Re: Debian Server Compromise -- A Fire Drill ??

[Alvin Oga <aoga@ns.Linux-Consulting.com>]

On Thu, 4 Dec 2003, Dave wrote:

> On Thu, 04 Dec 2003 20:20:21 +0100, Terry Hancock 
> <hancock@anansispaceworks.com> wrote:
> [...]
>  >There is also the point that *somebody* found this bug.  Just not the
>  >folks we were hoping would. ;-)  Letting real crackers hammer your
>  >system is another way to find bugs, although we hope it's a last resort.
> 
> You missed my point.  I think this *is* a fire drill!  I think this 
> break-in was done by the best folks we could ever hope for.
> 
> Consider this: The attacker chose a system that was heavily guarded and 
> would generate a quick response from the people who could distribute a fix 
> most quickly. He or she had intimate knowledge of the various Debian 
> servers.  And no damage was done.
> 
> Can you hope for a better hacker than this?  Do you think he could have had 
> the same impact by merely announcing that he *could* break into a system if 
> he wanted?
> 
> The real question now is "How many similar exploits exist, and are being 
> kept quiet for use in a real situation."  We can only hope it's the good 
> guys who have these secrets.

anytime you dont lose data ...  consider yourself lucky ... and learn
from it and tighten the boat some
	- i'm assuming the debian boat is tightened ??
	( more staging machines and key checking ? )

-- you can always simulate a firedrill ...  at any random time ...
	and work out additional security policies accordingly

c ya
alvin