Re: Debian Server Compromise -- A Fire Drill ??

To: debian-user@lists.debian.org
Subject: Re: Debian Server Compromise -- A Fire Drill ??
From: Terry Hancock <hancock@anansispaceworks.com>
Date: Thu, 4 Dec 2003 13:22:16 -0600
Message-id: <[🔎] m1ARywo-007oAYC@mail.augustmail.com>
Reply-to: hancock@anansispaceworks.com
In-reply-to: <[🔎] 5.2.1.1.0.20031204111521.02d7ec90@mail.gain.com>
References: <[🔎] 5.2.1.1.0.20031204111521.02d7ec90@mail.gain.com>

On Thursday 04 December 2003 12:17 pm, Dave wrote:
> On Thu, 04 Dec 2003 18:00:18 +0100, Tom <tb.31123.nospam@comcast.net> wrote:
>  >On Thu, Dec 04, 2003 at 10:15:12AM -0600, John Hasler wrote:
>  >> ...  That's why the kernel
>  >> developers thought it was just an ordinary bug: they could see no way to
>  >> exploit it.
>  >
>  >That statement is somewhat disconcerting.  The hypothesis is that many
>  >eyes detect secure bugs, and here is clear case evidence contradicting
>  >that hypothesis.
> 
> There is no contradiction.  Many eyes detect most security problems, but 
> not all.  This is certainly better than just a few eyes with access to 
> proprietary code.

There is also the point that *somebody* found this bug.  Just not the
folks we were hoping would. ;-)  Letting real crackers hammer your
system is another way to find bugs, although we hope it's a last resort.

--
Terry Hancock ( hancock at anansispaceworks.com )
Anansi Spaceworks  http://www.anansispaceworks.com

Reply to:

References:
- Re: Debian Server Compromise -- A Fire Drill ??
  - From: Dave <dmq@gci-net.com>

Prev by Date: Re: crontab
Next by Date: Kernel options - how to determine which are needed?
Previous by thread: Re: Debian Server Compromise -- A Fire Drill ??
Next by thread: Re: Debian Server Compromise -- A Fire Drill ??
Index(es):
- Date
- Thread