Author: Robert Hyatt
Date: 14:05:55 10/19/03
Go up one level in this thread
On October 19, 2003 at 16:19:33, margolies,marc wrote: >thank you for your response. and i am sure you are right about the majority of >machines being safe. >what does trouble me as a practical matter, since I do use the internet to >exchange information (and do e-commerce with other people's Apache servers) is >that there is little difference to the net effect on my personal security >whether a vulnerability exists on my end or in transmission or on someone else's >machine because I cannot remediate my threat. Yet I very much appreciate your >re-enforcing the idea that the home user's machine remains robust and >functional. > There are plenty of "evasive actions" you can take. Block trouble-making IP domains (there are many that are well-known). Or only allow traffic between yourself and _specific_ remote hosts. Turn off all unneeded net services to block those holes entirely. Our CIS linux firewall has not been broken into in almost 3 years now. My linux box hasn't been touched in 5 years. Our news/ftp server has been up for at least a couple of years without any problems at all... It can be done... even on _highly_ visible machines like my ftp box. > >On October 18, 2003 at 20:35:07, Robert Hyatt wrote: > >>On October 18, 2003 at 04:18:01, margolies,marc wrote: >> >>>http://www.lavasoftnews.com/theeye/i11/a2.html >>> >>> http://isc.sans.org/top20.html >>> >>>just when i thought it was safe to come out of the water----LANDSHARK! >> >>Most new unix systems are not subject to many of those. IE who runs a >>machine that allows RPC from the internet? Not here where I am. Ditto for >>several of the other things. SSH is _not_ insecure. Old versions are, >>of course. >> >>Apache is a problem but very few machines run a web server, most user machines >>do not.
This page took 0 seconds to execute
Last modified: Thu, 15 Apr 21 08:11:13 -0700
Current Computer Chess Club Forums at Talkchess. This site by Sean Mintz.