On Tue, 2 Dec 2003, Justin Zygmont wrote:

what I don;t understand about this, is how could they know that this was the exploit the hacker used, what if there is something else?

I believe the attacker left some clues such as binaries lying around and these were reverse engineered, revealing the exploit. I understand the Redhat & Suse security teams worked with the Debian developers on this one. It isn't impossible that there is another exploit but I consider it unlikely. Occam's Razor suggests it is likely only one exploit was used. If I leave the front door open and the back door open a burglar will probably only enter through one of them. The burglar may not even discover the other is open. There might be other exploits on the Debian servers but that is as likely to be the case as on any other box. A properly patched box shouldn't have any known security problems. Rob -- Robert Brockway B.Sc. email: robert-5LEc/6Zm6xCUd8a0hrldnti2O/JbrIOy at public.gmane.org, zzbrock at uqconnect.net Linux counter project ID #16440 (http://counter.li.org) "The earth is but one country and mankind its citizens" -Baha'u'llah -- The Toronto Linux Users Group. Meetings: http://tlug.ss.org TLUG requests: Linux topics, No HTML, wrap text below 80 columns How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml