On Tue, 2003-12-02 at 11:11, Vipul Mathur wrote: > A post on debian-security-announce finally talks about the post-mortem > of the recent server compromises. > > http://lists.debian.org/debian-security-announce/debian-security-announce-2003/msg00212.html
[snip] horrid stuff this! but i don't know if anyone's been noticing that for quite some time several projects have been pulled off savannah (such as gnuparted) since they are quietly doing an internal audit for planted vulnerabilities etc. i feel there is more happening here than the press or the public knows for the moment. makes me wonder: if stuff like this happens, even on a public community driven opensource project, where detection, forensics, and transparancy can ensnare such problems, what the heck must be happening in closed source projects. what about stuff that must be going on in banking, finance, closed operating systems, firmware, verticals, and perhaps mission-critical stuff? i also hope whoever tried these exploits gets caught. will make for an interesting case study and for insights. :-) LL _______________________________________________ ilugd mailing list [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd
