On Tue, 2003-12-02 at 14:12, Alex Malinovich wrote: > On Tue, 2003-12-02 at 11:31, Greg Folkert wrote: > > Shoulda Been: > > http://lists.debian.org/debian-announce/debian-announce-2003/msg00003.html > > > > What a wanker I am. No, Peter no comment needed. > > > > On Tue, 2003-12-02 at 11:08, Greg Folkert wrote: > > > > > http://lists.debian.org/debian-announce/debian-announce-2003/msg00003.htmlDebian > > Thanks for the link. It certainly makes for interesting reading. Though > I am somewhat concerned about the following bit from the message: > > "Please understand that we cannot give away the used exploit to random > people who we don't know. So please don't ask us about it." > > I'm afraid I'm part of the group that just doesn't understand. This > snippet reeks of security through obscurity for me. If the hole has been > identified and, presumably, fixed, why not tell people about it? DMCA. Nuff said. It is not fixed widespread. So there are a TON of exploitable machines out there. So, best keep quite so the script kiddies don't bollocks up the world. As we all know most of these REAL attacks are by the people that never get caught. Script kiddies are "me-too" cruft. No need to make it easier. But, the prereq is a local account. So it isn't as bad as it could be. -- greg@gregfolkert.net REMEMBER ED CURRY! http://www.iwethey.org/ed_curry
Attachment:
signature.asc
Description: This is a digitally signed message part