[MPlayer-dev-eng] MPHQ server maintainence, upgrade
Birzan George Cristian
ymir at wolfheart.ro
Sun Dec 21 10:45:39 CET 2003
I have a couple of questions, regarding your comments about reinstalling
the MPHQ server.
1) You say on the frontpage that
> MPlayerHQ was cracked on November 16 17:50, but noticed 10 minutes
> later due to some hidden traps. Possibly due to recent lame Linux
> kernel vulnerability (greetz to kernel devs for not publishing details
> much earlier).
a) If the compromise happened on the 16th of November, and you found out
what vulnerability was used in that attack, then why didn't you alert
the kernel developers, which were obviously unaware about the security
implications of the bug, instead of waiting for Debian and Gentoo
machines to be compromised? If you didn't find out what vulnerability
was used in that attack, why mention it in the first place?
b) I've searched both Google and the mailing list archives, but didn't
find any announcement of the compromise. What happened with the box
after it was compromised?
2) In your mail, you state:
>1. why to reinstall?
>- mphq was almost cracked recently (noticed in time, thanks to my hidden
> traps), thanks to debian and kernel bugs
Could you clarify that? What Debian bugs were used? I'm not aware of
any, and I'm sure Debian developers would love to hear about them.
3) Could you, _PLEASE_, stop with the FUD about Debian? Really, it does
neither side any good.
--
Birzan George Violence is the last refuge of
Cristian the incompetent -- Salvor Hardin
More information about the MPlayer-dev-eng
mailing list