>Dave writes: >> He or she had intimate knowledge of the various Debian servers. > >I see no evidence that the cracker had anything other than public >information.
I'm guessing, based on the timeline ( hours, not days ) and other info in the report. Seems like an outsider, having only a password, would have to spend an awful lot of time poking around to find the right machines and directories.
>> And no damage was done. > >You don't consider the downtime and wasted labor damage?
The labor of the firefighters is good exercise and will help prevent a real fire. But you are right about the downtime for us users. Still, it's a small price for the gain in security, and one I am willing to pay.
>> Do you think he could have had the same impact by merely announcing that >> he *could* break into a system if he wanted? > >Privately delivering the exploit to the appropriate people would have >gotten the bug fixed at least as quickly.
You are right about the fix, the Debian team is tops. What about users updating their systems, however. Seems like a little drama here is a good thing.
On the whole, this incident *boosts* my confidence in Linux. I just can't imagine MS dealing with an incident like this as quickly and openly.
-- Dave
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
