Re: Debian Server Compromise -- A Fire Drill ??

To: debian-user@lists.debian.org
Subject: Re: Debian Server Compromise -- A Fire Drill ??
From: John Hasler <john@dhh.gt.org>
Date: Fri, 05 Dec 2003 08:30:11 -0600
Message-id: <[🔎] 87k75bcp70.fsf@toncho.dhh.gt.org>
In-reply-to: <[🔎] 5.2.1.1.0.20031204134905.027bee98@mail.gain.com> (dmq@gci-net.com's message of "Thu, 04 Dec 2003 13:50:35 -0700")
References: <[🔎] 5.2.1.1.0.20031204134905.027bee98@mail.gain.com>

Dave writes:
> He or she had intimate knowledge of the various Debian servers.

I see no evidence that the cracker had anything other than public
information.

> And no damage was done.

You don't consider the downtime and wasted labor damage?

> Do you think he could have had the same impact by merely announcing that
> he *could* break into a system if he wanted?

Privately delivering the exploit to the appropriate people would have
gotten the bug fixed at least as quickly.
-- 
John Hasler
john@dhh.gt.org (John Hasler)
Dancing Horse Hill
Elmwood, WI

Reply to:

Follow-Ups:
- Re: Debian Server Compromise -- A Fire Drill ??
  - From: "Benedict Verheyen" <linux4bene@pandora.be>
- Re: Debian Server Compromise -- A Fire Drill ??
  - From: Paul Johnson <baloo@ursine.ca>

References:
- Re: Debian Server Compromise -- A Fire Drill ??
  - From: Dave <dmq@gci-net.com>

Prev by Date: Re: Is resolv.conf essential?
Next by Date: Multi-word Label in LILO
Previous by thread: Re: Debian Server Compromise -- A Fire Drill ??
Next by thread: Re: Debian Server Compromise -- A Fire Drill ??
Index(es):
- Date
- Thread