No, your box does not _deserve_ to be hacked because your job does not happen to be one which requires intimate details of how to secure a box.

If the distribution is 'secure by default' meaning that the default settings provide a secure environment, not suceptible to forkbombing, or other attacks, then it does not require that the user, (who also happens to be the sysadmin of his or her own box) spend untold hours a week following up on every security flaw that gets discovered, and re-securing his box.

My personal view is that updates should not break what is working, or require that the admin spend hours or days figuring out how to get a service that was working as desired before an update to work again after the update.

Beyond that there is no excuse for a security hole that is widely known to continue to exist as a 'default' configuration. Users should not be accessing services on their own system through a fault in their system. If they are, it is a flawed implementation.

~rusty

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/308/31079#31079