Re: Debian Server Compromise -- A Fire Drill ??

[Dave]

On Thu, 04 Dec 2003 20:20:21 +0100, Terry Hancock 
<[EMAIL PROTECTED]> wrote:
[...]
>There is also the point that *somebody* found this bug.  Just not the
>folks we were hoping would. ;-)  Letting real crackers hammer your
>system is another way to find bugs, although we hope it's a last resort.

You missed my point.  I think this *is* a fire drill!  I think this 
break-in was done by the best folks we could ever hope for.

Consider this: The attacker chose a system that was heavily guarded and 
would generate a quick response from the people who could distribute a fix 
most quickly. He or she had intimate knowledge of the various Debian 
servers.  And no damage was done.

Can you hope for a better hacker than this?  Do you think he could have had 
the same impact by merely announcing that he *could* break into a system if 
he wanted?

The real question now is "How many similar exploits exist, and are being 
kept quiet for use in a real situation."  We can only hope it's the good 
guys who have these secrets.

--Dave



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]