Thursday, November 27, 2003

And here I thought Linux was secure!

PC World reports that Servers belonging to the Open Source Debian project were hacked. It suggests that there was no impact on the software update issued last Friday. Debian's site carries more information about the attack.

This attack comes close on the heels of both an attempt to hack the Linux kernel, and and an attack at the Free Software Foundation. These hacks show two things: First that security is everyone's problem (not just for customers of Microsoft) - attackers do not play by any rules and will attack pretty much anything that is not totally locked down. Second, it proves, yet again, that any OS can be installed insecurely.

What the Linux bigots often fail to remember is that security requires three things: people, processes, and technology. Even the most secure technology can be defeated by poor processes or by people not doing the right things. This is not a Microsoft vs Linux thing, but more a simple recognition that security of your systems is only as strong as the weakest link.

No comments: