Paul Wise: > On Wed, Sep 18, 2013 at 9:36 AM, Török Edwin wrote: > >> Why not just reinstall from a trusted source, then restore /etc, /home and >> /var from backups >> and audit the changes introduced by that only? > > That is a slightly short-sighted way to do it; if you restore from > scratch without doing any forensics you won't know which methods your > attackers used and how you can defend yourself from them after you > have restored the system from scratch. Perhaps they will attack you > again soon afterwards. >
I didn't have that argument in mind, but I am happy to read it. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/5239bd83.7050...@riseup.net