Mailinglist Archive: opensuse-security (195 mails)

< Previous Next >
Re: [suse-security] Security announcements
  • From: John Grant <jmgrant@xxxxxxxxxxxx>
  • Date: Sat, 04 Mar 2000 22:41:02 -0800 (PST)
  • Message-id: <200003050641.WAA03981@xxxxxxxxxxxxxxxxx>
Jussi Laako said:
> Rune Kristian Viken wrote:
> >
> > vulnerability. The only responsible thing to do, is to publish the
> > exploit to as many security-mailinglists as possible, and let admins
> > disable the buggy service.
>
> After that it's race against time from sysadmin's point of view. Is admin
> fast enough to disable that service before someone breaks in? If only few
> peoples know about security vulnerability it's less likely that someone uses
> it in your system. If every script kiddie knows about it, then it's much
> more likely...
>
> How many people sit 24/7 reading security mailinglists?

No SA worth the title would need to take that much time to keep up.
Besides, that's like asking, "what if the night-watchman falls asleep?".

> What if sysadmin is at weekend trip with his sailing boat?

If the night-watchman takes the weekend off then you get someone to take
his place. Or you do without, make sure you lock the doors as best you
can, and take your chances.


< Previous Next >
List Navigation
References