This is just so *confusing* hmm.. Does anyone here feels like they're being forced to do something? Surely priv seperation is a good thing but it seems to be new and not well integrated into many OS's (or if in any OS's then anyone has a list?), It seems like something i or may be many would rather not try. It's like i have found a vulnerability and I am not going to tell about it, its just that you update it, If i tell any more details about it, someone else might fix it before me, by which i might lose some press fame? Is it all about that? huh? If it is that serious vulnerability, then we should look over history, even when the sysadmins/etc were notified with full details of various vulnerabilities and their working exploits came 2 or 5 months after the advisory, still many vulnerable servers were around the world waiting to be cracked. Do we think that admins might just go for trying something which they are not sure about, which their OS's may not support, and for which they don't even have a inexplicable piece of paper as reason for doing so. ? And again if blackhats or crackers whatever you may call them are actively exploiting this vulnerability and someone has it's capture/analysis then it's attachment with such vague advisory would be better as it would provide an explicable reason for admins to patch. Then again, why they being so good with an opensource (Virtual Organization *according to them* ) OpenSSH and were not same good with Apache (another Virtual Organization *according to them*) ? Regards, --------- Muhammad Faisal Rauf Danka Chief Technology Officer Gem Internet Services (Pvt) Ltd. web: www.gem.net.pk Vice President Pakistan Computer Emergency Responce Team (PakCERT) web: www.pakcert.org Chief Security Analyst Applied Technology Research Center (ATRC) web: www.atrc.net.pk _____________________________________________________________ --------------------------- [ATTITUDEX.COM] http://www.attitudex.com/ --------------------------- _____________________________________________________________ Promote your group and strengthen ties to your members with email@yourgroup.org by Everyone.net http://www.everyone.net/?btn=tag ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.
