Subject: RE: [Fwd: RE:Fwd: Compromised Linux Box [#7826335]] (Response fro m hypermart.net)
From: Leif Sawyer (lsawyer@gci.com)
Date: Wed Apr 24 2002 - 08:49:19 AKDT
Arthur Corliss writes:
> I'm not sure what the point is to shutting down sites that
> just have tools. There's more than a few white hats that
> use them to test the security of their own systems. Our
> response shouldn't be to try to deprive the populace of the
> tools (which is a lesson in futility, anyway), but to make
> sure our infrastructure is secured against such.
Not to beat a horse or anything, but the site in question was
just a script-kiddie repository, not a distribution site for
knowledgeable folk to come get information and updates about
security testing.
99% of the tarballs in question were binary-only, good for the
specific distribution they were labled for. Only one tarball
of the ones I checked came with any source -- (adore, which is
a loadable kernel module to hide processes, and needs to be built
on a per-kernel basis.)
OTOH, we need to support the folks who write this code. If you
mirror it to ensure wide distribution and availability, only
make the source available. Yes, it's only 2 steps away from
a script-kiddies hands, but that's still 2 more steps they have
to deal with.
OTGH, it's a never-ending war, isn't it..
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
This archive was generated by hypermail 2a23 : Wed Apr 24 2002 - 08:49:32 AKDT