On Fri, 19 Jan 2001, Jeff Lane spewed into the bitstream:
JL>On Thu, 18 Jan 2001, Michael H. Warfield wrote:
JL>> Granted that RedHat's record with regard to security and
JL>> upgrades like this has been an abysmal embarrasment. But it's still
JL>> the only shot you've got. As low as it is, you can only do
<big snip>
JL>My point is this:
JL>
JL>A: this was written by kiddies who couldnt figure out how to write decent
JL>code that could find an actual exploit. This worm doenst look for an
JL>exploit. it uses known exploits, and searches for Red Hat systems,
JL>why? because Red Hat had the programs that these exploits are for.
<small snip>
"it uses known exploits" all of which were patched by Red Hat within 24
hours of notice. If anyone is cracked now because of these exploits
guess whose fault it is... hmmmmm? Not Red Hat's... I'd say the
sys-admin's who get busted had better look to their own professionalism
instead of blaming Red Hat!
There are those who say that previous Red Hat releases were full of
holes caused by the way Red Hat set things up in a default
install... Welp... lemme repeat myself:
"...the sys-admin's who get busted had better look to their own
professionalism instead of blaming Red Hat!" The tools to do what's
necessary have always been available. Perhaps the problem is that there
are lots of folks coming into the space wanting to be and pretending to
be sys-admins. The wanna-bes will eventually figure it out because they
want to... the pretenders will continue to pretend. But none of that is
Red Hat's fault... from my perspective, as a professional in the Linux
space, they did and do exactly what I need them to do so I can support
my clients and the boxen for which I'm responsible. The rest of it is on
me!:-)
--
Chuck Mead, Owner, MoonGroup.com
[EMAIL PROTECTED]
GnuPG Public Key Available: http://wwwkeys.us.pgp.net
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
