"Adrian F. Clark" alien@essex.ac.uk wrote:
-- if it's a new security hole, contact the CERT people at Carnegie-Mellon;
That's the one! I thought there was some CERT somewhere that accepted reports which weren't covered by any other CERT. Even if it's an old security hole, still report the incident so that it gets counted and can inform action.
[...]
I don't see that there's a real need for an organization like CERT in the UK: Linux is global and if there's a newly-found hole in widely-used software, it'll affect others too. [...]
Sure, but some UK service providers seem particularly insecure or bad at reacting to security problems on their systems, so it would be good to have proper data on whether that perception is accurate and help coordinate education/correction of them and actually catch some of the attackers perhaps, instead of the end-users bearing the cost of clean-ups that could be avoided.
I'm not aware of any companies that will help harden small Linux installations or help mop up after a break-in, but then again I haven't looked. Maybe there's a hole in the market...
My webmaster cooperative has done some mop-ups, but it's not particularly clever (more tedious), not much fun and isn't guaranteed.
Regards,