On 4/16/10 9:03 AM, "Giampaolo Tomassoni" <giampa...@tomassoni.biz> wrote:
>> If I run a ssh service on my machine, and yes I do, I keep track of the >> ssh announce list. >> Why because I hate it to find my root password changed because there >> was a security update I didn't updated 6 months ago because an apt-get >> update/upgrade didn't work anymore. > > So you're subscribed also to all the linux kernel maillists? You know, your > sshd is running on top of a linux kernel... No, but I subscribe to the sans @risk list, and the DHS daily list, and the US-CERT daily list. Between those, I generally have a good idea of current vulnerabilities on most every package. And I patch regularly. If the vendor doesn't come through with a patch fast enough for my platform, I go build my own RPM, which then makes me doubly responsible to follow the project more carefully. > You end being busy reading instead of busy working, this way... I can read the essential parts of the SANS @risk letter in under 5 minutes, and it only comes out once a week. Most of the other lists are good for other operational awareness. -- Daniel J McDonald, CCIE # 2495, CISSP # 78281 _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
