On 10/8/07, David McNab <david(a)rebirthing.co.nz> wrote:
On Mon, 2007-10-08 at 13:15 +1300, Ian McDonald wrote:
http://www.osnews.com/story.php?news_id=18738
The moral of the story is that unsecured (particularly unpatched) Linux boxes are just as bad (or worse) than Windows boxes.
I've seen a lot of people just install Linux machines and leave them running. Yes they run forever, but that doesn't make them secure. It seems like Linux is now more and more a target.
What's possibly more of interest here is *how* the linux boxen got cr4><0r3d.
It could just be an SQL injection vulnerability or arbitrary shell command execution vulnerability in some PHP plugin module of some web app framework, yet Linux as a whole gets blamed.
The thing is that Linux these days means what your distro ships with it. You could argue that Linux itself is just the kernel which is not very vulnerable, but also useless without programs such as Apache, PHP etc. Microsoft has put a lot of effort into lowering the attack space with Longhorn and Linux distros could probably learn from this. Ian -- Web1: http://wand.net.nz/~iam4/ Web2: http://www.jandi.co.nz Blog: http://iansblog.jandi.co.nz