Re: red worm amusement

To: debian-security@lists.debian.org
Subject: Re: red worm amusement
From: Jacob Meuser <jakemsr@clipper.net>
Date: Sat, 21 Jul 2001 20:51:23 -0700
Message-id: <[🔎] 20010721205123.A5455@funk.meus0002.clipper.net>
In-reply-to: <[🔎] 20010722125449.B666@zip.com.au>; from cat@zip.com.au on Sun, Jul 22, 2001 at 12:54:49PM +1000
References: <[🔎] 20010721021042.G26849@cistron.nl> <[🔎] uk14rs7hzx5.fsf@nfsd.linpro.no> <[🔎] 4.2.0.58.20010720194556.011a1368@mail.diligence.com> <[🔎] 20010721000907.J31948@plato.local.lan> <[🔎] 20010721140048.A4668@janky.gsky.dom> <[🔎] 20010721163232.K31948@plato.local.lan> <[🔎] 20010721182700.A19667@funk.meus0002.clipper.net> <[🔎] 20010721172935.M31948@plato.local.lan> <[🔎] 20010721195202.B31907@funk.meus0002.clipper.net> <[🔎] 20010722125449.B666@zip.com.au>

On Sun, Jul 22, 2001 at 12:54:49PM +1000, CaT wrote:
> 
> You know. You're right. We should make it as difficult as possible
> to install software. Right down to removing makefiles from source
> repositories and rot13ing the source code because the harder it is
> to install a piece of software, the more secure a box is.

No, I'm simply saying not to start services immediately.  I mean really,
who in their right mind starts a service without looking at the config
files?  How hard is it to add the links from /etc/rc?.d to /etc/init.d
(isn't there script to do this anyway)?

> And then the computer you just spent a few grand on will be about
> as useful as a toaster without heating elements.

That's better than them getting sued for a hell of a lot more than they
paid for their machine because someone launched an attack from their
machine, and they can't prove they didn't to it.

> The trick is not to make installation of software more difficult. The
> trick is in informing the user about what they just did and what
> consequences it may have for them.

I would settle for better notification.  The point of not doing the
final steps is to force the user to have some understanding about
what their doing.

<jakemsr@clipper.net>

Reply to:

Follow-Ups:
- Re: red worm amusement
  - From: scbarker@uiuc.edu (Steven Barker)
- Re: red worm amusement
  - From: CaT <cat@zip.com.au>

References:
- red worm amusement
  - From: Wichert Akkerman <wichert@wiggy.net>
- Re: red worm amusement
  - From: Sigurd Urdahl <sigurdur@linpro.no>
- Re: red worm amusement
  - From: Tim Uckun <tim@diligence.com>
- Re: red worm amusement
  - From: Ethan Benson <erbenson@alaska.net>
- Re: red worm amusement
  - From: Jacob Meuser <jakemsr@clipper.net>
- Re: red worm amusement
  - From: Ethan Benson <erbenson@alaska.net>
- Re: red worm amusement
  - From: Jacob Meuser <jakemsr@clipper.net>
- Re: red worm amusement
  - From: Ethan Benson <erbenson@alaska.net>
- Re: red worm amusement
  - From: Jacob Meuser <jakemsr@clipper.net>
- Re: red worm amusement
  - From: CaT <cat@zip.com.au>

Prev by Date: Re: red worm amusement
Next by Date: Re: red worm amusement
Previous by thread: Re: red worm amusement
Next by thread: Re: red worm amusement
Index(es):
- Date
- Thread