Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] Confessions of a closet OpenBSD user
- Date: Thu, 27 Jun 2002 23:50:55 -0400
- From: Josh Glover <jmglov@example.com>
- Subject: Re: [tlug] Confessions of a closet OpenBSD user
- References: <200206280141.g5S1fqC11383@example.com>
- Organization: INCOGEN, Inc.
- User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020606
Jonathan Byrne wrote: > Just one last whack at the dead horse :-) > > I think a contributing factor in any swell of anti-Theo/anti-OpenBSD > sentiment that arose was the fact that this wasn't just any vulnerability - > it was a vulnerability in a tool that so many of use depend on for secure > remote access to our systems. That scares people, and it should. That > also produces stress, which tends to produce impassioned rhetoric. My situation exactly. Once I calmed down a bit, I realised exactly what you are about to say: > But if we step back for a wider view of the situation, we can see that > while neither SSH nor OpenSSH have perfect security histories (what does?) > they both have very good ones. Moreover, the vulnerability was handled > very well. A lid was kept on it while work progressed on both a work > around (3.3) and a full fix (3.4). > I have no knowledge of any machine that was rooted via this exploit; does > anybody else know of any confirmed compromises via that whole? You are very correct, and this is what kept me from simply dropping OpenSSH on the spot. Once I thought about it, I realised: - The vuln is gone now - No harm was done to my systems - The fix was handled extremely well - I had acted in a very alarmist fashion, in public :( > All in all, while a remote root vulnerability is a serious thing and causes > us all to put in some long hours, it wasn't a huge crisis. Just compare it > to how we (and NT admins) usually find about the latest IIS 'sploit or VB > worm: when it starts spreading like wildfire. Even now, Code Red and Ida > scans are commonplace, and I see so many emails that want to get my advice. > And don't even ask how many Klez bounces clog the postmaster mail box. > Nobody can count that high :-p We *do* get to gloat about this, right? Please? ;) > At the end of the day, I'm left counting my blessings that our platform has > as few security vulnerabilities as it does. Microsoft products seem to > have more trouble in a month or two than we have in a year. Don't worry, > be happy :-) You damned right. -- Josh Glover <jmglov@example.com> Associate Systems Administrator INCOGEN, Inc.
- Follow-Ups:
- Re: [tlug] Confessions of a closet OpenBSD user
- From: Jonathan Byrne
- Re: [tlug] Confessions of a closet OpenBSD user
- References:
- Re: [tlug] Confessions of a closet OpenBSD user
- From: Jonathan Byrne
- Re: [tlug] Confessions of a closet OpenBSD user
- Prev by Date: Re: [tlug] apache still chunked after update
- Next by Date: Re: [tlug] new computer configuration
- Previous by thread: Re: [tlug] Confessions of a closet OpenBSD user
- Next by thread: Re: [tlug] Confessions of a closet OpenBSD user
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |