On 10/6/07, Matthew Miller <mattdm@xxxxxxxxxx> wrote: > On Sat, Oct 06, 2007 at 12:30:18AM -0500, Arthur Pemberton wrote: > > > Because it's generally pretty easy to tell the operating system a given web > > > site is running on. Note that they're talking about *phishing sites*, not > > > the sites from which phishing spam or whatever originates. > > The question still stands.... how do they know the attacks are from a > > _rooted_ linux box? You don't need root to put put a phishing site, > > esp. on a shared host. > > Fair enough. They're just using that term incorrectly. Cool. But I mean, an insure web host is a far cry in terms of security from a rooted box. Even with the most strict SELinux policies one may get up a phsishing page. But to get root is a very big deal, and not something to be said lightly i believe -- Fedora 7 : sipping some of that moonshine ( www.pembo13.com )
