[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian Server Compromise -- A Fire Drill ??

On Thu, 04 Dec 2003 20:20:21 +0100, Terry Hancock <hancock@anansispaceworks.com> wrote:
>There is also the point that *somebody* found this bug.  Just not the
>folks we were hoping would. ;-)  Letting real crackers hammer your
>system is another way to find bugs, although we hope it's a last resort.

You missed my point. I think this *is* a fire drill! I think this break-in was done by the best folks we could ever hope for.

Consider this: The attacker chose a system that was heavily guarded and would generate a quick response from the people who could distribute a fix most quickly. He or she had intimate knowledge of the various Debian servers. And no damage was done.

Can you hope for a better hacker than this? Do you think he could have had the same impact by merely announcing that he *could* break into a system if he wanted?

The real question now is "How many similar exploits exist, and are being kept quiet for use in a real situation." We can only hope it's the good guys who have these secrets.


Reply to: