"FMQ" == Federico Mena Quintero <federico@novell.com> writes:
FMQ> On Wed, 2007-08-22 at 17:16 +0200, Joachim Schrod wrote: FMQ> Hi, Joachim,
It depends on your intelligence if you need to follow this through to the end or if you realize soon enough that from "downloading and running executables is not a relevant attack vector for Linux" does *NOT* follow "Linux is safe". In math, this is called the difference between equivalence and implication.
Hmm, no, sorry; your post was not hilarious. It was not even funny. You didn't thought it was insightful, did you?
FMQ> It is evident that you know a lot more about security than most FMQ> people. However, please don't ridicule people for knowing less FMQ> than you do. I ridiculed him (or her?) because this was an answer to a post that *cited* me, where I already mentioned that the most problematic attack vector on Unix is data and and not programs. In fact, I mentioned that twice already in this thread over the last two weeks. Since I didn't come through with my original sober remarks, I thought that I need to step up the flamethrower a small notch and repeat my message with more color. And obviously it worked this time; you are the 2nd who replies... If the GP thinks that this is a personal flame, my apologies. I wanted to ridicule his stated opinions, not him as a person. FMQ> Cheers, and thanks for the good list of security references, You're welcome. ;-) Actually, for security non-pros, LWN.net's security page is one of the best information sources concerning current Linux vulnerabilities. It is a bit sad that SUSE is listed with so few alerts and vuln repairs there. If anybody is more concerned about current vulnerabilities beyond Linux, without having the time to read bugtraq et.al., I can only recommend the weekly SANS security alert "@RISK": http://www.sans.org/newsletters/?portal=2cef83944a34033fcbabdb9b8fc80c76#ris... The Critical Vulnerability Analysis and the Security Alert Consensus have merged to become @RISK: The Consensus Security Alert. Delivered every Monday morning, @RISK first summarizes the three to eight vulnerabilities that matter most, tells what damage they do and how to protect yourself from them, and then adds a unique feature: a summary of the actions 15 giant organizations have taken to protect their users. @RISK adds to the critical vulnerability list a complete catalog of all the new security vulnerabilities discovered during the past week. Thus in one bulletin, you get the critical ones, what others are doing to protect themselves, plus a complete list of the full spectrum of newly discovered vulnerabilities. The summary is not so interesting for us Linux folks, as it concentrates on Windows vulnerabilities, but the list of new vulnerabilities is really great. For people who work in this area, a week's notice is too long. But there are many who have not so pressing time constraints, and for them this is a great information resource to have. Cheers, Joachim -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Joachim Schrod Email: jschrod@acm.org Roedermark, Germany -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org