5 Security Software Myths That Can Prove Dangerous
Here is an interest article that summarizes some common myths concerning net security: 5 Security Software Myths That Can Prove Dangerous.
Forum Discussion
A lot of these vulnerabilities rely on "social engineering"- plus the Linux hacked article points out that
Bad passwords are a huge problem (I don't use passwords on my server- I use an private key).
On any OS, if you can install a program without having to type a password, you are vulnerable. If you have a router, NAS, Set top TV box, or any networked "appliance" that you can log in to (like a webcam, etc), you *must* change the default login name and password.
Virtually all of the Linux hacks are due to poor password practices, not a vulnerability in Linux itself- not to say there are no vulnerabilities (I get updates regularly), but most Linux "virus scanners" simply scan for Windows viruses on mail passing through.
Security is a process, not something you do once.
“The Ebury backdoor deployed by the Windigo cybercrime operation does not exploit a vulnerability in Linux or OpenSSH,” continued Léveillé. “Instead it is manually installed by a malicious attacker. The fact that they have managed to do this on tens of thousands of different servers is chilling. While anti-virus and two factor authentication is common on the desktop, it is rarely used to protect servers, making them vulnerable to credential stealing and easy malware deployment.”
Bad passwords are a huge problem (I don't use passwords on my server- I use an private key).
On any OS, if you can install a program without having to type a password, you are vulnerable. If you have a router, NAS, Set top TV box, or any networked "appliance" that you can log in to (like a webcam, etc), you *must* change the default login name and password.
Virtually all of the Linux hacks are due to poor password practices, not a vulnerability in Linux itself- not to say there are no vulnerabilities (I get updates regularly), but most Linux "virus scanners" simply scan for Windows viruses on mail passing through.
Security is a process, not something you do once.
