| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1060937433.3463.136.camel@syd0137.fujitsu.com.au> From: kluge at fujitsu.com.au (Steffen Kluge) Subject: MS should point windowsupdate.com to 127.0.0.1 On Fri, 2003-08-15 at 09:50, Jeroen Massar wrote: > And no, this is not just yet again a microsoft thing > apparently even the FSF can't secure their FTP server. > Which took 3 months to be detected (jolly :) one has > to wonder how much trouble that is going to cost, > though fortunatly most unix admins are more proactive > in the security front and tend to update. The difference, though, is that they got rooted in the week between disclosure of the ptrace bug and publication of a patch. For that, you can't call them lazy. The interesting question here is, how could the attacker get an account on the box the first place? Disgruntled insider? Poor account/password management? Non-root remote exploit? I think that even after patching the Linux kernels on their servers, the FSF admins still have some catching up to do. Cheers Steffen. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030815/6eb7f71a/attachment.bin
Powered by blists - more mailing lists