On Mon, 29 Aug 2005 16:01:34 +0200 Han Boetes <[EMAIL PROTECTED]> wrote:
> Bollocks. > > Show me your exploit or shut up. > > > Vladislav Belogrudov wrote: > > It reminds me approach > > "we won't fix it because nobody reported a problem". > > I think this is not obsd case and this is what > > make difference between obsd and commercial unix. > > > > PS. X11 is not a secure thing you can trust that easy > > ;) > > > > > > --- Han Boetes <[EMAIL PROTECTED]> wrote: > > > > > Vladislav Belogrudov wrote: > > > > I thought it would make sence for most secure OS. > > > > One port less listening the World. > > > > > > It's not a security problem to have an open port. > > > It's a security problem to > > > have a bad server listening to an open port. > > > > > > And since nobody knows about a problem with the X > > > server, not even the people > > > who have very deep knowledge about X and about > > > security you can safely assume > > > it's OK to have that port open by default. > > > > > > Now if you don't trust any of all those experts and > > > you want to close that port > > > for your own machine that's fine, but don't ask the > > > experts to trust on your > > > intuition while they are providing the OS in the Vladislav, I tend to PF all of my machines inside the network, defense in depth anyway. So typically I don't worry about that... That and I seldom install and if I do, seldom leave X running on my boxes (servers anyway). I don't understand the "the service should not be turned off if there is no exploit" out there... It just does not make sense to leave services running until an exploit is found if you are not using them. I just can't accept that as a reason not to do it. I've always been a turn it off, then firewall it kind of guy. Of course I did not understand that whole thing about "get rid of the perimeter firewall" either... BUT, as someone previously pointed out Theo and company deliberately decided at some point that it should be left on - no matter what the reason, I would have to trust thier judgement on it (as they know a whole lot more than I do on it). So anyway... Apparently some people very smart thought it through already, and decided it was worth leaving on - so sleep easier and PF the box :) -- Bill Chmura Director of Internet Technology Explosivo ITG Wolcott, CT p: 860.621.8693 e: [EMAIL PROTECTED] w. http://www.explosivo.com
