Big Bad Beowulfs Again

Gregory R. Warnes warnes at biostat.washington.edu
Sat May 13 19:34:24 PDT 2000


On Sat, 13 May 2000, Nathan L. Cutler wrote:

  NLC>> You neglect to take into account the BUGTRAQ factor (if you don't know what
  NLC>> BUGTRAQ is, try typing "BUGTRAQ" into your favorite web search engine).
  NLC>> 
  NLC>> In other words: "accumulating" knowledge of weaknesses would be of little
  NLC>> use to the troublemakers because the weaknesses are widely publicized as
  NLC>> they are discovered and fixes appear within days in most cases (sometimes
  NLC>> hours).
  NLC>> 
  NLC>> By the time the troublemakers unleashed their dastardly attack, most if not
  NLC>> all of it would be obsolete.

Unfortunately, a large proportion of the machines on the interenet are not
closely managed for security.  Think of univerisities and of all the
home machines on full-time connections...

In addition, while BUGTRAQ reports are good for closing specific holes,
often the fixes don't resolve the CLASS of exploits.

-Greg






More information about the Beowulf mailing list