From: fennelly@wkeys.com
To: ianwar@cmp.com, jyacono@cmp.com
Date: Mon, 1 May 2000 12:57:59
Subject: IIS Security Hole (from CRN)

Hello,
I read your article on the IIS security hole:
http://www.crn.com/search/display.asp?ArticleID=15988

and was a bit surprised that you did not research
the story more carefully. If you had, you would have
realised that the backdoor was indeed discovered
by Rain Forest Puppy who had the exploit program on
his site:

the first advisory:
http://www.wiretrip.net/rfp/p/doc.asp?id=45&iface=2

the updated advisory (your article gets mentioned):
http://www.wiretrip.net/rfp/p/doc.asp?id=46&iface=2

And, no, he did not have access to the source code.
I don't know anything about his relationship to
Newton, though..

regards,

Carole Fennelly