> I just found a huge security flaw that lets anyone take root control > of your computer during boot. > I sent mandrake a bug report, but who should I send this information > to? I found it posted on a linux users list for beginners, so it is > online for crackers to find. I found it while searching for something > else entirely. Is it Mandrake-specific? Or does it affect other distros? Do you even know? Telling the distro is a good thing. But there's also CERT... http://www.cert.org/ CERT (and related others, like AusCERT) is a centralised place that manages security breaches, patches, advisories and warnings. Look under 'Incidents, quick fixes and vulnerabilities', there's 'report an incident' and 'reporting guidelines'. Check the guidelines first, of course. :) But if you tell CERT, it'll be in every smart sysadmin's hands quickly. Jenn V. -- "Do you ever wonder if there's a whole section of geek culture you miss out on by being a geek?" - Dancer. [EMAIL PROTECTED] Jenn Vesperman http://www.simegen.com/~jenn/ _______________________________________________ techtalk mailing list [EMAIL PROTECTED] http://www.linux.org.uk/mailman/listinfo/techtalk