From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Original-To: caml-list@yquem.inria.fr Delivered-To: caml-list@yquem.inria.fr Received: from mail3-relais-sop.national.inria.fr (mail3-relais-sop.national.inria.fr [192.134.164.104]) by yquem.inria.fr (Postfix) with ESMTP id 4C41EBBAF for ; Mon, 20 Dec 2010 03:20:58 +0100 (CET) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ArcAANNMDk3RVditkGdsb2JhbACDY5I0jg8IFQEBAQEJCQwHEQQgoxKJNo9CgSGDNXQEhGU X-IronPort-AV: E=Sophos;i="4.60,199,1291590000"; d="scan'208";a="71126104" Received: from mail-qy0-f173.google.com ([209.85.216.173]) by mail3-smtp-sop.national.inria.fr with ESMTP/TLS/RC4-MD5; 20 Dec 2010 03:20:26 +0100 Received: by qyk1 with SMTP id 1so3235480qyk.18 for ; Sun, 19 Dec 2010 18:20:24 -0800 (PST) Received: by 10.224.179.210 with SMTP id br18mr3488594qab.357.1292811623034; Sun, 19 Dec 2010 18:20:23 -0800 (PST) Received: from johnmudhead.yoyodyne.gto (pool-71-182-218-86.pitbpa.east.verizon.net [71.182.218.86]) by mx.google.com with ESMTPS id h20sm1876333qck.12.2010.12.19.18.20.19 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sun, 19 Dec 2010 18:20:22 -0800 (PST) Message-ID: <4D0EBD59.6000703@grant-olson.net> Date: Sun, 19 Dec 2010 21:20:09 -0500 From: Grant Olson User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7 MIME-Version: 1.0 To: caml-list@yquem.inria.fr Subject: Re: [Caml-list] ocaml-tutorial.org is down References: <20101220065055.839fdd7b.mle+ocaml@mega-nerd.com> <20101219234718.GA6086@annexia.org> <20101220010332.GA8023@siouxsie> In-Reply-To: <20101220010332.GA8023@siouxsie> X-Enigmail-Version: 1.1.1 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam: no; 0.00; in-berlin:01 backdoor:98 dogs:98 wrote:01 oliver:01 caml-list:01 rebuild:03 install:05 patch:08 suspect:09 machine:09 machine:09 scratch:10 maybe:10 maybe:10 On 12/19/10 8:03 PM, oliver@first.in-berlin.de wrote: > > Why not just updateing the machine, or if no updates are available, just eremove exim?! > If a machine has been compromised, or even if you suspect it has, you can't trust anything about it anymore. Someone could have used the exim exploit to install a rootkit, a version of sshd with a backdoor, etc. And sure, maybe you can take the sha of sshd and compare it to a known source, but maybe sha256 has been replaced with a version that tricks you. So you patch exim, think you're good, and they come back to your machine six months later. You have to rebuild from scratch. -- Grant "I am gravely disappointed. Again you have made me unleash my dogs of war."