The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security: How we did it



Christoph Lameter <clameter@waterf.org> writes:

> Since there were so many posts regarding security in the last days
> and so much what I would consider inaccurate representations. I
> thought a summary of how security is handled on our campus would
> hopefully bring things into the correct perspective.

Yes, I have a whole new understanding of your thoughts on security.

> Also security holes should not be discussed in public as has been
> done with the dosemu issue.
> [...]

Even if public discussion of security holes was a bad idea, which it
isn't, you still couldn't stop me or someone else from discussing it.

A few brief points:

  * Crackers don't need any help to find security holes.  System
    administrators do.
  * Publicizing security holes encourages people to fix/upgrade
    their systems and helps developers find solutions (i.e., the SYN
    attack).
  * Your security requirements are not the same as everyone else's.
    In a corporate environment, your business may be at stake, not
    just a class assignment.

I don't count on being able to convince you that you are misinformed
about security, but I would suggest to everyone else who would like to
learn more about security that they check out these sources:

  Cheswick, William R.; Bellovin, Steven M. Firewalls and Internet
  Security: Repelling the Wily Hacker. New York: Addison-Wesley
  Publishing Company, 1994.

  Garfinkel, Simson; Spafford, Gene. Practical UNIX
  Security. Sebastopol, CA: O'Reilly & Associates, Inc., 1996

The latter book also has an excellent section on writing setuid
programs.

-- 
Daniel Quinlan                  http://www.pathname.com/~quinlan
quinlan@pathname.com            quinlan@transmeta.com (at work)

--
This message was distributed manually by Bruce@debian.org after the list
initially failed to distribute it.