on 15/7/02 21:25, Eagle at [EMAIL PROTECTED] wrote: > consoles. But those breakins were on a Linux server machine (my OS X > Cube is also a web/ssh server) that was not up-to-date on the latest > fixes at the time. I imagine that, for most Mac OS X users, keeping up > with System Updates will be good enough.
I don't imagine there are too many exploits that can be perpetrated against a Mac OS X machine -- not only would the hacker have to stumble on just the right version of Apache, but they would also have to think quickly enough to compile their exploits for the PPC ;) ;) ;) PS Remember the press recently that the Kremlin's website was running a vulnerable version of Apache? Apparently the website was immune to the attack that was being reported on because of the Cyrillic alphabet (16 bit characters (what's that, a word?) ;). > Nor do I, but with a Unix server, passwords aren't enough. You need > secure communications channels (SSH), and you need to keep up with the > latest patchlevels on your software. Recall the recent SSH and Apache > exploits -- machines that have not been upgraded today are still > vulnerable to exploitation. Someday I'll have to learn how these exploits function. > You need more than a secure OS -- you need an encrypted filesystem to > protect against physical access issues. > > For those worried about remote exploitation, the rules are few and > simple: > - run only the services you need, > - keep up on the latest patchlevels for those servers, and > - limit access to those services by IP address (tcp wrappers) whenever > possible. If you run a server with known secure software, there's little reason to run a firewall. But, there's also the problem that a firewall still won't keep you from getting hacked. If you provide incoming access to your computer the only thing a firewall may/will do is record the person's IP. If the hacker is tricky, they'll also take the time to wipe the firewall's log & you'll never know who broke in ;) -- G-List is sponsored by <http://lowendmac.com/> and... Small Dog Electronics http://www.smalldog.com | Refurbished Drives | -- We have Apple Refurbished Monitors in stock! | & CDRWs on Sale! | Support Low End Mac <http://lowendmac.com/lists/support.html> G-List list info: <http://lowendmac.com/lists/g-list.shtml> Send list messages to: <mailto:[EMAIL PROTECTED]> To unsubscribe, email: <mailto:[EMAIL PROTECTED]> For digest mode, email: <mailto:[EMAIL PROTECTED]> Subscription questions: <mailto:[EMAIL PROTECTED]> Archive: <http://www.mail-archive.com/g-list%40mail.maclaunch.com/> Using a Macintosh? Get free email and more at Applelinks! <http://www.applelinks.com>
