Hi, all -- ...and then rhoerbe@netpromote.co.at said... ... % Moody seems to be on the MS payroll. Yep. Blindingly so :-) % % On the other side, Linux distributors could do even better. My wishlist % for Suse: % - configure security level (like harden_suse questions) with yast, and % make it more granular. Great idea. % - by default, no shell user should be allowed to log in to ftp/telnet/pop % using the same password or at all Here's what throws me. I understand you to say that the default should be for a console-only system. Is that what you meant?? I also don't know what you mean by "same password"... % - have an installation option, that compares installed packages versus % ftp.suse.com and lists known vulnerabilites and available fixes, and does % updates on request That would be nice, too :-) % % I think, that a lot of security can be gained my making defaults more % secure, or easy, selectable installation options. Few systems get the % attention, that they should .. Yep. Few users, me included, even know all of the places to look, much less have the time to go and get updated packages and install them and make sure they really don't break anything else... % % Rainer % % % % % Frank Hart <frhart@home.nl> % Sent by: hart@pingala.netpromote.co.at % 02.08.00 20:31 % % % To: % cc: suse-security@suse.com % Subject: Re: [suse-security] SuSE security reputation, etc.. % % Len Rose wrote: % % > http://www.abcnews.go.com/sections/tech/FredMoody/moody.html % > It really sucks that SuSE wasn't even mentioned. % % What really sucked was that this article is a total piece of crap. Based % on the number of vulnerability's mr. Moody qualified a total OS. Also he % adds the vulnerabilities of every linux distro but that is nonsence, % cause there's a big chance a vulnerablility found in eg RedHat also % affects SuSE. % % -- % SuSE Linux 6.4 -o) | Like the ski resort of girls looking for % Kernel 2.2.16 /\ | husbands and husbands looking for girls, the % on a i686 _\_v | situation is not as symmetrical as it might % mailto:frhart@home.nl | seem. -- Alan McKay % % --------------------------------------------------------------------- % To unsubscribe, e-mail: suse-security-unsubscribe@suse.com % For additional commands, e-mail: suse-security-help@suse.com % % % % % % % --------------------------------------------------------------------- % To unsubscribe, e-mail: suse-security-unsubscribe@suse.com % For additional commands, e-mail: suse-security-help@suse.com :-D -- David T-G * It's easier to fight for one's principles (play) davidtg@bigfoot.com * than to live up to them. -- fortune cookie (work) davidtgwork@bigfoot.com http://www.bigfoot.com/~davidtg/ Shpx gur Pbzzhavpngvbaf Qrprapl Npg! The "new millennium" starts at the beginning of 2001. There was no year 0. Note: If bigfoot.com gives you fits, try sector13.org in its place. *sigh*