On 12/19/10 8:03 PM, oli...@first.in-berlin.de wrote:
> 
> Why not just updateing the machine, or if no updates are available, just 
> eremove exim?!
> 

If a machine has been compromised, or even if you suspect it has, you
can't trust anything about it anymore.

Someone could have used the exim exploit to install a rootkit, a version
of sshd with a backdoor, etc.  And sure, maybe you can take the sha of
sshd and compare it to a known source, but maybe sha256 has been
replaced with a version that tricks you.

So you patch exim, think you're good, and they come back to your machine
six months later.

You have to rebuild from scratch.

-- 
Grant

"I am gravely disappointed. Again you have made me unleash my dogs of war."

_______________________________________________
Caml-list mailing list. Subscription management:
http://yquem.inria.fr/cgi-bin/mailman/listinfo/caml-list
Archives: http://caml.inria.fr
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners
Bug reports: http://caml.inria.fr/bin/caml-bugs

Reply via email to