of alerting the CERT with a cc: The community of serving organizations should be notified and the fix provided, when proven. If I'm behind the power curve, and if you have already done this, please excuse my misplaced zeal.) Thanks, Steve G. ------- Forwarded Message From: scottw@nic.ddn.mil (Scott Williamson) Message-Id: <9208312050.AA22641@nic.ddn.mil> Subject: Re: WAIS on DDN To: sgoldste@cise.cise.nsf.gov (Steve Goldstein--Ph +1-202-357-9717) Date: Mon, 31 Aug 92 16:50:13 EDT In-Reply-To: <9208282127.AA06081@cise.cise.nsf.gov>; from "Steve Goldstein--Ph +1-202-357-9717" at Aug 28, 92 5:27 pm X-Mailer: ELM [version 2.3 PL2] Steve, We have the login wais disabled. There is a security whole in the swais interface that you can drive a truck through. We are working on a fix so that we reactivate this feature. Mark Kosters has informed RIPE of the problem with an explanation of how one could get in. He also suggested the fix. Scott
SG> And, folks, what you really want to see is NIC databases accessible SG> with WAIS, so's you don't have to use their search fields, SG>but can SG> use any search string (e.g., telephone number, city, etc.) SG>NIC.DDN.MIL SG> has just brought up a WAIS server, and RIPE NCC has had one SG>up for a while SG> (wais.ripe.net). These are REALLY neat, as in "who does networking SG>in SG> Dresden?" --SG
I've managed to telnet to wais.nic.ddn.mil (192.112.38.103) but don't know the login/password. Can you advise?
Sorry. I did it with a WAIS client. I just tried logging in a telnet session with user=wais, password=<all_sorts_of_things_including_profanity>, but nothing worked. Ought not be passworded!
Scott?
--SG
Ripe works fine.
Regards, Peter Scott
------- End of Forwarded Message