Re: security issue
> Hi,
>
> I have a question regarding security issue with Debian and Linux in
> general. By now everyone has probably heard about the new Mellissa
> virus. I know that this doesn't affect Linux because it is related to
> M$ products only. However, I just wondered if anything of this sort
> could happen to a Linux system? I know that Linux in general is
> actually quite secure, but what makes it so? Just some information
> about Linux security issue would be appreciated. Thank you for any kind
> of info.
>
> Shawn
It could very well happen in Linux. The security of a system is not only
in code, but also in the hands of people who you that computer. And how
they use it. I mean...probably half of MS users have this nifty little
feature that saves them few mouse-clicks, which opens documents right
away. Hell, even ICQ has that, and it's been exploited already (look in
rootshell). We can have the same feature, but it't how people are going to
use it. Probably noone is going to be trusty enough to let themselves just
open a document which came from someone else.
ALthough I'd fall for it, personally, if it was a document from someone I
know, and which is how Mellissa does most of the damage.
But there's been accidents of same kind in Linux community. I heard of one
only, but I'm sure there's been more. Here is the general idea: take a
popular program, like ftp client, and modify it. Insert a trojan horse
into it. Then hack an ftp server and place that ftp client of yours there.
Let people download it.
At least problems like that get solved rather fast.
Gotta give credit to CERT, though, they've done a good job isolating the
cause and fast. I think I got the email from them Saturday morning.
Andrew
---------------------------------------------------------------------------
Andrei S. Ivanov
c680789@showme.missouri.edu
UIN 12402354
http://members.tripod.com/AnSIv <--Little things for Linux.
Reply to: