Re: Checking for most recent Solaris Security Patches

From: Linux Mailing Lists (linuxat_private)
Date: Wed Jan 13 1999 - 12:26:51 PST

Next message: Casper Dik: "Re: Tracing by uid u after root does setuid(u)"

Previous message: Dylan Loomis: "NIS and NIS+ ephemeral ports"
Maybe in reply to: spamhaterat_private: "Checking for most recent Solaris Security Patches"
Next in thread: Jon Ross: "Re: Checking for most recent Solaris Security Patches"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

> Or use the automated email patch status robot at pogostick.net.
> See http://pogostick.net/~pdiag/english.html
> (or http://pogostick.net/~pdiag/ if you want it in norwegian)
> for more info.

Doesn't sound very good to send the configuration of your machine over the
internet by email. What if someone gets it and use that information to
know the vulnerabilities of your server? Using your service he would know:

* Which Software you have installed in your server
* Which patches you have applied (and what's more interesting, which
  patches you *haven't* applied)
* The OS version, platform, etc...
* Your server's name

Mmmmmmm... Just the information someone would need to hack your system :)

What about making public the program you use, to run it locally?

(showrev -p ; pkginfo -l)|yourniceprog

Greetings,

                                                        Sergio

PS: Who knows who is really receiving your information at
pdiagat_private ;)

Next message: Casper Dik: "Re: Tracing by uid u after root does setuid(u)"
Previous message: Dylan Loomis: "NIS and NIS+ ephemeral ports"
Maybe in reply to: spamhaterat_private: "Checking for most recent Solaris Security Patches"
Next in thread: Jon Ross: "Re: Checking for most recent Solaris Security Patches"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:28:48 PDT