From: Daniel J Walsh <dwalsh@redhat.com>
To: Justin Mattock <justinmattock@gmail.com>
Cc: Matthew Hammer <matthewhammer89@gmail.com>, selinux@tycho.nsa.gov
Subject: Re: question about security
Date: Fri, 30 May 2008 15:27:14 -0400 [thread overview]
Message-ID: <48405512.2040503@redhat.com> (raw)
In-Reply-To: <dd18b0c30805301157x661896c4j65655167ba22df07@mail.gmail.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Justin Mattock wrote:
| On Fri, May 30, 2008 at 5:51 PM, Matthew Hammer
| <matthewhammer89@gmail.com> wrote:
|> On Fri, 30 May 2008 17:04:41 +0000
|> "Justin Mattock" <justinmattock@gmail.com> wrote:
|>
|>> Hello; First I need to start with a status: SELinux seems to be
|>> handling nicely with the latest git, and refpolicy. You guys really do
|>> a good job.
|>> Now for the question: I noticed reading the New York Times that
|>> Comcast was hacked into, after reading the article I couldn't help but
|>> ask the question
|>> of "If comcast was using Linux with SELinux would this have happened".
|>> So the question to SELinux is: If Comcast was using Linux, with
|>> SELinux on there servers
|>> would this attack have been prevented? What should Comcast have had
|>> with there set up to better protect them from this type of
|>> attack?(even though they probably use windows)
|>> How would regular users and small businesses protect themselves from
|>> this type of terrorism?
|>> regards;
|> My understanding of the comcast hack was that the hackers altered
|> Comcast's registration information with the vendor that registers their
|> domain. So no, the problem wasn't anything internal with comcast's own
|> system.
|>
|> --
|> Matthew Hammer
|>
|
| AAhh I see, the vendor that registers their domain.
|
Of course the next question is whether the vendor who registers their
doimains had been running SELinux, could it be stopped, and there is a
good possibility.
Depending on the Version, SELinux prevents most buffer overflow attacks
on confined domains.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkhAVPQACgkQrlYvE4MpobPWSwCfQnk59XT5A7vZ/hL8JtHJGBj5
9fkAoJ+RKyeW/Vcd86U7syYUK9T17zwR
=tzTL
-----END PGP SIGNATURE-----
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2008-05-30 19:28 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-05-30 17:04 question about security Justin Mattock
2008-05-30 17:51 ` Matthew Hammer
2008-05-30 18:57 ` Justin Mattock
2008-05-30 19:27 ` Daniel J Walsh [this message]
2008-05-30 20:29 ` Justin Mattock
[not found] ` <367BE2FA995D5747B2E75B330734CA616BD237@MAILBE-LA17.lausd.net>
2008-05-31 0:34 ` Justin Mattock
2008-05-31 12:47 ` Russell Coker
2008-05-31 14:54 ` Justin Mattock
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48405512.2040503@redhat.com \
--to=dwalsh@redhat.com \
--cc=justinmattock@gmail.com \
--cc=matthewhammer89@gmail.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.