On Sun, 26 Aug 2001 01:57, Tom Brinkman wrote:
> On Saturday 25 August 2001 10:03 am, Michael Leone escribió:
> > >Kmail. Then again I'm no security expert. I don't have to be. I
> > > quit using M$ products to connect to the Net, mail or news years
> > > ago.
> >
> > EVERYBODY needs to be a bit of a security expert. You don't seriously
> > think that Unix/Linux has NO security issues whatsoever, do you? Look
> > at all the security problems BIND and WU-FTP have had over the years.
> > Unix/Linux has better security potgential than MS, but it doesn't
> > mean you can just ignore security.
>
> Security on a Linux system involves personal responsibility and
> must be an ongoing effort. I understand that. I didn't say I ignore
> security, I said I'm no expert, and don't need to be. Whether that's
> my fault or not is my business and my responsibility. I'm a single user
> on a desktop with nothin more than a 30k dialup connection to the net.
> I don't run any servers, much less an ftp server. I have an iptables
> firewall, never connect as root, and can pass the 'Complete' scan at
> www.sdesign.com with no vunerable ports. Since connecting back in the
> early 90's, and at about 300 hrs/month for the last 8 years since I've
> been disabled, I've never had any security related problems.
>
> Contrary to the opinion that HTML is safe, I've read several
> articles on the Net that say that worms and trojans can be included in
> HTML email. Maybe they're wrong? Maybe I misunderstood? I don't pretend
> to have the expertise to know.
HTML by itself is a benign language. The problem is with embedded scripts,
like JavaScript/ECMAscript and VBscript. VBscript is the main offender here,
and is thankfully an M$-only language. It can be turned off, but it is on by
default. JavaScript exploits are less common, since it is a safer language.
One should still be careful, though.
--
Sridhar Dhanapalan.
"There are two major products that come from Berkeley:
LSD and UNIX. We don't believe this to be a coincidence."
-- Jeremy S. Anderson
Want to buy your Pack or Services from MandrakeSoft?
Go to http://wwww.mandrakestore.com
