On 12/19/10 8:03 PM, oli...@first.in-berlin.de wrote: > > Why not just updateing the machine, or if no updates are available, just > eremove exim?! >
If a machine has been compromised, or even if you suspect it has, you can't trust anything about it anymore. Someone could have used the exim exploit to install a rootkit, a version of sshd with a backdoor, etc. And sure, maybe you can take the sha of sshd and compare it to a known source, but maybe sha256 has been replaced with a version that tricks you. So you patch exim, think you're good, and they come back to your machine six months later. You have to rebuild from scratch. -- Grant "I am gravely disappointed. Again you have made me unleash my dogs of war." _______________________________________________ Caml-list mailing list. Subscription management: http://yquem.inria.fr/cgi-bin/mailman/listinfo/caml-list Archives: http://caml.inria.fr Beginner's list: http://groups.yahoo.com/group/ocaml_beginners Bug reports: http://caml.inria.fr/bin/caml-bugs
