[LINK] More IIS Horror Stories
Howard Lowndes
lannet@lannet.com.au
Mon, 5 Nov 2001 11:41:53 +1100 (EST)
Your machine at home is not vulnerable to what was being tested for here.
SUSE != M$
...and yes you should *always* worry about security. The best action is
to check your distro site for security alerts and patches, then apply
those patches as necessary. Also do all the other recommended things that
you should do to improves security. http://www.linuxsecurity.com/ is a
good place to start, also a Google search
http://www.google.com/search?q=%22linux+security%22&btnG=Google+Search
On Mon, 5 Nov 2001, Gordon Keith wrote:
> On Sun, 4 Nov 2001 22:51, Malcolm Miles wrote:
> > On Sun, 4 Nov 2001 17:55:21 +1100, you wrote:
> > >To see for ourselves how long a default installation of IIS would
> > > last in the wild,
>
> > So they connected an operating system with a known vulnerability to
> > the Internet where packets exploiting the vulnerability are running
> > rampant and the server got infected. Well surprise, surprise. Exactly
> > what was this outstanding bit of research meant to tell us?
>
> How long it takes.
> The answer - 15 minutes.
>
> On a sample size of 1.
>
> Conclusion - you can not used an unpatched system to get the patches -
> it will be broken before the patches are downloaded.
>
> I actually find this mildly useful information. My machine at home
> isn't well patched, (default SuSE 7.1 installation), but I only connect
> for fairly short periods of time, usually less than 15 minutes. So I
> haven't worried much about security.
>
> Should I be more worried about security? This study makes it look like
> I should be thinking about it.
>
> Regards
> Gordon
>
--
Howard.
LANNet Computing Associates - Your Linux people
Contact detail at http://www.lannetlinux.com
"We are either doing something, or we are not.
'Talking about' is a subset of 'not'."