[plug] incase anyone wasnt aware..CERT advisory [ BIND ]
Beau Kuiper
kuiperba at cs.curtin.edu.au
Tue Nov 14 22:10:16 WST 2000
Hi,
> It's security is so lame it's suspicious... They're a Korean car reseller,
> from their website, and one would think they'd have a little more
> security. Machine seems to be the stock standard installation of ALZZA
> linux (Korean-ised version?) which appears to be based upon RH, although I
> could be, and most probably am, wrong.
Then, most likely, it has already been hacked and the scan against you was
probably run by a "script kiddie" (or whatever we call clueless people this
week) People who run a server as insecurely as this are about as bad too.
> -- end case study --
>
> Wouldn't it have been common sense to design Linux distros to have the
> extra inet services that were included, but you had to enable them to use
> them, rather than having them enabled unknowingly and then having finding
> how to disable them when you realise you dont need it?
If you want this feature, OpenBSD ships like that. I think all linux
distributions should ship like OpenBSD, the effort to do the basics is very
little for the enormous benifits it brings.
Have fun
Beau Kuiper
kuiperba at cs.curtin.edu.au
More information about the plug
mailing list