On Monday 04 Oct 2004 12:42, Johan Nielsen wrote:
Mandag den 4. oktober 2004 12:27 skrev Sid Boyce:
peter Nikolic wrote:
On Monday 04 Oct 2004 02:54, Paul W. Abrahams wrote:
<STUFF DELETED>
Sure, Linux is harder to break into. but after all, Linux also has its infamous rootkit. On the principle that better neighborhoods attract a better class of burglers, Linux would attract sufficiently talented hackers if it were in wider use.
Linux, with its underlying foundation of old C code, is particularly vulnerable to buffer-overflow attacks.
Paul
Ever heard of Libsafe .. ?....
worth investigating i dont get problems from buffer overflow attacks thanks to Libsafe it can them before they can cause mischief ..
Pete
Silly question for you and Pete. How would you implement "Libsafe" into you Suse distro ??
Secondly other suggestions/"easy" usable pointers to make SuSE a safe place to be ;-)
TIA
Johan
Pete, you and I have used libsafe since it was first introduced and make sure it's installed. We know you have to look beyond the stuff in the distro. We also don't buy into the numbers argument, Windows was not designed with security in mind and does nothing to beef up security other than issue patches for the current crop of attacks as they are exposed. Buffer overflow and format string attacks get killed by libsafe (that answers Paul W. Abrahams point above), so the question raised many times, including by lwn.net about three years ago as to why only Connectiva uses it, perhaps not only Microsoft thinks like Microsoft - vulnerability gets exposed, issue a patch to fix it, exposure exists, discover it, fix it, hoping you don't get bitten before the fix comes out - sounds a crazy scheme to me. Regards Sid.
-- Sid Boyce .... Hamradio G3VBV and keen Flyer =====LINUX ONLY USED HERE===== Install ing Libsafe is no big deal .
down load it build it install it .. /etc/libsafe.exclude /lib/libsafe.so.2 /lib/libsafe.so.2.0.16 /usr/share/man/man8/libsafe.8 I have not looked for a while but i would not mind betting there is a newer version around now .. As for making Suse safe as in secure well i am on an ADSL connection so i have an seperate firewall on the network here that seems to keep things pretty tight i have sat and watched the script kiddies play at trying to find a way in none of them has as yet , I keep em guessing by changing things all the time so they very rarely see the same configuration twice. Dont run as root , A good password is important on ALL logins be it root or user and keep it changed but i don't believe in changing the password on a regular intereval keep it random makes it a lot harder to keep track of . If you are dial up or one of the DSL flavours then run BBIagent "http://bbiagent.net" as your connection to the outside world it has a good firewall and is very flexible i have quite a few people using it including a couple of windBloZe users thatbhave never been hacked as yet and they are on 24/7 plus virus scanners of course . Pete . -- Linux user No: 256242 Machine No: 139931 G6NJR Pete also MSA registered "Quinton 11" A Linux Only area Happy bug hunting M$ clan, The time is here to FORGET that M$ Corp ever existed the world does not NEED M$ Corp the world has NO USE for M$ Corp it is time to END M$ Corp , Play time is over folks time for action approaches at an alarming pace the death knell for M$ Copr has been sounded . Termination time is around the corner ..