On 04/21/2015 01:12 PM, John Andersen wrote:
On 04/21/2015 12:49 PM, Mark Hounschell wrote:
Do Linux users now have to worry about browsing the web like Windows users do? I forgot to answer this bit.... The chances of you linux box being hacked is dramatically smaller than is the chance that roadrunner is hacked. Infinitesimally smaller in my opinion.
This might be a good topic: Has your Linux install ever been hacked? In my case, yes. Here are the particulars. SuSE 5.3, installed at home on a cable modem. The documentation at that time was partially in German, including the instructions for the host-based firewall. I figured I'd work on the firewall at some later date. Alas, someone hacked in using a mountd vuln (yes, I was running NFS). I noticed it when they renamed /etc/hosts.allow to /etc/host.allow. Another hack leveraged a vuln in ssh-1.2. This was in a corporate environment that lacked a firewall (it was a different time). This was in the late 1990's I think. A third time was only two years ago on a dedicated host at a remote noc. I'm not sure how they got in, ssh was the only open port. But I did just enable username/password logins so that the noc techs could do some maintenance, and I think that possibly someone guessed the root password or that one of the noc techs was hacked and had the password in a file on their own host. Yes, I was running sshguard too. I normally allow only ssh public-key authentication. Over the decades I've received LOTS of email (T-bird) and visited LOTS of web sites without any known issues. I wouldn't worry about it if one keeps their box up-to-date and runs behind a firewall. But has anyone ever been hacked through Flash, acroread, or Java? Any others? Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org