[lug] I wish RH users would secure... (D. Stimits)

[D. Stimits]

Gary Frerking wrote:
> 
> >> I *really really really* would like to see all RH users
> 
> >> follow the security email list from RH (it gets tiring
> 
> >> to see the number of RH machines used to attack others).
> 
> >> If you are a RH user and permanently connected to the
> 
> >> net, you *will* get cracked if you dont'udpate and secure.
> 
> While I understand your frustration (and your point), I think it's safe
> to say that if you're running *any* unpatched year-old distro with
> services like ftp exposed to the world, you're asking for trouble.

Definitely.

> 
> RH may be getting the press and attracting the attention of the hackers
> at the moment, but RH isn't the only distro running WU-FTP (and WU-FTP
> isn't the only FTP daemon with security problems over the last year).

It is the part about attracting the attention of crackers that I am
looking most closely at. When someone tries to get into my machine, I
look at them to see what they are running, and 90% of them are RH
machines. It appears that crackers are concentrating on RH, so even if
other distributions are equal, the RH users are still closer to the
fire.

> 
> IMHO, life would be a lot easier if EVERYONE made a reasonable effort to
> secure their systems no matter what they were.
> 
> Blinding assuming you're safe because you're not using RH is just as
> reckless as not keeping up with RH errata.

My only point was that RH users are bigger targets, not that other
distributions are safe. If RH one day gains a reputation for better
security, the crackers will probably focus on the next distribution in
trade. At the moment, being scanned while running RH is almost a
guarantee that someone will come by and try to root kit at some point.

D. Stimits, stimits at idcomm.com

> 
> -- Gary
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug