Re: Linux Worm (fwd)

Michael H. Warfield (mhw@wittsend.com)
Fri, 23 Mar 2001 15:30:59 -0500


On Fri, Mar 23, 2001 at 10:31:49AM -0800, Gerhard Mack wrote:
> On Fri, 23 Mar 2001, Bob Lorenzini wrote:

> > I'm annoyed when persons post virus alerts to unrelated lists but this
> > is a serious threat. If your offended flame away.

> This should be a wake up call... distributions need to stop using product
> with consistently bad security records.

Bullshit.

This is a wake up call that admins need to keep installations up
to date. When a security hole is found, I DON'T CARE if it's in a package
with a good security record or a poor security record. It has to be
fixed and you can't put it off. Certainly not in the current climate
with script driven worms like Ramen and 1i0n.

Having a poor security record is a warning to the developers that
it's time to clean up their act and do better. Sendmail use to be the
bug of the month club. Hell! It use to be the bug of the week club. Last
couple of years, it's been pretty solid. If you only went on security
track record, we would all be using MMDF, which is still arguibly the most
secure mail transport around. MMDF has had what? One advisory in something
like 15 years of deployment? It was the default MTA in SCO Unix for
years and was mandated at military installations for a long time... Still,
when that one advisory comes out, you better update or you are toast.

You don't solely rely on packages that have "good security records"
never getting broken and then become complacent. Sites that do that are
what we call "Warez" sites. :-/

> Gerhard

> --
> Gerhard Mack

> gmack@innerfire.net

> <>< As a computer I find your faith in technology amusing.

Mike

-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw@WittsEnd.com
  (The Mad Wizard)      |  (678) 463-0932   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/