Your Distro is Insecure: Ubuntu

Nick Fox at
Tue Apr 14 16:20:37 UTC 2009

I want to point out one thing related to this.

It's actually a good thing for Ubuntu that so many people are crawling out
of the woodwork trying to claim it's bad/insecure/<insert negative comment
here>, why?

It means Ubuntu is gaining ground in the right direction, more people with
less *nix experience are trying it out and while they some may complain I
would venture to say the slient majorty is happy churing right along with


2009/4/14 Ante Karamatić <ivoks at>

> U Uto, 14. 04. 2009., u 10:30 -0500, n2vip at je napisao/la:
> > The second page is reachable now.
> 'Ironically the first two entries: the Post Office Protocol version 3
> (pop3) and the Internet Message Access Protocol version 2 (imap2) are
> installed and running despite Ubuntu having installed the more secure
> versions. Both of these older protocols were needed in years past for
> interoperability with older mail programs, but all major mail programs
> now support the more secure versions. (The biggest issues with these
> older services are clear text passwords; however, POP2 servers have also
> been vulnerable to root compromises.)'
> Author doesn't understand 'netstat', but uses its output to put a claim.
> So, let's start:
> 1) Ubuntu (dovecot actually) doesn't support POP2 - even the netstat
> output doesn't show pop2
> 2) Ubuntu (dovecot actually) doesn't support IMAP2
> 3) What Ubuntu (dovecot actually) supports are - POP3 and IMAP4rev1
> Author should know that IMAP4 is extension of IMAP2, so it uses the same
> port as imap2. As you can't define multiple names to one port
> in /etc/services, sane practice is to put imap2 there. netstat
> reads /etc/services and then claims that protocol is imap2.
> Next, bootpc UDP is port opened by dhclient. This guy is runing dhcp
> server without being aware of that. netstat tip #2 'sudo netstat -aup |
> grep boot'.
> So, B- for authors knowledge of UNIX/Linux systems.
> Next are users with /bin/bash. If those users would have /bin/false,
> they won't be able to run jobs from cron.
> Of course, there are some valid points, but also lots of nonsense.
> --
> ubuntu-server mailing list
> ubuntu-server at
> More info:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the ubuntu-server mailing list