Today I ran across a
organized crime is systematically taking advantage of known
security holes. This reminded me of RE (tilly) 2: Warning our Fellow Monks
, with the
moral being that with port scanning once an error is found,
there really aren't fish that are too small to be noticed.
Security is hard because it is not obvious. You can fail
to be secure and there are no overt symptoms. Your software
still works. You don't know of the hole. But it is there,
and you can still suffer for it.
However, hard or not, you still need to do it. Choose
reasonable passwords. Keep up on patches. Use taint mode.
Whenever you are processing arguments, rather than trying
to search for every way of breaking in (an approach that
always fail) consistently instead validate that the input
is a form that you know is trustworthy. If you can, get
someone who is knowledgable to review your security setup
before someone "volunteers" to do the job for you.
Now that link talks about Windows. And it is true that
Windows has an abysmal track record. However the track
record for Windows is due to a combination of Microsoft not
prioritizing security, and the belief (which Microsoft has
promoted) that you don't need competent admins for Microsoft
products. However an NT box with a competent admin is going
to be orders of magnitude safer than any *nix with an admin
who doesn't know what they are doing. (Home users of
Linux are at serious risk.)
This is a general problem, and it is one which many here
contribute to in one way or another, as admins, techs,