LinuxPlanet: .comment: Service Security -- Where Is It?Jul 19, 2000, 16:34 (5 Talkback[s])
(Other stories by Dennis E. Powell)
[ Thanks to Kevin Reichard for this link. ]
"I have a bone to pick with most, maybe all, Linux distributors: Why in the world do they ship such security nightmares? To their credit, many stay on top of security issues, sending urgent messages to registered users and mailing list subscribers when a potential security exploit is found in a particular package, along with workarounds, updated packages, or both. But the way that a lot of distributions install by default, this is a lot like putting locking lug nuts on the wheels while leaving the doors unlocked and the key in the ignition."
"If you're running Linux and you have a technically savvy friend, have that friend do a port scan of your machine sometime and send you the results. You will be startled and probably confused. Unless you've engaged in the wholesale turning off of services, your machine is more than likely wide open to script kiddies and, potentially worse, people who really know what they're doing. The script kiddies are vandals. There are real criminals out there, who steal stuff."
"Linux is fundamentally a pretty secure system. Why should distributors make it less so?"