I'd love to see something in there about most commercial sites being behind firewalls without nfs access across the firewall. This greatly reduces the risk from the nfs problems. If you get your binary via nfs from a trusted host inaccessible from the internet, then if you have this problem management can handle it as an employee problem;) There are ways to make secure firewalls, it's fairly well understood. Sometimes people point to things like the hack Mitnick did last Christmas, but his attack took advantage of a couple of things a security expert shouldn't have allowed, first and foremost two machines were accesible from the internet, and one of them trusted root logins from the other without a password:(
I could write something up about it if you'd like.
You might want to refer the NYT to the recent study published by Computer Security Institute (in info-sec super journal on our W3 site). There are alse several papers there on "Internet Holes" under Network Security in the same on-line journal. Every month, another 5-10 holes are added to those published in this forum. -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236