From aracine@u.washington.edu Fri May 7 16:14:33 1999 Received: from jason03.u.washington.edu (root@jason03.u.washington.edu [140.142.77.10]) by lists.u.washington.edu (8.9.3+UW99.02/8.9.3+UW99.01) with ESMTP id QAA124302 for ; Fri, 7 May 1999 16:14:32 -0700 Received: from dante29.u.washington.edu (aracine@dante29.u.washington.edu [140.142.15.103]) by jason03.u.washington.edu (8.9.3+UW99.02/8.9.3+UW99.01) with ESMTP id QAA35674 for ; Fri, 7 May 1999 16:14:28 -0700 Received: from localhost (aracine@localhost) by dante29.u.washington.edu (8.9.3+UW99.02/8.9.3+UW99.01) with ESMTP id QAA23218 for ; Fri, 7 May 1999 16:14:28 -0700 Date: Fri, 7 May 1999 16:14:28 -0700 (PDT) From: "A. Racine" To: UW Linux Group Subject: Re: Linux Help In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII I'll go out on a limb and say that "asking to get hacked" was a figure of speech. I believe the more important point was that no one should install RH5.0 if they value their time (and the security of their box). The time required to get the RH5.0 distribution up to speed with respect to security would be far greater than the time it would take to get a RH[5.2,6.0] CD from someone on campus. It should be noted that with an insecure distribution and enough time, the chance of your box getting [cr,h]acked is fairly high, given current vulnerability/port scanners (sscan, mscan, nmap, cgichk, etc, etc, etc). So, whether or not you are "asking" for it, it is likely to happen. Aaron On Fri, 7 May 1999, vladimir p marchuk wrote: # That logic does not make sense. Asking to be hacked, obviously you do # not know what you are talking about. Whoever uses a computer and does not # know how to use it(secure it) then that person deserves to be "hacked", # although "cracked" would be a much better term to use. # # Vladimir # # > My first comment is, take the 5.0 CDROM you got and tear it up. 5.0 is # > so full of holes that anyone who mistakenly installs it (or any other # > non-current version) is asking to get hacked. You should *always* start # > out with the latest (or at least last released, which would be 5.2) # > version, then install all current security related patches, then spend # > time each month (at the minimum) keeping up with security related # > patches. I'd immediately go get the patches for 5.0 if you aren't going # > to re-install in the immediate future. See: # > # > http://www.redhat.com/support/docs/errata.html # > # > That said, I wanted to remind (inform?) everyone on this list that I # > teach a course in Unix System Administration, in which we start by # > installing Linux on the classroom PCs, and go from there. Its a two day # > course, and it is only $56 for students (a similar course would cost # > over $700 if you were to take it at a computer conference or through one # > of those computer training companies who tour the US giving courses). # > # > See: # > # > http://www.washington.edu/computing/catalog/gen/3/R870.html # > # > The course notes themselves are available on the web as well: # > # > http://www.washington.edu/R870/ # > # > -- # > Dave Dittrich Client Services # > dittrich@cac.washington.edu Computing & Communications # > University of Washington # > # > # > Dave Dittrich / dittrich@cac.washington.edu [PGP Key] # > # > # # .