RE: Security
On Fri, 17 Dec 1999, Bryan Scaringe wrote:
> That said, for a hacker to *break into a system* that is not running any
> deamons, he would have to find a SERIOUS flaw in a client program or the OS.
Exactly. So to answer the question, is it still possible for someone to
hack into a system that is on the net but not running any daemons ... yes
it is but it is not likely. The reason for putting it this way is because
we do not know if some future version of Linux might have some gaping hole
in a pre-release kernel or something.
There are many out there that are "kernel of the day" kinds that keep
their systems up to date with the latest development kernels or
pre-releases of stable kernels. These people could be in for a nasty
surprise because they are potentially exposing untested code directly to
the internet.
Even stable kernels are not immune and there is a securty flaw in the last
2.0 kernel shipped. Discussion on the kernel developers list the past
few days has been wether to spend the time to close it or to abandon 2.0
altogether and get people fully migrated to 2.2 (since 2.4 is due out in
Q1-2000). Consensus right now seems to be to release a final cleanup patch
for 2.0 and to make an official announcement that it will no longer be
actively supported by the traditional kernel developers.
The lesson to take home is that there will ALWAYS be a possibility for
someone to break into a computer that is connected to a network no matter
what operating system you are running. You can make it extremely difficult
to do ... and maybe impossible (with a little luck) but your luck
might change with a new software release.
Reply to:
- References:
- RE: Security
- From: Bryan Scaringe <bryan.scaringe@computer.org>