maybe a more valuable target...

Posted Jun 6, 2003 12:46 UTC (Fri) by beejaybee (guest, #1581)
In reply to: maybe a more valuable target... by Corvus
Parent article: Linux hacks hit all-time high (vnunet)

Well, you're _partially_ right...

"And the main failure of a system that lets intruders in, regardless of the general systems security degree, will always be lazy administrators refusing to protect their sys with the latest (or at least moderately recent) versions or patches."

There are two bigger problems than this:

a) lazy sysadmins failing to turn off services which are not essential. If a service is disabled (or better still uninstalled) you don't have to keep it patched, nevertheless you will never be vulnerable through this service.

b) OS/applications installers and/or lazy or incompetent sysadmins who set up configuration files in a way which allows them to be modified without root privelege. A system running with insecure configurations can be penetrated even though the service software is kept fully up to date, so vulnerabilities in the software are never exposed.