El d�a 30 abr 2003, Michael Toomim escrib�a: > Jose Carlos Garcia Sogo wrote: > >On Tue, Apr 29, 2003 at 02:50:02PM -0700, Michael Toomim wrote: > > > > And how services are being runned in each one? Is the Linux one a net > > server and the windows one a desktop box? Are you taking care of > > Yes. That's my point. People break into servers more than desktop > machines because then they can host warez on servers. But of course, > any unix *desktop* also has the potential to be a server, so it doesn't > matter if I only use it as a desktop. Crackers will turn it into a > server if they can.
So crackers do that to host warez? The first time I heard that.
>
> > installing security fixes? Are you taking care of closing services you
> > don't need to be provided to the Internet?
>
> Yes, I turned off all unneeded services, etc. The latest breakin was a
> debian stable (woody) machine that had been upgraded daily with all the
> latest security updates. I think this was because of a flaw in the
> commercial ssh package (ssh2). I realized after a while that it was a
> really old version, and nobody at debian seemed to be maintaining it
> even though it was a huge security hole. I reported a bug, but it took
> a couple months for them to remove it from debian, and I had already
> been rootkitted by then.
Debian cannot make anything to commercial ssh2 package. It's enough to
be distributing it. Sometimes I think that we should drop that
non-free section.
Just FYI, non-free has no security tracking, and non-free is not part
of Debian. It's only there to support our users.
--
Jose Carlos Garcia Sogo
[EMAIL PROTECTED]
pgpmSsa4gxlRd.pgp
Description: PGP signature
