PC Week: Attacked and hacked!Oct 11, 1999, 14:33 (17 Talkback[s])
(Other stories by Pankaj Chowdhry)
"Both Windows NT and Linux install many unnecessary, non secure services by default (think SMTP Message Transfer Agents, Telnet and FTP servers, and news servers). Administrators should strive to keep as little as possible on each server. The fewer windows for opportunity, the better."
"The hack that felled www.hackpcweek.com teaches a very important lesson: Security doesn't stop at the operating system."
"Also contributing to the hacker's success were incomplete security updates on our test site. At the time we began the tests, Red Hat Software Inc. had 21 security updates available for Red Hat 6.0, which had been out for only a couple of months. (PC Week Labs will apply the patches to the Linux server and update the scripts for further testing.) While any operating system needs patches and updates, there is no central repository for testing or approving patches to the Linux system. Kernel patches can be obtained from a verified source such as kernel.org, but most other components have no central infrastructure."