Quote:
Mitch wrote:
There are plenty of opportunities to get hacked on line all you need to do is look at something like securityfocus.
There are a list of possibilities:
tthe
1. Trojan horses - downloaded or executed through accessing a web page or opening/downloading emails or running bad software. Once in, you are reliant on whatever security the OS or the software packages that are interpreting/running the exploit provide.
Look. We are soo few comparing to the Win users, so it doesn't worth the effort to build a trojan for OS4.
Quote:
2. Daemon attacks - anything from remote code exploitation ( running stuff on your machine ), denial of service, forcing it offline or sending it bad information to cause anything from buffer overflows or misallocating the entire memory in your OS.
Are you running any daemons? It could be valid but you have a PPC cpu which is not as popular as the x86. Even if you are using an exploit you should know the offsets where to jump which is different in every OS. And I'm not 100% sure, on OS4 it would work.
Quote:
3. Snooping and fishing for data. By not using the right level of security on your clients ( e.g. using telnet rather than SSL based clients ) they get hold of passwords and usernames just by listening in and seeing the raw plain text data passing.
It's a user related problem.
Quote:
4. Ephemeral security - send emails in plain text rather than using PGP or some other security plugin.
See pont #3.
Quote:
The point is you might not be exposed to any of them, or be exposable, however at the moment there is nothing out there that I have seen that does a risk assessment of the basic OS, the OS with extra packages installed, individual packages, different configurations or provides any advice whatsoever.
Other portals have long been swamped with political wars and it looks like those that want to start arguments for the sake of it will either be steering clear of here or thrown off. So, I think it is high time we started to collate our experiences and advice and stop thinking we are invulnerable.
Just know how vulnerable you are ( or not ).
Only problem could be using echo/chargen/etc services by default. But if I'm correct ther are switched off by default. You can check by using nmap on your winbox targetted with your OS4 machine.
Quote:
Security through ignorance is stupidity. Security through willful ignorance is basically being a sucker.
I aggree.
Quote:
I don't want to get involved in ego trips, I just want to enjoy the hobby.
Enjoy!