[luau] New Linux Worm Threatens Serious Denial Of Service Attacks Sept. 16, 2002

Jon Reynolds jonr at destar.net
Tue Sep 17 20:18:01 PDT 2002 

Warren, after reading this post I was wondering how bad it is to just
install everything during the initial install of my OS RH7.3? If you saw
my last post to the list I can't even figure out how to get sound to
work on my laptop. Whenever I try to just install what I think I need,
then try and add an application like star office, there are so many
dependencies that I can never get them all installed correctly. So I
just do a full install, which is a waste of space and resources. Oh
well, as I asked earlier how bad is a full install?

Jon

On Tue, 2002-09-17 at 22:07, Warren Togami wrote:
> This particular Linux worm, and the worms Code Red & Nimda that
> destroyed many Windows servers were only successful because so many
> people NEVER apply updates.  Patches for OpenSSL (in this case) or IIS
> (for Nimda and Code Red) were out for months by the time the worm began
> to spread.
> 
> You would be surprised how many people on this list don't apply updates,
> or are even aware of the automating updating tools in their Red Hat or
> Mandrake installation.  Even more surprising is how often I get into
> arguments with people that refuse to update their systems.  They usually
> have reasons along the lines of, "My system isn't important.  Why would
> anyone want to crack me?"
> 
> This type of thinking is wrong, because systems that are "not important"
> are usually also poorly maintained and poorly monitored.  This means
> that crackers want to hijack your box in order to use as a relay from
> which they can attack other targets almost without being traced.  If
> your system is poorly monitored and maintained, they are likely to be
> able to use your system as an attack relay for a longer period of time. 
> Other crackers may host warez downloads or steal personal data from your
> computer... both of which will cause problems for you.
> 
> These people think, "It wont happen to me." but it sure will if they
> don't apply updates.
> 
> These people think applying updates is too hard.  Well, it isn't! 
> Almost every Linux distribution now has some type of automated updating
> tool, most of which are as easy as point & click.  Here's a list of
> several:
> 
> Red Hat		up2date
> Mandrake	rpmdrake or urpmi
> SuSE		YAST2
> Debian		apt-get
> Conectiva	apt-rpm
> Gentoo		emerge
> 
> Spend a small amount of effort now and figure out how these automated
> updating tools work. Much better than spending much effort later after
> your box gets cracked, data destroyed, your bandwidth wasted and
> personal information stolen.
> 
> If you would like more information about how to use automated updating
> tools in any specific distribution, please ask and someone will
> elaborate.
> 
> Warren Togami
> warren at togami.com
> 
> 
> _______________________________________________
> LUAU mailing list
> LUAU at videl.ics.hawaii.edu
> http://videl.ics.hawaii.edu/mailman/listinfo/luau

More information about the LUAU mailing list