F17 Beta DVD install options
Adam Williamson
awilliam at redhat.com
Thu Apr 19 01:30:57 UTC 2012
On Wed, 2012-04-18 at 19:25 -0500, John Morris wrote:
> On Wed, 2012-04-18 at 18:13 +0100, Adam Williamson wrote:
>
> > Not all hacks involve the attacker posting some kind of 'HAHA U HAZ BEEN
> > HACKED' notice to let you know about it. Those are the _nice_ hackers.
>
> Well they usually DO something with a machine they have 0wn3ed.
Like, rifle through the data for anything useful? Keep it backdoored for
future use? Things like that...
> No spam
> spewing forth, no probes against other hosts, etc.
Doesn't mean a whole lot...see above.
> And rpm -Va doesn't
> show anything nasty in the packages that would give an intruder an in.
If someone's owned the machine, they can make rpm -Va say whatever they
like.
> Is all that enough to be 100% sure? Nah. On the other hand if I were
> the sort of paranoid who spent a lot of time with those sort of thoughts
> I'd be running OpenBSD.
Well, sure, there's a line to be drawn somewhere. But even if you're not
a security paranoiac, it's very important to know there's a huge world
of difference between "I'm not aware my machine has been hacked" and
"I'm aware my machine has not been hacked"...
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora
http://www.happyassassin.net
More information about the test
mailing list