[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: security issues.....
>>>>> Will == Will Newton <will [at] south-of-heaven.demon.co.uk> writes:
>> THEY CLAIM MY PC IS VUNERABLE TO UNSOLISETED ACCESS.
>>
>> I WOULD BE INTERSTED TO HEAR ANYONE'S COMMENTS ON THIS.
Will> Probably, but not easy, especially if you chose good
Will> passwords.
Uh-uh. Easy pie, no passwords. Many distros (RH, TurboLinux) have a
history of automatically providing and enabling anon FTP _with_
writable ./incoming. Can we serve you some more warez, d00d?
Turbolinux 4.0 comes with Apache by default, and proxying enabled,
also by default. Oops: porno site laundry for all those kidz whose
parents subscribe to site-blocking services. No biggie (unless /var
is small ;) but definitely unauthorized access.
Thing is, _all_ of the popular distros these days are biased in favor
of installing services by default. And they make security mistakes in
configuration. They fix 'em, yes, but the process of upgrading opens
you up to new mistakes or old ones remade.
Then, if there are any NT boxen on your LAN, there are so many
exploits, so little time.... And once they're cracked, all network
traffic is exposed (passwords, etc). They don't call it promiscuous
mode for nothing!
I've been an unwitting warez distributor and eggdrop host (same
cracker, sniffed a local user password I think) and a spam distributor
(broken smail distribution; the no-remote-to-remote-relay option was
configured but didn't work as documented). I thought I knew what I
was doing, you see....
Yes, paranoia is a good thing.
--
University of Tsukuba Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
Institute of Policy and Planning Sciences Tel/fax: +81 (298) 53-5091
/- /System.old /apps /bin /boot /dev /etc /home /lib /lost+found /misc /mnt /net /proc /root /sbin /share /tmp /usr /var What's the big deal about the millennium? .............................
.... There are still 362 shopping days left until the millennial epoch! */
Start your own FREE mailing list at
© 2000 Microsoft Corporation. All Rights Reserved