Way back in January, in message http://www.cygwin.com/ml/cygwin/2001-01/msg00063.html
I think Egor Duda, but perhaps David Peterson wrote that the socket implementation in cygwin allowed an attacker to simply send an RSA auth request to a specific port on your machine and presto, he would receive your private key. Since there were no replies to this message (that I can find), I'm really interested to hear if anyone has solved this or if he is incorrect? I really don't want to have to setup a port-blocking firewall just to prevent this, especially considering that ZoneAlarm is doing a fine job with application- specific blocking (and I have no other services running that outsiders could abuse). -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
