Re: Debian Server Compromise -- A Fire Drill ??

To: debian-user@lists.debian.org
Subject: Re: Debian Server Compromise -- A Fire Drill ??
From: Dave <dmq@gci-net.com>
Date: Thu, 04 Dec 2003 13:50:35 -0700
Message-id: <[🔎] 5.2.1.1.0.20031204134905.027bee98@mail.gain.com>

On Thu, 04 Dec 2003 20:20:21 +0100, Terry Hancock<hancock@anansispaceworks.com> wrote:

[...]
>There is also the point that *somebody* found this bug.  Just not the
>folks we were hoping would. ;-)  Letting real crackers hammer your
>system is another way to find bugs, although we hope it's a last resort.

You missed my point. I think this *is* a fire drill! I think thisbreak-in was done by the best folks we could ever hope for.

Consider this: The attacker chose a system that was heavily guarded andwould generate a quick response from the people who could distribute a fixmost quickly. He or she had intimate knowledge of the various Debianservers. And no damage was done.

Can you hope for a better hacker than this? Do you think he could have hadthe same impact by merely announcing that he *could* break into a system ifhe wanted?

The real question now is "How many similar exploits exist, and are beingkept quiet for use in a real situation." We can only hope it's the goodguys who have these secrets.


--Dave

Reply to:

Follow-Ups:
- Re: Debian Server Compromise -- A Fire Drill ??
  - From: ScruLoose <scruloose+debuser@eastlink.ca>
- Re: Debian Server Compromise -- A Fire Drill ??
  - From: Alvin Oga <aoga@ns.Linux-Consulting.com>
- Re: Debian Server Compromise -- A Fire Drill ??
  - From: John Hasler <john@dhh.gt.org>

Prev by Date: Re: Anfrage f?r einen Linktausch an debian-user@lists.debian.org
Next by Date: Re: RFC: Create d-user-woody, d-user-sarge maillists, deactivate d-user
Previous by thread: Re: Debian Server Compromise -- A Fire Drill ??
Next by thread: Re: Debian Server Compromise -- A Fire Drill ??
Index(es):
- Date
- Thread