On Sun, 17 Sep 2006 13:38:32 +0200, Paul Sebastian Ziegler said: > As you said this requires that the AFS-Server is being kept up to date. > But the Images wouldn't have to be. Apart from this AFS hasn't had a > major security-issue in the past several years. AFS hasn't had a magor security issue in the past several years for about the same reasons that RSTS/E and whatever IBM is calling MVS these days (z/OS?) don't have major security issues you hear about. You don't *hear* about holes because there's not enough sites using it to draw the attention of a competent hacker. And in fact, IBM is still issuing 'Integrity APARs' against z/OS, they're just able to keep it quiet. Go back and re-read the last few batches of AFS updates, and ask youself for each bugfix "Could this *potentially* have been leveraged by a clued hacker?". Then decide if you *still* feel as confident. :) If, as Dijkstra said, "Testing can reveal the presence of bugs, but not their absence", what does lack of widespread testing reveal?
Attachment:
pgpjO5ByfxhmX.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/