[linux-security] Re: RedHat 5.X Security Book

[Jon Lewis <jlewis inorganic5 fdt net>]

On Sun, 12 Jul 1998, twiztah wrote:

> >"99% secure" is an almost completely meaningless statement, in any
> >case. 
> 
> There are fully functional systems which are 100% secure to the publically
> _KNOWN_ bugs. Not every admin sits on his chair at work and eats donuts,
> while little script monkeys are rooting his machine.

This still doesn't mean much.  Should I feel better with the knowledge
that when one of my systems was hacked several months ago, it was hacked
using a previously unpublished hole?  Well...actually, I do feel a little
better, but it doesn't do me any good.  At least the hole (and exploit)
are publically known now.  

I still fully agree its a good idea to make your system as secure as you
can, but the statement that any system is 100% secure against publically
known bugs just doesn't mean much.  It means the average idiot who knows
how to use a web browser and reaches rootshell.com probably can't hack
you...but someone just a little higher up the food chain might not have
any trouble at all hacking you.

[mod: And always there is a window between the hole becoming public
and the administrator being able to react on that knowledge.... --REW]


------------------------------------------------------------------
 Jon Lewis <jlewis fdt net>  |  Spammers will be winnuked or 
 Network Administrator       |  drawn and quartered...whichever
 Florida Digital Turnpike    |  is more convenient.
______http://inorganic5.fdt.net/~jlewis/pgp for PGP public key____