On Wed, 2012-04-18 at 19:25 -0500, John Morris wrote: > On Wed, 2012-04-18 at 18:13 +0100, Adam Williamson wrote: > > > Not all hacks involve the attacker posting some kind of 'HAHA U HAZ BEEN > > HACKED' notice to let you know about it. Those are the _nice_ hackers. > > Well they usually DO something with a machine they have 0wn3ed. Like, rifle through the data for anything useful? Keep it backdoored for future use? Things like that... > No spam > spewing forth, no probes against other hosts, etc. Doesn't mean a whole lot...see above. > And rpm -Va doesn't > show anything nasty in the packages that would give an intruder an in. If someone's owned the machine, they can make rpm -Va say whatever they like. > Is all that enough to be 100% sure? Nah. On the other hand if I were > the sort of paranoid who spent a lot of time with those sort of thoughts > I'd be running OpenBSD. Well, sure, there's a line to be drawn somewhere. But even if you're not a security paranoiac, it's very important to know there's a huge world of difference between "I'm not aware my machine has been hacked" and "I'm aware my machine has not been hacked"... -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora http://www.happyassassin.net -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
