On Monday, July 15, 2002, at 04:09 , Eric D. wrote: > on 15/7/02 12:02, Brian L. Matthews at [EMAIL PROTECTED] wrote: >> time cost insurance policy, that may save you from having to cancel >> all your credit cards, or explain to your ISP how it wasn't really >> you participating in the DDoS attack, just your computer. > > This is one argument I do not understand -- who in their right mind > leaves > credit card info on a PC where anyone can have easy access. I'd be much > more > worried about someone walking in and using a computer directly than > having > them hack it from farther afield.
I'm not. I'm much more worried about attacks from remote. This is because I've had my computer broken into more than once, and because I'll have bigger problems if a h4x0r finds a way to access my servers' consoles. But those breakins were on a Linux server machine (my OS X Cube is also a web/ssh server) that was not up-to-date on the latest fixes at the time. I imagine that, for most Mac OS X users, keeping up with System Updates will be good enough. > I back my machine up & can't really think of any info stored on the > machine > that isn't available elsewhere. A successful hack might be > interesting -- > I'd be able to learn a thing or two in that case about cleaning up > after a > hack (then again, I don't run with default passwords, all my OS X > accounts > have passwords, and I only run the Apache personal server in OS X as a > web > service). Nor do I, but with a Unix server, passwords aren't enough. You need secure communications channels (SSH), and you need to keep up with the latest patchlevels on your software. Recall the recent SSH and Apache exploits -- machines that have not been upgraded today are still vulnerable to exploitation. Remember, exploits to Unix software don't use passwords -- they are ways for kiddies to gain root access WITHOUT any password. > A firewall is a neat idea, but it requires computing time, adds yet > *one* > more app to crash your system and is only as good as its configuration > will > allow it to be. This is why hardware firewalls are an excellent choice for the home user. > For that matter, unless you're running a secure OS, *every* OS is > vulnerable > & can be opened up with physical access to the computer (some will be > require more know how than others (I could do Mac OS or Windows, but > OS X > and Linux would be beyond my computing skill without detailed > instructions)). You need more than a secure OS -- you need an encrypted filesystem to protect against physical access issues. For those worried about remote exploitation, the rules are few and simple: - run only the services you need, - keep up on the latest patchlevels for those servers, and - limit access to those services by IP address (tcp wrappers) whenever possible. That reminds me -- I rebuilt my server the other day but I didn't use tcp wrappers on the IMAP server -- I need to configure that. Eagle -- G-List is sponsored by <http://lowendmac.com/> and... Small Dog Electronics http://www.smalldog.com | Refurbished Drives | -- We have Apple Refurbished Monitors in stock! | & CDRWs on Sale! | Support Low End Mac <http://lowendmac.com/lists/support.html> G-List list info: <http://lowendmac.com/lists/g-list.shtml> Send list messages to: <mailto:[EMAIL PROTECTED]> To unsubscribe, email: <mailto:[EMAIL PROTECTED]> For digest mode, email: <mailto:[EMAIL PROTECTED]> Subscription questions: <mailto:[EMAIL PROTECTED]> Archive: <http://www.mail-archive.com/g-list%40mail.maclaunch.com/> Using a Macintosh? Get free email and more at Applelinks! <http://www.applelinks.com>
