[vox] Password NOT stolen at linuxworld
Ryan Castellucci
vox@lists.lugod.org
Mon, 11 Aug 2003 15:00:14 -0700
On Mon, Aug 11, 2003 at 02:16:15PM -0700, Dmitriy wrote:
> On Mon, Aug 11, 2003 at 01:42:08PM -0700, Ryan Castellucci wrote:
> > OK, guys, here's the scoop... Somebody 0wned my system at
> > work, running debian testing. Installed this lovely password
>
> Testing is inherently insecure. _Don't_ run testing on any publically
> accessible computers. It doesn't get security updates.
>
> If you are lucky you will get one after a week. If you are not, the update can
> range anywhere from two weeks (all conditions for going into testing are
> satisiied and update is uploaded with normal urgency) to months (like
> waiting for new glibc to go into testing).
>
> So, I'd say you were asking to be 0wned.
I claim IGNORANCE!!!!
I was not aware of this, I sure wish someone had told me. I needed newer versions
of several packages that were not available in stable. Would I be better off
running sid in the future?