Re: More hacked servers?
hi ya
On Tue, 25 Nov 2003, Michael Stone wrote:
> On Sun, Nov 23, 2003 at 01:09:27AM -0500, Jim Hubbard wrote:
> >After the Linux kernel server got hacked a few weeks ago, and now this
> >successful attack at Debian, my confidence is shaken. I hope we'll see full
> >disclosure about exactly what happened and what's being done to prevent it.
>
> We were up-front in reporting the problem, so why would you suggest we
> would hide things later?
i dont think he meant it that way ?
in my book, i think "full disclosure" is good to impose on those
that been affected so that the rest can prevent it too ...
and its bad on those that are affected/compromised ..
- full disclosure is probably not needed or probably
not understood by lots of um ... and it;d probably
give other wanna-be crackers too much info
yes, forensics will take loads and loads of time, days, weeks of time
to double check everything against known clean source/archives
- i think the primary question most people have is ..
a) do people continue their daily downloads and upgrades ??
- if those archives was not affected, as of "today", than
perhaps people can continue business as usual
- how do they back off the latest changes that was
affected ... at least as of "this date" ...
rather than to backoff all changes .. since no info
is available
( sounds like its not needed ? )
b) for those that are super paranoid, they've probably stopped
all downloads and watching/waiting
from a "lets be user friendly standpoint" ... ( aka "full disclosure" )
it'd would have been good for a new site called, for example
http://status.debian.org/Nov2003
where that is where people can go and get the latest
official release of info ... instead of scrounging
around to different places :-)
just my comments.. keep up the good work ..
just watching ...
have fun
alvin
Reply to: