Quoting Timothy D Thatcher (daniel.thatc...@gmail.com): > Hah, I'm glad it was nothing as nefarious as some weird malware or > rootkit, or as irritating/potentially expensive as an actual hardware > failure. Great work, and thanks, Rick.
Just one more thing about that: http://linuxmafia.com/~rick/lexicon.html#moenslaw-security3 Moen's Third Law of Security "Malware is _not_ a security problem; malware is a secondary _after-effect_ of a security problem." People who focus on particular exploits against particular vulnerabilities (or worse, software packages like "anti-virus software" that do so) have already lost the security battle, because they aren't focusing on what's important -- which is correcting their own strategic errors that make those recurring vulnerabilities possible (and inevitable). Marcus Ranum described what is important perfectly, in his essay "What Sun Tsu Would Say" (http://www.ranum.com/security/computer_security/editorials/master-tzu/): o Run software that does not suck. o Absolutely minimize Internet-facing services. If you have to keep chasing after holes in the same hopelessly bad software (PHP, WordPress, AWstats, wu-ftpd, lpd, etc.) — or, worse, paper over that underlying cause with anti-malware software — then you're addressing the _wrong problem_. The computer-security advice Ranum attributes to Sun Tzu bears repeating, too: If you are fighting a losing battle, it is likely one of three things: a) You are continuing a trend in a losing war -- and therefore should not be surprised. b) You have chosen to fight the wrong battle. c) You are stupid. (I'll hasten to say that I'm not calling anyone stupid. Ranum, a major security expert from the BSD community, putting words in Sun Tzu's mouth, is saying that certain people _might_ be stupid. Personally, I'd only go so far as to say 'misguided'. ;-> ) The examples cited of wu-ftp, lpd, and AWstats now seem obscure, but please do remember that I created the page a long time ago. _______________________________________________ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech