Mitch wrote:
There are plenty of opportunities to get hacked on line all you need to do is look at something like securityfocus.

There are a list of possibilities:
tthe
1. Trojan horses - downloaded or executed through accessing a web page or opening/downloading emails or running bad software. Once in, you are reliant on whatever security the OS or the software packages that are interpreting/running the exploit provide.

2. Daemon attacks - anything from remote code exploitation ( running stuff on your machine ), denial of service, forcing it offline or sending it bad information to cause anything from buffer overflows or misallocating the entire memory in your OS.

3. Snooping and fishing for data. By not using the right level of security on your clients ( e.g. using telnet rather than SSL based clients ) they get hold of passwords and usernames just by listening in and seeing the raw plain text data passing.

4. Ephemeral security - send emails in plain text rather than using PGP or some other security plugin.

The point is you might not be exposed to any of them, or be exposable, however at the moment there is nothing out there that I have seen that does a risk assessment of the basic OS, the OS with extra packages installed, individual packages, different configurations or provides any advice whatsoever.

Other portals have long been swamped with political wars and it looks like those that want to start arguments for the sake of it will either be steering clear of here or thrown off. So, I think it is high time we started to collate our experiences and advice and stop thinking we are invulnerable.

Just know how vulnerable you are ( or not ).

Security through ignorance is stupidity. Security through willful ignorance is basically being a sucker.

I don't want to get involved in ego trips, I just want to enjoy the hobby.