apache/openssl vulnerability (was Re: worms/viruses on linux)

To: "'debian-user@lists.debian.org'" <debian-user@lists.debian.org>
Subject: apache/openssl vulnerability (was Re: worms/viruses on linux)
From: Derrick 'dman' Hudson <dman@dman.ddts.net>
Date: Mon, 16 Sep 2002 14:41:50 -0400
Message-id: <[🔎] 20020916184149.GA29662@dman.ddts.net>
Mail-followup-to: "'debian-user@lists.debian.org'" <debian-user@lists.debian.org>
In-reply-to: <[🔎] C1A43A2480E7D311A69E0080C8D7F0B912CABD@mailserv.scsenterprises.com.au>
References: <[🔎] C1A43A2480E7D311A69E0080C8D7F0B912CABD@mailserv.scsenterprises.com.au>

On Mon, Sep 16, 2002 at 02:28:25PM +1000, David Pastern wrote:
| For those that don't subscribe to slashdot news,

debian-security-announce@lists.debian.org has a better signal/noise
ratio regarding security issues :-).

For the real info, see
http://www.debian.org/security/2002/dsa-136

http://lists.debian.org/debian-security-announce/debian-security-announce-2002/msg00087.html

http://online.securityfocus.com/bid/5363

| This makes it imperative to patch systems with security patches asap.

This statement has always been true. For a historical example, take a
look at the Ramen worm. The worm wasn't released until months after
the fix had been distributed. It's much easier to write a worm when
the exploit has already been publicized.

| If i'm under the understanding, virus/worms have been on an increase
| in the past 6-12 months on Linux systems. Do people think this is
| because of the more widespread usage of LInux now, or something more
| sinister (like Microsoft deliberately writing viruses to attack
| Linux - I know that sounds paranoid, but microsoft is a dirty player
| and uses any tricks in the books to get market share...)

It doesn't matter who is creating the malicious code. While everyone
has the responsibility to not act maliciously, the software developers
have the responsibility of not encouraging such activity (namely by
writing "secure" software). If developers write decent software in
the first place, and then release patches when a fault is discovered,
then Microsoft really doesn't matter one way or the other. It is also
your own responsibility to stay on top of the updates when they are
published. Since you use debian, that is the easy part. Just
subscribe to debian-security-announce and run apt periodically.

-D

--
He who belongs to God hears what God says. The reason you do not hear
is that you do not belong to God.
John 8:47

http://dman.ddts.net/~dman/

Attachment: pgpyob4Pqjtvd.pgp
Description: PGP signature

Reply to:

References:
- worms/viruses on linux
  - From: David Pastern <david@scsenterprises.com.au>

Prev by Date: Re: cyrus-imap with sasl
Next by Date: Problem with cups
Previous by thread: RE: worms/viruses on linux
Next by thread: specifying smb shares for users
Index(es):
- Date
- Thread