non-disclosure of infrastructure problem a management issue?
Les Mikesell
lesmikesell at gmail.com
Mon Aug 25 17:39:15 UTC 2008
Anders Karlsson wrote:
> * Les Mikesell <lesmikesell at gmail.com> [20080825 16:06]:
>> Thomas Cameron wrote:
>>> I understand
>>> that the path to recovery from this kind of breach is incredibly
>>> painful, and there are numerous folks managing that recovery.
>> Knowing that, doesn't it bother you that your system is very likely
>> vulnerable to the same exploit - and that there are people who know how
>> to do it?
>
> You are making assumptions Les. You don't know how the perpetrator
> gained access. (Well, I am assuming you don't, but if you do, feel
> free to enlighten the rest of us.)
Agreed - I don't know. And that's a problem when someone else does know
how to break into our systems - or we haven't been told that it was an
inside job.
> Until it's disclosed how (and where, when and why) - getting worked up
> over it is wasted energy.
So is pretending that there is no reason to be concerned.
> Congratulations on the very selective quoting as well.
It doesn't make any sense to point out how serious a problem a breakin
is and then say everyone should just ignore it and go about their business.
--
Les Mikesell
lesmikesell at gmail.com
More information about the fedora-list
mailing list