Re: [tlug] Kernel panic

["SL Baur" <steve@example.com>]

On Fri, Apr 18, 2008 at 6:06 PM, Stephen J. Turnbull <stephen@example.com> wrote:
> Attila Kinali writes:
>
>   > Err... The inability to understand the system one is working
>   > with is no excuse to give very dangerouse advices.
>   > Updates _are_absolutely_necessary_ to keep your system safe.
>
>  Eh?
>
>  First, neither the OP nor the people he is quoting are distinguishing
>  between *security updates* and *major system upgrades*, and the OP at
>  least is clearly in a context of the latter.  Those are actually
>  openly hazardous, since they typically introduce new functionality to
>  your system.

Actually, any system upgrade to a critical component is potentially hazardous.
And it's actually a lot more dangerous when you have little idea of what you're
changing if it's all covered up by a dumbed down GUI.

An interesting factoid I saw on slashdot today was that the process of reverse
engineering an exploit based on a Microsoft security patch update has
apparently been automated.

>   > Otherwise you'll catch sooner or later a worm, or someone hacks
>   > into your system and misuses it for hacking other system or sending
>   > spam.

Microsoft group think at its best.

>  As for getting hacked, I've
>  not heard of successful attacks on properly configured (ie, no access
>  by password) sshd, either.

I recall one.  I'll try to dig up the details.  If I'm remembering
correctly it involved
a two-stage breakin.  First into a "less" heavily fortified network to
steal ssh private
keys from an admin and then second into the *heavily* fortified server
target.  This
was from around 2000 and there was a challenge involved.

-sb (First post!  from my finally WiFi enabled work Lenovo notebook)