From: Aidan Kehoe (kehoea at domain parhasard.net)
Date: Tue 25 Jun 2002 - 13:55:30 IST
Ar an 25u la de mi 6, scriobh kevin lyda :
> another interpretation is this:
> if the openssh team releases a patch today, the crackers will know the
> vulnerability immediately. if the openssh team releases privsep across
> the ports (which appears to also stop the attack), then the crackers
> are no wiser.
> the "vulnerability clock" starts ticking the moment a patch comes out
> that directly addresses the problem. privsep will protect systems,
> but not directly give away the vulnerability.
The Alan Cox "Theo might be feeding everyone a trojan" thing is dead
-- I'm not a pheasant plucker / I'm a pheasant plucker's son. I'm just a'plucking pheasants / 'Til the pheasant plucker comes.
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:17:30 GMT