From: technetium99@thearmy.com
Subject: Smack Security Problem?
Date: Wed, 2 Jun 99 04:14:26 +0000
--------------------------------------------------------------------------------
Hi, 
Just wanted to say keep up the great work on the archive!  I just recently got 
the new hotline d0s app smack, and I have tested it out to find that it has some 
flaws that make it potentially "dangerous" to the user.  Unfortunately, when you 
use smack, (or telnet, or anything) to send a login request to a hotline server, 
you get back 1 copy of the agreement for each request you send (100 is default), 
which basically means that if you try smack on an average server that has maybe 
1 page of agreement text or so, then you are going to get tons of data, flooding 
you back.  In the readme, it recommends that the user keep hitting the smack 
button to keep the flood going, since if you do more thatn 100 per click, you 
will get a server autoban.  Therefore, if you have a slow dialup connection (56k 
or less) you are basically d0sing your self ;0 because you get more data than 
you are sending, especially if you are flooding a fast server.  I'm not sure who 
else to pass this message on to, but please let me know if this helps anything. 

werd, 
t