LinuxSA Mailing list archives

  From: Daryl Tester <dt@picknowl.com.au>
  To  : Phil Pittard <vk5ham@seol.net.au>
  Date: Fri, 28 Apr 2000 08:33:50 +0930

Re: 32bitsonline

Phil Pittard wrote:

> Hi ppl - have never seen 32bitsonline mentioned n this list--- it has
> quite interesting stuff occassionally... such as these 2 news items...
> 
> Team Finds 'Severe' Flaw In Red Hat Server Software
> http://www.32bitsonline.com/news.php3?news=news/200004/nb200004254&page=1

Nothing like hyperbole (not yours, Phil; I mean ISS's's's) to start the
morning.  This has already been covered in BugTraq (now SecurityFocus),
so if this sort of stuff scares you, I would recommend subscribing to
that mailing list.  ISS (who came up with this "'Severe' flaw") have
already been taken to task for the advisory.

"It's a good idea to pay attention to what you're installing and install
 only what you need to," Rouland said. "You should only install the bare
 minimum of what you need, because the less 'moving parts' you have, the
 less vulnerability you have." 

Kind of states the first law of sysadmin'ing.  And of course -

"In the bigger picture, vulnerability assessment tools are what's really
 critical, because the system is so complex now, the only way for a system
 administrator to stay on top is really to use a tool to assess their
 security," Rouland said.

Surprisingly enough, he sells just such a tool.


Regards,
  Daryl Tester

-- 
LinuxSA WWW: http://www.linuxsa.org.au/  IRC: #linuxsa on irc.linux.org.au
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject