On Tue, Sep 17, 2002 at 03:21:01PM +0100, [EMAIL PROTECTED] wrote: > On Tue, Sep 17, 2002 at 02:03:49PM +0100, Lusercop said: > > I'm firmly supportive of the idea that someone who lets their box get > > r00ted is not competent to have root access themselves. > In the case of it happening *after* the bugtraq post about the > particular hole maybe yes but if you were hacked before the hole was > public?
And how long after bugtraq is told? I certainly don't check bugtraq every hour, or even every day. I usually check it once a week, cos I consider that to be a reasonable compromise between safety and my time. Of course, you should read bugtraq reports carefully - often, holes depend both on the software version and on the details of the configuration. If your configuration isn't affected, there's no pressing requirement to upgrade. -- David Cantrell | Member of the Brute Squad | http://www.cantrell.org.uk/david Gehyrst þu, sælida, hwæt þis folc segeð? Hi willað eow to gafole garas syllan, ættrynne ord and ealde swurd, þa heregeatu þe eow æt hilde ne deah. -- Brithnoth