Le 20/12/10 03:20, Grant Olson a écrit :
> On 12/19/10 8:03 PM, oliver@first.in-berlin.de wrote:
>> Why not just updateing the machine, or if no updates are available, just eremove exim?!
>>
> If a machine has been compromised, or even if you suspect it has, you
> can't trust anything about it anymore.
>
> Someone could have used the exim exploit to install a rootkit, a version
> of sshd with a backdoor, etc.  And sure, maybe you can take the sha of
> sshd and compare it to a known source, but maybe sha256 has been
> replaced with a version that tricks you.
>
> So you patch exim, think you're good, and they come back to your machine
> six months later.
>
> You have to rebuild from scratch.
Including a BIOS update ...

Cheers,
Christophe


-- 
Christophe Raffalli
Universite de Savoie
Batiment Le Chablais, bureau 21
73376 Le Bourget-du-Lac Cedex

tel: (33) 4 79 75 81 03
fax: (33) 4 79 75 87 42
mail: Christophe.Raffalli@univ-savoie.fr
www: http://www.lama.univ-savoie.fr/~RAFFALLI
---------------------------------------------
IMPORTANT: this mail is signed using PGP/MIME
At least Enigmail/Mozilla, mutt or evolution 
can check this signature. The public key is
stored on www.keyserver.net
---------------------------------------------