on Tue, Dec 02, 2003 at 01:12:40PM -0600, Alex Malinovich (demonbane@the-love-shack.net) wrote:
> On Tue, 2003-12-02 at 11:31, Greg Folkert wrote:
> > Shoulda Been:
> > http://lists.debian.org/debian-announce/debian-announce-2003/msg00003.html
> >
> > What a wanker I am. No, Peter no comment needed.
> Thanks for the link. It certainly makes for interesting reading. Though
> I am somewhat concerned about the following bit from the message:
>
> "Please understand that we cannot give away the used exploit to random
> people who we don't know. So please don't ask us about it."
>
> I'm afraid I'm part of the group that just doesn't understand. This
> snippet reeks of security through obscurity for me. If the hole has been
> identified and, presumably, fixed, why not tell people about it?
The security flaw is identified.
An in-the-wild exploit is disclosed. There is a hole, and you're
currently at risk.
There's nothing more to be gained by contributing to the awareness of
the exploit for the flaw while people are still patching their systems.
I'm one of those who's got all his systems on safe kernels, even if this
means I don't have full use. NICs on one box aren't supported by
2.4.18, and building 2.4.23 is turning into a bitch.
Peace.
--
Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/
What Part of "Gestalt" don't you understand?
Backgrounder on the Caldera/SCO vs. IBM and Linux dispute.
http://sco.iwethey.org/
Attachment:
pgp6VlYwSmDae.pgp
Description: PGP signature