Le 20/12/10 03:20, Grant Olson a écrit : > On 12/19/10 8:03 PM, oli...@first.in-berlin.de wrote: >> Why not just updateing the machine, or if no updates are available, just >> eremove exim?! >> > If a machine has been compromised, or even if you suspect it has, you > can't trust anything about it anymore. > > Someone could have used the exim exploit to install a rootkit, a version > of sshd with a backdoor, etc. And sure, maybe you can take the sha of > sshd and compare it to a known source, but maybe sha256 has been > replaced with a version that tricks you. > > So you patch exim, think you're good, and they come back to your machine > six months later. > > You have to rebuild from scratch. Including a BIOS update ...
Cheers, Christophe -- Christophe Raffalli Universite de Savoie Batiment Le Chablais, bureau 21 73376 Le Bourget-du-Lac Cedex tel: (33) 4 79 75 81 03 fax: (33) 4 79 75 87 42 mail: christophe.raffa...@univ-savoie.fr www: http://www.lama.univ-savoie.fr/~RAFFALLI --------------------------------------------- IMPORTANT: this mail is signed using PGP/MIME At least Enigmail/Mozilla, mutt or evolution can check this signature. The public key is stored on www.keyserver.net ---------------------------------------------
<<attachment: Christophe_Raffalli.vcf>>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Caml-list mailing list. Subscription management: http://yquem.inria.fr/cgi-bin/mailman/listinfo/caml-list Archives: http://caml.inria.fr Beginner's list: http://groups.yahoo.com/group/ocaml_beginners Bug reports: http://caml.inria.fr/bin/caml-bugs
