SoylentNews is people
SoylentNews
Red Hat employee Daniel J. Walsh writes via OpenSource.com
When I was young, Paul Simon released his hit song, 50 Ways to Leave Your Lover. Inspired by this song, I've collected 50 ways sysadmins and laypeople can avoid getting hacked:
"Make a new plan, Stan"
[...]
6. Run applications in the SELinux Sandbox whenever possible--it was a container before containers were cool. Also follow the development of Flatpack, which soon should be developing sandboxing capabilities.7. Don't install or use Flash. Firefox no longer supports it, and hopefully most web servers are moving away from it.
[...]
"Just get yourself free"
[...]
19. [...] I don't do online banking on my phone--only on my Linux computer.
[...]
"Hop on the bus, Gus"21. Run Linux on your systems. When I first hooked my father up with a computer system, I barely got home before his system was infested with viruses. I returned and installed Linux on his system and he has been running it ever since.
[...]
"And get yourself free"
[...]
50. Set up a special guest network for all those Christmas IoT devices your kids receive. I love my Amazon Echo and automated lights and power switches ("Alexa, turn on the Christmas Lights"), but each one of these is a Linux operating system [whose manufacturer's configuration] has questionable security.
Do you take exception with anything he suggests. (Being a Red Hat guy, he is enthusiastic about systemd.) Can you think of something he missed?
(Score: 2) by shipofgold on Monday January 09 2017, @11:08PM
Expand your knowledge base.
For starters, investigate Linux permissions.
Say what? You think running as a normal user doesn't open you up to vulnerabilities? I can stash malware in a 1000 different places under a normal user account that most people with your "expanded knowledge base" would never find (think gconf settings, x-windows startups, etc). That malware would still have access to your unencrypted files, your network for spam relay, be able to hack into your X-server (or wayland server...no experience with that), and do wonderful things like keyboard sniffing, etc. SElinux does a much better job of limiting what it might do, but at the expense of much more complicated setup/management. Most casual linux users I know the first command they run is "setenforce permissive" just to get SElinux out of the way.
I can also create an RPM for some spiffy program that "you just gotta install" and have it put all sorts of fun on your system when you "sudo yum install" it...If Linux were on 50% of the worlds desktops there would be lots of those RPMs or DEBs floating around...don't fool yourself.
Your Robert Pogson reference only proves two things:
1) he didn't know how to lock down Windows.
2) The malware he was finding was all targeting kids on windows...If there was a huge userbase of kids on Linux systems his success wouldn't be nearly as dramatic.
Linux may be more secure (we won't discuss Shellshock, or the OpenSSH vulnerability, or the BIND and sendmail vulnerabilities of old or any of the other configuration gaffs that users might unwittingly make), but many "hacks" are social engineering...Your linux password is about to expire. Please put a new one "here"...I dare you.