Gmail was hacked, was this site hacked?

[rolygate]

@JA
Well, coders that can exploit Linux tend to go for servers as it's much more profitable - get to root on one server and you'll net thousands of other machines. Although most server exploits go for the ancillary apps, admittedly.

 

[Whistle_Pig]

Yeah, I can see how making a virus for Linux would be seen as a waste of time. Not only due to the small user base, but also because, clasically, Linux-users are heavy-duty geeks, and they have computers built like a bank safe. Hopefully no one catches on that dummies like me are now able to use Linux.

Linux is indeed a target for authors of malware. Certainly, not as popular as Windows, but it isn't immune. I've worked on a system that was infected with a rootkit. It was primarily a web/mail server, and we had SSH open for remote administration. Somebody exploited a weak password (we concluded, but no way to know for sure) and hosed it pretty good. There are various reasons why Linux is a more difficult target, but it isn't an impossible one by any stretch, and as it gains in popularity, there will be more attacks. So Linux users need to be just as vigilant. Certain distributions were regularly criticized in the past for poor security out of the box. RH, for example, would by default start up too many services -- I think they've stopped doing that. Ubuntu, out of the box, doesn't come with the firewall enabled. (I haven't upgraded recently, so I don't know what's in the last couple releases.) This didn't bother me, because I'm used to configuring it by hand, but novice users won't know how, or even necessarily want to learn the gory, command-line methods. If you're a Linux user, make sure you have Firestarter or something like that installed, and learn some basics. Find a local Linux User Group for tech support. If you're an advanced user, and/or more paranoid, install Bastille. And keep up to date on patches. I'm more than a year behind on the release of Ubuntu I'm running, but I am completely up to date on security patches.

Also, for gaming on Linux, there are now some great games to run natively. And in addition to Wine, you can spend some money and get an enhanced Wine call "Crossover", I think, that has better emulation. But that's a topic for the Lounge, or maybe a Linux user's social group forum. I enjoy running the arcade Galaga using MAME -- it's just so retro-cool!

 

[Whistle_Pig]

That's why I stick with Windows 3.1 supplemented by MS-DOS 6.2. I'm so far off the radar, I may as well not exist to the troublemakers.

Unfortunately I am somewhat limited in my program selection.

You can still run Tetris and WordPerfect 4.2. What else do you need?

/me still has a dot-matrix printer on the shelf, and a box of fanfold. Probably the ribbons have dried out by now.

 

[Java_Az]

You can still run Tetris and WordPerfect 4.2. What else do you need?

Well you dont really need them but they are so nice to have. Tool bars in your browser. Personally i like it when the browers is filled 3/4 of the screen with tool bars. It makes surfing the web so much more enjoyable.

 

[SlimXero]

- Real passwords for frequent web users are not possible to write and hide. You would have dozens of them, of over 20 characters length. The only practical solution is a password manager.

Guess my passwords don't count as real ^_^

 

[DaveP]

My company required different 9 character passwords for every server we accessed from field laptops, consisting of a combination of upper and lower case, numerals, and assorted punctuation symbols. Most of the viruses that were encountered were from personal browsing and the rest were acquired from corporate server documents. MS Word and MS exchange were commonly the culprits, since communications were sent out in this format. We had an approved image to restore the laptop to pristine out of the box configuration, but it required customization after the image creation. This was a multinational corporation.

I had to disinfect a co-worker's laptop twice a year from his home browsing. We ran Symantec's Norton package and still some nasty things got through. I ran Spybot in immunize mode and used Adaware frequently and had no trouble.

I'm always looking for new and better utilities to run. Unfortunately, most of the time, I discover them after a friend brings me his computer and I go looking for a removal tool to eradicate whatever a particular package found. I always send them home with several free packages to run weekly and Spybot enabled in immunize mode. As long as they run these, they stay pretty clean.

I have had a home network with wireless for years. It's locked with WAP and a suitable password. I recently had a DSL modem fail and bought an Actiontec modem/router/wireless combo to replace it. I did their CD auto-install for AT&T and only last week I discovered that the hardware firewall is not enabled by default. Now it is. Those kind of things sneak by the best of us and uninformed users don't catch those mistakes.

 

[Timtam]

I had to disinfect a co-worker's laptop twice a year from his home browsing. We ran Symantec's Norton package and still some nasty things got through. I ran Spybot in immunize mode and used Adaware frequently and had no trouble.

Doesn't surprise me. Norton is renowned for being a resource-hog POS.

 

[DaveP]

Doesn't surprise me. Norton is renowned for being a resource-hog POS.

Yep. I'm using Microsoft Security Essentials since March. It's unobtrusive and works well. It's caught a couple of intruders, quarantined, and cleaned them.