[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bad press related to (missing) Debian security

On Mon, Jun 27, 2005 at 07:36:50PM +0000, Paul Hink wrote:
> Having one's workstation compromised (e.g. due to some vulnerability of
> Mozilla) is a serious thing. There might be confidential data (e.g.
> private e-mails) stored on it and in many cases it makes compromising a
> server much easier as well (e.g. by logging SSH passwords or stealing
> private SSH keys and their passphrases).

>From a company/organisation's point of view, this might be almost as serious
as getting root. If you're a system administrator, you really don't want
people to get root on the machine. If you're the CEO, you're mostly concerned
with not letting outsiders read and/or write secret documents, which the
users often store in /home/*. Cracking the right workstation might allow an
attacker to access all the documents they want.

(Something completely different: the Debian Security Audit Project have talked
about auditing all of base, to make sure it's reasonably secure. Any volunteers
are very welcome, as we're just three active members at the moment.)

// Ulf
Reply to: