[1977] in linux-security and linux-alert archive
[linux-security] Re: RedHat 5.X Security Book
daemon@ATHENA.MIT.EDU (Jon Lewis)
Sun Jul 12 17:58:51 1998
Date: Sun, 12 Jul 1998 15:35:42 -0400 (EDT)
From: Jon Lewis <jlewis@inorganic5.fdt.net>
To: twiztah <twiztah@ANARCHY.MAXHO.COM>
cc: Kent Crispin <kent@songbird.com>, linux-security@redhat.com
In-Reply-To: <Pine.LNX.3.96.980712040802.6090A-100000@ANARCHY.MAXHO.COM>
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com
On Sun, 12 Jul 1998, twiztah wrote:
> >"99% secure" is an almost completely meaningless statement, in any
> >case.
>
> There are fully functional systems which are 100% secure to the publically
> _KNOWN_ bugs. Not every admin sits on his chair at work and eats donuts,
> while little script monkeys are rooting his machine.
This still doesn't mean much. Should I feel better with the knowledge
that when one of my systems was hacked several months ago, it was hacked
using a previously unpublished hole? Well...actually, I do feel a little
better, but it doesn't do me any good. At least the hole (and exploit)
are publically known now.
I still fully agree its a good idea to make your system as secure as you
can, but the statement that any system is 100% secure against publically
known bugs just doesn't mean much. It means the average idiot who knows
how to use a web browser and reaches rootshell.com probably can't hack
you...but someone just a little higher up the food chain might not have
any trouble at all hacking you.
[mod: And always there is a window between the hole becoming public
and the administrator being able to react on that knowledge.... --REW]
------------------------------------------------------------------
Jon Lewis <jlewis@fdt.net> | Spammers will be winnuked or
Network Administrator | drawn and quartered...whichever
Florida Digital Turnpike | is more convenient.
______http://inorganic5.fdt.net/~jlewis/pgp for PGP public key____
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null