Re: Gates of Hell

Robert G. Brown (rgb@phy.duke.edu)
Fri, 13 Aug 1999 13:51:31 -0400 (EDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Robert G. Brown: "unsuscribe linux-kernel@vger.rutgers.edu"
Previous message: David S. Miller: "Re: weird socket refusal by kernel 2.2.11"

On 13 Aug 1999, Jan Vroonhof wrote:

> It depends of course on what your definition of "on the network" is.
> Do you read comp.risks? Some Win9x machines come with preinstalled
> ActiveX components that are exploitable. Several versions of MTA's
> have MIME overflows etc. Then there is of course the trojan horses,
> macro virusses etc that are not a monopoly of Win9x but are certainly
> more widespread there.
>
> Win9x machines are opening up towards the net and their current track
> record isn't very good either. Has anybody ever checked those networks
> aware games for overflows?

All good points. Alan's point about viruses is well-taken as well;
windows boxes have other routes through which bad things can enter their
boxes besides the network, and such network access as they have may well
open other virus-like routes.

I was merely trying to temper the notion that linux is really safe
either, or even necessarily safe-r. To me the interesting thing is that
web-commerce exists at all, given the largely unexplored nature of the
risks associated with it. Just because your browser is "secure" doesn't
mean at all that the transaction is.

> If Barclays is really that concerned about password theft they should
> use technology that doesn't require you to use enter a password
> directly into the computer at all, such as a separate "calculator".
> My bank does.

I still favor the ssh model. Really, even this is only as secure as the
host(s) you consider "trusted", but at least you can batten down various
hatches on a system that offers only sshd and perhaps sendmail as open
ports. Although we are getting WAY off topic for the lists...;-)

The worst thing about SPAM to a list is the flurry of list traffic it
engenders. If everybody just ignores it on the list (possibly sending
an acceptable use complaint quietly to the originating ISP with a few
threats:-) it has far less impact.

rgb

Robert G. Brown http://www.phy.duke.edu/~rgb/
Duke University Dept. of Physics, Box 90305
Durham, N.C. 27708-0305
Phone: 1-919-660-2567 Fax: 919-660-2525 email:rgb@phy.duke.edu

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Robert G. Brown: "unsuscribe linux-kernel@vger.rutgers.edu"
Previous message: David S. Miller: "Re: weird socket refusal by kernel 2.2.11"