-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Off list, someone asked me:
> Two questions:
> 
> 1. Are there security tools that will tell if my machine has been
> owned?

Yes, but they generally require that you use them BEFORE there's any
possibility of your system being compromised (i.e. before it's been
connected to a network).  Take a look at Tripwire (www.tripwire.org,
or www.tripwire.com).  There are others too...

Once your system has been compromised, any such tool's reliability
falls suspect, because you can't know that the attacker didn't
compromise IT.  Odds are they didn't, but if you care enough to have
such a tool, you probably don't want to trust it after the machine
it's on has been compromised.

> 2. Is there an RPM for the upgrade?

Yep.  The place to get it depends on what distro you have.  Red Hat
has updates on their site, as usual.  There are also RPMs available
from the OpenSSH home page, which should be usable with most recent
RPM-based distros...

  http://www.openssh.com/

- -- 
Derek Martin               ddm@pizzashack.org    
- ---------------------------------------------
I prefer mail encrypted with PGP/GPG!
GnuPG Key ID: 0x81CFE75D
Retrieve my public key at http://pgp.mit.edu
Learn more about it at http://www.gnupg.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8z2csdjdlQoHP510RArVAAKCDr+QPH4Kb2y6l/qI8cHU0Xm1PXwCfS/JC
jgv51khD7yWguDvoyRcx24U=
=FXj5
-----END PGP SIGNATURE-----