Re: DSA 438 - bad server time, bad kernel version or information delayed?

[Jan Lühr <jluehr@gmx.net>]

Greetings,.

Am Donnerstag, 19. Februar 2004 00:37 schrieb Michael Stone:
> On Wed, Feb 18, 2004 at 11:37:19PM +0100, Jan Lühr wrote:
> >But if knowlegde about this vuln is availeable - if fixes are done, but
> > not avaible yet, how do I protect myself?
>
> Are you less secure today than yesterday? No. Someone will always know
> about a vulnerability before you do, you need to deal with that. You
> protect yourself by disabling unnecessary services, teaching your users
> good security habits, elminating replayable passwords, keeping good
> logs, reviewing those logs, making good backups, etc. Can you still be
> compromised? Yup. Are there people out there right now exploiting
> vulnerabilities you don't know about? Yup. All you can do is established
> a layered security plan and prepare a disaster recovery plan for the
> inevitable.

Of cours - these are the main aspects of a secure installation, but as we have 
seen in the recent debian compromise it may not be enough.
Imho opinion, please correct me if I'm wrong - an exploit, known for many 
weeks by much people, trying to correct it, is more threadening than some 
exoctic exploit, which may be known to a bunch of people.
Thus the information about the discussed exploit can be easily obtained by  
some "bad guy".
What about establishing some kind of warning service? E.g. sshd has a well 
known serious leak, you should shut it down for the next few days.

Keep smiling
yanosz

P.S. May apologies for my last e-mails - I'm trying not to go on trolling, 
maybe I was to astonished and to excited.
The DST  has done quite a good job for the recent months / yers. Go on!