Subject: Re: attempt to plant a back door in the Linux kernel
To: Steve Bellovin <>
From: David Maxwell <>
List: tech-security
Date: 11/07/2003 13:28:55
On Fri, Nov 07, 2003 at 11:44:31AM -0500, Steve Bellovin wrote:

Every note about this that I'd seen up until now had not mentioned
anything about how the server was compromised.

	"by Thursday an investigation into how the development site was
	compromised was underway, headed by Linux chief Linus Torvalds,
	according to McVoy. "

Too often, in the open source world, people fail to understand the
importance of transparency. When something goes wrong like this, there
needs to be an announcement of any results this investigation can

Failure to discuss the hack should cause people to ask "How do we know
it hasn't happened more often, or why it won't happen again?"

David Maxwell,| --> Unless you have a solution
when you tell them things like that, most people collapse into a gibbering, 
unthinking mass.  This is the same reason why you probably don't tell your 
boss about everything you read on BugTraq!    - Signal 11