| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue Apr 25 22:20:36 2006 From: prb at lava.net (Peter Besenbruch) Subject: What is wrong with schools these days? Paul Schmehl wrote: > That's hilarious. The number one defaced website OS is Linux. (See > Zone-H.org if you don't believe me.) No, their data shows Windows has the lead there, at least on page one. > Ask them what that little red ball with the X in it is - you know - the > one flashing up there in the taskbar- and they'll say I dunno. As a Debian user, I don't get those flashing, red balls. That means I'm safe. ;) > No OS is secure by default. No OS can remain secure if it's not > properly configured and maintained. Look at your box right now. How > many of you have inetd or xinetd running? Why? What services does it > provide that you need? Do you even know what chargen or rpc.statd is? > If not, why are they running (if they are)? How many of you have a > workstation running with more than just ssh enabled and *no* firewall > running? Here is the real reason for my post. Inetd runs when it is told to listen for connections. In my case, it ran to listen on behalf of VMware Server, which I no longer have installed. The program that inetd would have invoked was no longer there. I commented out the line in /etc/inetd.conf and killed inetd. Thanks for mentioning that; you made me look. > You name the OS, and I can tell you of at least one incident of hacking. > We haven't had a Windows box hacked in a long time. The last five were > two Macs and three RedHat boxes. Does that mean Macs and RedHat are > insecure? NO! It means, until the general public understands the > problem and knows what the solution is, hacking will continue apace with > no sign of letting up. Agreed, yet I would have a bone or two to pick. I have a neighbor who has hosed two Windows systems through infections. He tried hard to hose the Linux side of things, but, as he was clueless, he couldn't make the worms he saved to disk executable. I have sent my daughter to school with a laptop and no firewall on it (I don't have the network details for what to allow). Instead, I used Synaptic to do an in depth search for the word "server" and removed a bunch of packages. Is ssh installed? Sure, but just the client. Is Samba? Just enough to query her school's system, no server. KDE file sharing? It has to be installed before you can configure it. You get the idea. My daughter's computer runs cleanly, and nothing strange has shown up. Her friends complain a lot about pop-ups that they didn't used to get. Another neighbor had two daughters that kept getting their Windows machines infected. They didn't know how it happened. I switched them to Linux, and the infections stopped. I got a clue when one of them called, asking how to install "free" software from some Web site. Clueless people will always be with us. No OS is going to keep them safe, but some may do a better job than others. You seem successful in managing Windows boxes, but my experience is the opposite. Those daughters who kept getting their computer infected? They never were told the root password. It also meant a lot that they couldn't just double click something and have it run. Such a simple difference in design can mean the world. I have relatives who switched to a Mac. They never questioned why it took 45 minutes to check their e-mail with their old computer over a broadband connection, and were amazed that it took a couple of seconds with the new one. So far, it still takes a couple of seconds. Linux can be hacked, but the vectors differ from Windows, and are narrower. E-mail worms will never take off. Web site remote exploits may work somewhat better. The big vulnerability on Linux comes when you run servers that allow external connections. My experience with Redhat is limited, but it struck me as a distribution that installed the kitchen sink. That can lead to trouble in inexperienced hands. Redhat isn't that easy to set up, either, yet I am amazed that someone installed it, and didn't know what that flashing, red, thingy was down in the task bar. > The real problem is ignorance. Along with bad design. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky
Powered by blists - more mailing lists