[Security] Nearly had heart attack ! :-O
Vincent Trouilliez
vincent.trouilliez at modulonet.fr
Wed Mar 14 17:23:04 GMT 2007
Oh my G...
For the first time in 3 years of 24/7 Linux use, constantly connected
to the internet, I had my first scary moment 15 minutes ago.
I left Edgy, rebooted my computer into Feisty to follow up on some bug.
I logged in, and only a minute later, my blood pressure suddenly
started rising, going fast towards very unsafe levels:
I noticed in the notification area, an icon that popped up saying that
a remote machine connected to me, what the F..., where does that
come from, am I being attacked, on LINUX !? then 10 seconds later,
gksudo popped up, and a password was being typed ! At that point I
started to feel really, really, really PANICKED !!!!
I was trying to think what I could do to stop that, before the guy at
the other end had finished typing the password, and in an eye blink, I
promptly rushed to my modem and pulled out the Ethernet cable !
PHEW !!! :-OOOO
Blood pressure has decreased now, back to safe levels...
I want to believe, I guess/hope, that it was not a genuine attack.
I guess it was just some guy trying to help a friend remotely sing the
remote desktop thing, and he typed the IP address wrong, and ended up
on my machine.
I checked the desktop preferences, and there were no protection
whatsoever, my door was wide opened...
I can understand that in the context of a corporation administering
dozens of workstation, in their PRIVATE/local network, it makes sense
to enable remote desktop connections by default, to make things easier
and require as little intervention as possible from the clueless
employee waiting for the rescue, however in the case a single home
computer, connected directly to the internet, as I experienced today,
it can be scary. It would make sense to enable the protection
(confirmation dialog and/or password) by default, so that home users,
the main target of Ubuntu, and who need safe defaults out of the box
for their own good, are protected against the kind mishap I just
experienced. For corporations, the admin guy who deploys the network is
competent enough to open the doors wide if he wants, when deploying the
network.
Anyway, just wanted to share, since it's the first time that I have
this "oh my G what's that !!! :-O " feeling on Linux, and which used to
be in the past associated to the numerous times where I got hit by
some virus on Windows ! ;-)
--
Vince, slowly recovering...
More information about the sounder
mailing list