[NMLUG] Oops! Linux Bug Escapes Early

Warner Losh nmlug@swcp.com
Fri, 30 Nov 2001 09:58:45 -0700


In message <3C07B7BD.8020906@spinn.net> Matt Grommes writes:
: Also, I don't know how I feel about these "coordinated releases". To me, 
: it just gives crackers more time to exploit the holes.

You definitely see a huge spike in penetration attempts after people
go public with these things.  A few days is *REALLY* needed to get
fixes in place.  Some crackers may exploit the holes in the interrum,
but more people upgrade if the fixes are in place when the advisory is
issued.

I know.  I'm the former FreeBSD security officer and on the SO team.
I'm pissed at redhat for jumping the gun, since it makes more mop up
work for me.

<grump>

Warner
------------------------------------------------------
To UNSUBSCRIBE send a message to nmlug-request@swcp.com
with only the word unsubscribe in the body.  More
information can be found at www.nmlug.org/info.html
-----------------------------------------------------