Re: Proposal for removal of mICQ package
On Fri, 14 Feb 2003 12:24, Remi VANICAT wrote:
> Yes you are when you say that next time he'll do worse "this boy have
> stole a candy, we should kill him because next time he'll do worse"
Bad analogy. A more appropriate analogy is "he stole a candy so we won't
allow him in a sweet shop".
> > We have to yank the package until we know there are no other
> > such cool hacks waiting to hit our users again. Who knows who else he
> > may have gotten mad at in the past and included other such brilliant
> > pieces of hackery, just waiting to be triggered? Who knows whom he
> > may get mad at in the future?
> I really believe that you are paranoid here.
The problem is that computer security is in many ways more difficult than
security in other areas.
If someone breaks into your house, car, shop, etc then you can repair the
locks, replace keys, and fix anything else that may have helped them get in.
If someone breaks into your computer the only serious way to solve the
problem is to reinstall all software, change all passwords, and change all
passwords on all machines that might have the same password. This is a
serious amount of work and may not even be possible. Some companies would go
bankrupt if their computers were offline for long enough to properly deal
with a security breach.
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page