[linux-security] Re: RedHat 5.X Security Book

[Digital Fins Inc <fins nettaxi com>]

I'm not sure if this has been discussed on this mailing list or bugtraq
but I guess I'll go over it anyway. Rootshell gets all their information
from mailing lists like these. They don't get anything any sooner then
admins do that are on these mailing lists. So that means that all the
rootshell script kiddies get thier exploits on rootshell and also off
these types of mailing lists. So admins get the security info as soon as
these "hackers" do. Yes that still sucks since a security notice can
come when you're asleep and someone then could break in. So basically
its a game of time, whoever gets there first wins. In my opinion if you
take all these notices and apply them to your system quickly there is
nothing to worry about. Well at least from like 99% of the hacking
community. 

I think the problem isn't the millions of rootshell script kiddies out
there its the hundred or so of the real hackers who have the knowledge
to find out what can be exploited and write a exploit to bust root. Once
that exploit has no more use to them then they might make it public and
put it on bugtraq. That might be a year of them going around exploiting
systems. These are the people you have to worry about.

Script kiddies are stupid and don't know what to do. I can't tell you
how many I've caught trying to hack right through their PPP and then i
make a call to their parents and give them a scare and chances are they
won't be doing anything more on the computer for awhile :]

Mike