[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: More hacked servers?

hi ya

On Tue, 25 Nov 2003, Michael Stone wrote:

> On Sun, Nov 23, 2003 at 01:09:27AM -0500, Jim Hubbard wrote:
> >After the Linux kernel server got hacked a few weeks ago, and now this
> >successful attack at Debian, my confidence is shaken.  I hope we'll see full
> >disclosure about exactly what happened and what's being done to prevent it.
> We were up-front in reporting the problem, so why would you suggest we
> would hide things later?

i dont think he meant it that way ?

in my book, i think "full disclosure" is good to impose on those
that been affected so that the rest can prevent it too ...
and its bad on those that are affected/compromised ..
	- full disclosure is probably not needed or probably
	not understood by lots of um ... and it;d probably
	give other wanna-be crackers too much info

yes, forensics will take loads and loads of time, days, weeks of time
to double check everything against  known clean source/archives

- i think the primary question most people have is ..
  a) do people continue their daily downloads and upgrades ??
	- if those archives was not affected, as of "today", than
	perhaps people can continue business as usual

	- how do they back off the latest changes that was 
	affected ... at least as of "this date" ...
	rather than to backoff all changes .. since no info
	is available
	( sounds like its not needed ? )

  b) for those that are super paranoid, they've probably stopped
     all downloads and watching/waiting

from a "lets be user friendly standpoint" ... ( aka "full disclosure" )

it'd would have been good for a new site called, for example

	where that is where people can go and get the latest
	official release of info ... instead of scrounging
	around to different places :-)

just my comments.. keep up the good work ..

just watching ... 

have fun

Reply to: