Re: security (malware) issues in Linux bases OSes
Ron Johnson wrote:
>
> *Maybe* not on Debian, since Debian users *tend* to be more
Yup, I agree.
> sophisticated, but what's to stop Joe Wannabe from doing this?
>
> $ sudo dpkg -i NakedBrittany.deb
This is more likely since some of the present day popular packages are
commonly downloaded as debs and installed (Skype, brand new versions of
Openoffice.org).
To me, it looks like the only viable solution is to go for only open
source stuff which is hosted on the distro's official mirrors (Debian,
Ubuntu) where the packages are signed. Any departure from this is just
inviting Average Joe to cause trouble.
>
> Anyway, twice in the past few years, Debian servers have been
> compromised. One time it was thru a weak DD user password, and the
> other thru a poorly-working (official) Debian patch to ssh. (Or was it
> SSL?) That last one caused more than a minor ruckus.
>
It was SSL. I think it is described here:
http://www.debian.org/security/2008/dsa-1571
--
Please reply to this list only. I read this list on its corresponding
newsgroup on gmane.org. Replies sent to my email address are just
filtered to a folder in my mailbox and get periodically deleted without
ever having been read.
Reply to: