On 9/4/06, bruce <bedouglas@xxxxxxxxxxxxx> wrote:
tod.... research seems to inodicate that the vast majority of 'bot' networks are windows based systems. if one has done a reasonable job of dealing with passwords (not making them obvious), not allowing for root access via ssh, and checking the logs in the system periodically, then the avg linux system is farily safe. i'm specifically excluding systems running web servers, because apache/php web apps have a whole other set of security issues that need to be addressed. -bruce > > 2. I just listened to part of a symposium on computer security. It > > really is possible and occurs more often than we know (people who get > > hit tend not to talk) that computers are made into "bot" networks. To > > completely "flush" a computer of it's operating system and all other > > areas and leave only the "data that I really need now" makes us a lot > > more of a "moving target" for those who would try to take our > > computers as theirs! I like that idea!! > > That verges on paranoia, in my view. > I'm not sure what a "bot network" is, > but I would have thought it was fairly easy to construct a firewall > which prevents your computer being taken over. >
Hi Bruce! What research? Please do quote!! The vast majority of computers out there are MS. So what if the "research" is properly scaled for that. In today's world browsers are the most sought. In our world I am not surprised that Firefox was hit. I guess you could say I am seeing red!: # list of vulnerabilities - http://www.mozilla.org/projects/security/known-vulnerabilities.html # Hit! http://www.vnunet.com/vnunet/news/2142140/security-hole-hits-firefox Please keep in mind that once a person obtains your computer (which he probably did very quietly) he will also probably use it very quietly. It is called "keeping below the radar" in their world. Firefox 2.0 is released. Security is touted. Same with other OSs yet security experts see "the other OSs" as very much behind in the security realm compared with MS (they being in much more of a position to know). See Links: # The F.B.I.s David Farquhar interviewed Aug 27 (podcast) http://cyberspeak.libsyn.com/ # Security Symposium (see Webcast in info and presentations to left): http://www.itss.umich.edu/events/sumit06.html It is my hope that we detach our feelings about our OSs and attend to their need for security. Secure Codeing! Tod
