Re: How to ensure the integrity of Debian mirrors?

To: "debian-devel@lists.debian.org" <debian-devel@lists.debian.org>
Subject: Re: How to ensure the integrity of Debian mirrors?
From: "Steve Lamb" <morpheus@rpglink.com>
Date: Thu, 07 Jan 1999 01:29:34 -0800
Message-id: <[🔎] E0zyBkW-0004OS-00@rpglink.com>
Reply-to: "Steve Lamb" <morpheus@rpglink.com>
In-reply-to: <[🔎] 199901070923.KAA10527@pcrz64.HRZ.Uni-Marburg.DE>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 07 Jan 1999 10:23:46 +0100, Thomas Gebhardt wrote:

>No, the updates have not been installed. But even if there were
>some security holes it is very suspicious that these were exploited
>from different sites immediately after the installation. 

    I don't see it as all that unplausable.  At work we get several probes on
common ports which have well-known exploits per day.  At least 2-3 on IMAP4
each day alone.  All it takes is for someone with a portscanner to start
hitting all IPs in a class C to see what is there and then try something. 
Once they have something it isn't that unreasonable to assume they would tell
their buds about an open machine.

- -- 
         Steve C. Lamb         | I'm your priest, I'm your shrink, I'm your
         ICQ: 5107343          | main connection to the switchboard of souls.
- -------------------------------+---------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.0 (C) 1997 Pretty Good Privacy, Inc

iQA/AwUBNpR+fnpf7K2LbpnFEQLLNgCfZoOLR1uHFUEwIcIEg9Jow+0/oz4An05h
L+t+zV9fJ6ckvKJCcjXpZwEX
=mchh
-----END PGP SIGNATURE-----

Reply to:

References:
- Re: How to ensure the integrity of Debian mirrors?
  - From: "Thomas Gebhardt" <gebhardt@HRZ.Uni-Marburg.DE>

Prev by Date: Re: 2.0.36 in slink, so isdnutils should go in as well!
Next by Date: Re: Startx fails after updating my slink system!!!
Previous by thread: Re: How to ensure the integrity of Debian mirrors?
Next by thread: Re: How to ensure the integrity of Debian mirrors?
Index(es):
- Date
- Thread