Mailinglist Archive: opensuse-security (195 mails)

< Previous Next >
Re: [suse-security] Security announcements
  • From: Jussi Laako <jussi@xxxxxxxxxxxx>
  • Date: Sun, 05 Mar 2000 05:20:38 +0200
  • Message-id: <38C1D286.DCE72E14@xxxxxxxxxxxx>
Rune Kristian Viken wrote:
>
> vulnerability. The only responsible thing to do, is to publish the
> exploit to as many security-mailinglists as possible, and let admins
> disable the buggy service.

After that it's race against time from sysadmin's point of view. Is admin
fast enough to disable that service before someone breaks in? If only few
peoples know about security vulnerability it's less likely that someone uses
it in your system. If every script kiddie knows about it, then it's much
more likely...

How many people sit 24/7 reading security mailinglists? What if sysadmin is
at weekend trip with his sailing boat?

- Jussi Laako

--
PGP key fingerprint: 161D 6FED 6A92 39E2 EB5B 39DD A4DE 63EB C216 1E4B
Available at: ldap://certserver.pgp.com, http://keys.pgp.com:11371

< Previous Next >
List Navigation
Follow Ups