non-disclosure of infrastructure problem a management issue?

Anders Karlsson anders at trudheim.co.uk
Mon Aug 25 09:21:54 UTC 2008


* Les Mikesell <lesmikesell at gmail.com> [20080825 03:08]:
> Jeff Spaleta wrote:
>>
>> Did we have a communication problem? Maybe. 
>
> You make it sound like it was something in the past.

I'd say a week and a half ago fits squarely in the definition of
"past".

> Does anyone know yet whether or not the intrusion was due to a
> software vulnerability in code we are all running?

You *assume* that this may be the case. You are aware that social
engineering is one of the most common entry vectors, right?

Not saying that is what it was, just pointing out that when you start
making assumptions based on not knowing where you are, or where you
are going, you're likely going to end up more lost than when you
started.

> More relevant, does someone know this when the rest of us still
> don't? 

And your point being? Those investigating the incident are likely
going to know most (besides the perpetrator) and there will likely be
legal constraints on what they can and can not say. (Or they'd have
said something by now.)

Law's a bitch like that you know. The majority of us just live with
it. You may want to write your congress representative to have the law
changed so it's not considered interfering with ongoing
investigations, divulging random things to a select few loudmouths
shouting "Open Source! Community!"

Just a thought...

/Anders




More information about the fedora-list mailing list