> Hi, > > I have a question regarding security issue with Debian and Linux in > general. By now everyone has probably heard about the new Mellissa > virus. I know that this doesn't affect Linux because it is related to > M$ products only. However, I just wondered if anything of this sort > could happen to a Linux system? I know that Linux in general is > actually quite secure, but what makes it so? Just some information > about Linux security issue would be appreciated. Thank you for any kind > of info. > > Shawn
It could very well happen in Linux. The security of a system is not only in code, but also in the hands of people who you that computer. And how they use it. I mean...probably half of MS users have this nifty little feature that saves them few mouse-clicks, which opens documents right away. Hell, even ICQ has that, and it's been exploited already (look in rootshell). We can have the same feature, but it't how people are going to use it. Probably noone is going to be trusty enough to let themselves just open a document which came from someone else. ALthough I'd fall for it, personally, if it was a document from someone I know, and which is how Mellissa does most of the damage. But there's been accidents of same kind in Linux community. I heard of one only, but I'm sure there's been more. Here is the general idea: take a popular program, like ftp client, and modify it. Insert a trojan horse into it. Then hack an ftp server and place that ftp client of yours there. Let people download it. At least problems like that get solved rather fast. Gotta give credit to CERT, though, they've done a good job isolating the cause and fast. I think I got the email from them Saturday morning. Andrew --------------------------------------------------------------------------- Andrei S. Ivanov [EMAIL PROTECTED] UIN 12402354 http://members.tripod.com/AnSIv <--Little things for Linux.