Re: [cobalt-users] OT brief note on: CERT AdvisoryCA-2003-25Buffer Overflow in Sendmail

[Anders <andersb@xxxxxxxxxxx>]

Zeffie wrote:
>> Maybe you should test their OpenSSH package before knocking it ?
> 
> I don't need to do that?  do you understand the concept?

I do... "Don't trust anything without the source code". Right ?

However, SolarSpeed does provide more info if you actually talk to them.

>> If you don't trust us Europeans, doesn't that cause you problems ?
> 
> you don't understand the concept... i have no problem with Europeans.  if it
> helps change it to "I can't trust some guy (I think) living in the "south
> pole" (I think) (in a red suit)

That's a relief! :-) I understand now you meant: "some unknown third party"

Just don't understand what makes Zeffie different from SolarSpeed or NuOnce?
Doesn't the same trust relationship apply to all software business partners?

Email me off-list if you want to continue this thread, getting off-topic...

> the sun linux follows plain redhat as far as I have seen...

Yes, it's rather plain vanilla RedHat 7.2 with their own kernel...
 
> ??  I still have people call and they don't have ssh installed :(  I know
> people that never install updates.. any of them....   and they seem to
> live...  I don't know why????????

You can live without SSH, I suppose (just as long as they don't use telnet?)

But running old vulnerable software without the patches, that *is* risky...
(and unfortunately, with the automated worms and such, we all suffer for it
when their server is broken into and serves as a means for further attacks)

--anders