Mailinglist Archive: opensuse-security (195 mails)

< Previous Next >
Re: [suse-security] Security announcements
  • From: cogNiTioN <cognition@xxxxxxxxxxx>
  • Date: Sun, 5 Mar 2000 17:20:31 +0000 (GMT)
  • Message-id: <Pine.LNX.4.10.10003051715580.3066-100000@xxxxxxxxxxxxxxxxx>
On Sun, 5 Mar 2000, Steffen Dettmer wrote:

> > Isn't it the SysAdmin's job (among others) to be quick in responding to
> > security announcements?
>
> And even when the annouce is delayed, and a patch is aviable, the
> Admin needs to install it, so it makes no difference: the admin
> needs to be fast.

true.

> > What about those people who admin their servers in their free time? I do
> > most of my admin work between the hours of 10pm and 2am.
>
> Me too, but maybe in a different time zone...

Probably, I'm in the UK, and thus work from GMT.

> > > > What if sysadmin is at weekend trip with his sailing boat?
>
> Yeah, of course, but even if the security problem report is
> delayed, he cannot upgrade the packages, so it hasn't such
> advantages to delay.

I was going to mention that, but forgot.

> Another thing: the argument was: delay the information, to give
> the maintainers time to prepare patches. This requires, that no
> other found the bug. But if no other found the bug, it would be
> the best to hide and forget the information completly...

true. But that isn't the case, and never will be. Back to Security through
obscurity.

> And I'm sure: an expirienced attacher/intruder get's such
> informations quickly, since he/she spent a lot of time searching
> for such things. They might attack if the find a security update
> somewhere. They have some time to test for vulnerabilities. And
> if the exploit becomes public, then they can try it on machines,
> since the admin cannot update just in time.

This leads to another point, why release exploits at all?

> IMHO it would be necessary to suggest a workaround (at least the
> "shutdown" method...) as soon as possible.

Perhaps. But this option is almost always open.

> BTW: I'm sure the most of the attackers now lot's more about
> bugs, exploits and so on like most of the administrators...

That is evident by the fact that attacks are soetimes sucessful. If all
admins were more knowledgeable than all attackers, then they wouldn't
happen. Also, you don't get many 9-5 people attacking machines, to some
admins it's just a job, to nearly all attackers, they have some other, and
often greater, motivation.



< Previous Next >
List Navigation
Follow Ups
References