[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian Investigation Report after Server Compromises



On Wed, 2003-12-03 at 02:04, Paul Johnson wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Tue, Dec 02, 2003 at 09:41:15PM +0000, Oliver Elphick wrote:
> > Because there will be lots of people who haven't yet had the chance to
> > upgrade.  They won't thank us for making an exploit available to every 
> > would-be cracker.
> 
> Why should we cater to people who can't be bothered to help
> themselves?  Leaving readily compromisable systems out there does the
> net a disservice.

Yes, it does do a dis-service. But, since when does it make it right to
add exposure to Bank, Govt, Hospital (etc..) systems, when a delay in
script-kiddie info would allow things to be fixed before it is common
knowledge. Sure the Black-Hats already know... but there is little we
can do about them. Script-kiddies on the other hand goto a few Kr@Xk3rZ
51735 (cracker sites) and D/L the tools and code to exploit... usually
in 10 minutes from reading a list of possible candidates from the same
sites... have already gotten in and made your credit-card their slave.

Come on Paul, think in a common-sense approach, lately this whole (set)
Debian Lists is becoming nothing more than a sounding board for
Meta-Moderators... saying pooh-pooh to anyone on the dissenting side.
Real life requires real thinking, smartly... that is why Debian
Snobbians (myself included in that class) have a hard time dealing with
people on a level playing field. 
-- 
greg@gregfolkert.net
REMEMBER ED CURRY! http://www.iwethey.org/ed_curry

Attachment: signature.asc
Description: This is a digitally signed message part


Reply to: