non-disclosure of infrastructure problem a management issue?

Les Mikesell lesmikesell at gmail.com
Mon Aug 25 17:39:15 UTC 2008


Anders Karlsson wrote:
> * Les Mikesell <lesmikesell at gmail.com> [20080825 16:06]:
>> Thomas Cameron wrote:
>>> I understand
>>> that the path to recovery from this kind of breach is incredibly
>>> painful, and there are numerous folks managing that recovery.
>> Knowing that, doesn't it bother you that your system is very likely  
>> vulnerable to the same exploit - and that there are people who know how  
>> to do it?
> 
> You are making assumptions Les. You don't know how the perpetrator
> gained access. (Well, I am assuming you don't, but if you do, feel
> free to enlighten the rest of us.)

Agreed - I don't know.  And that's a problem when someone else does know 
how to break into our systems - or we haven't been told that it was an 
inside job.

> Until it's disclosed how (and where, when and why) - getting worked up
> over it is wasted energy.

So is pretending that there is no reason to be concerned.

> Congratulations on the very selective quoting as well.

It doesn't make any sense to point out how serious a problem a breakin 
is and then say everyone should just ignore it and go about their business.

-- 
   Les Mikesell
    lesmikesell at gmail.com




More information about the fedora-list mailing list