Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Fri, 23 Mar 2001 15:32:51 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Fri, 23 Mar 2001 15:32:42 -0500 Received: from alcove.wittsend.com ([130.205.0.20]:46044 "EHLO alcove.wittsend.com") by vger.kernel.org with ESMTP id ; Fri, 23 Mar 2001 15:32:35 -0500 Date: Fri, 23 Mar 2001 15:30:59 -0500 From: "Michael H. Warfield" To: Gerhard Mack Cc: Bob Lorenzini , linux-kernel@vger.kernel.org Subject: Re: Linux Worm (fwd) Message-ID: <20010323153059.A9319@alcove.wittsend.com> Mail-Followup-To: Gerhard Mack , Bob Lorenzini , linux-kernel@vger.kernel.org In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.2i In-Reply-To: ; from gmack@innerfire.net on Fri, Mar 23, 2001 at 10:31:49AM -0800 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Mar 23, 2001 at 10:31:49AM -0800, Gerhard Mack wrote: > On Fri, 23 Mar 2001, Bob Lorenzini wrote: > > I'm annoyed when persons post virus alerts to unrelated lists but this > > is a serious threat. If your offended flame away. > This should be a wake up call... distributions need to stop using product > with consistently bad security records. Bullshit. This is a wake up call that admins need to keep installations up to date. When a security hole is found, I DON'T CARE if it's in a package with a good security record or a poor security record. It has to be fixed and you can't put it off. Certainly not in the current climate with script driven worms like Ramen and 1i0n. Having a poor security record is a warning to the developers that it's time to clean up their act and do better. Sendmail use to be the bug of the month club. Hell! It use to be the bug of the week club. Last couple of years, it's been pretty solid. If you only went on security track record, we would all be using MMDF, which is still arguibly the most secure mail transport around. MMDF has had what? One advisory in something like 15 years of deployment? It was the default MTA in SCO Unix for years and was mandated at military installations for a long time... Still, when that one advisory comes out, you better update or you are toast. You don't solely rely on packages that have "good security records" never getting broken and then become complacent. Sites that do that are what we call "Warez" sites. :-/ > Gerhard > -- > Gerhard Mack > gmack@innerfire.net > <>< As a computer I find your faith in technology amusing. Mike -- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com (The Mad Wizard) | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/