Your Distro is Insecure: Ubuntu

Greg Durrant greg.durrant at sicnet.co.uk
Tue Apr 14 16:27:15 UTC 2009 

i agree on this comment, fair point. i am now into my first yr of
totally linux pc's (mainly UBUNTU). and i would not be able to go back,
yer i have had troubles along the way but they have all been resolved
from friendly forums and help from the disto websites. so keep up the
good work!(as i right this on my laptop runing ubuntu 8.10)



On Tue, 2009-04-14 at 11:20 -0500, Nick Fox wrote:

> I want to point out one thing related to this. 
> 
> It's actually a good thing for Ubuntu that so many people are crawling
> out of the woodwork trying to claim it's bad/insecure/<insert negative
> comment here>, why?
> 
> It means Ubuntu is gaining ground in the right direction, more people
> with less *nix experience are trying it out and while they some may
> complain I would venture to say the slient majorty is happy churing
> right along with Ubuntu.
> 
> -Nick
> 
> 
> 2009/4/14 Ante Karamatić <ivoks at grad.hr>
> 
>         U Uto, 14. 04. 2009., u 10:30 -0500, n2vip at verizon.net je
>         napisao/la:
>         
>         
>         > The second page is reachable now.
>         
>         
>         
>         'Ironically the first two entries: the Post Office Protocol
>         version 3
>         (pop3) and the Internet Message Access Protocol version 2
>         (imap2) are
>         installed and running despite Ubuntu having installed the more
>         secure
>         versions. Both of these older protocols were needed in years
>         past for
>         interoperability with older mail programs, but all major mail
>         programs
>         now support the more secure versions. (The biggest issues with
>         these
>         older services are clear text passwords; however, POP2 servers
>         have also
>         been vulnerable to root compromises.)'
>         
>         Author doesn't understand 'netstat', but uses its output to
>         put a claim.
>         So, let's start:
>         
>         1) Ubuntu (dovecot actually) doesn't support POP2 - even the
>         netstat
>         output doesn't show pop2
>         2) Ubuntu (dovecot actually) doesn't support IMAP2
>         3) What Ubuntu (dovecot actually) supports are - POP3 and
>         IMAP4rev1
>         
>         Author should know that IMAP4 is extension of IMAP2, so it
>         uses the same
>         port as imap2. As you can't define multiple names to one port
>         in /etc/services, sane practice is to put imap2 there. netstat
>         reads /etc/services and then claims that protocol is imap2.
>         
>         Next, bootpc UDP is port opened by dhclient. This guy is
>         runing dhcp
>         server without being aware of that. netstat tip #2 'sudo
>         netstat -aup |
>         grep boot'.
>         
>         So, B- for authors knowledge of UNIX/Linux systems.
>         
>         Next are users with /bin/bash. If those users would
>         have /bin/false,
>         they won't be able to run jobs from cron.
>         
>         Of course, there are some valid points, but also lots of
>         nonsense.
>         
>         
>         
>         
>         --
>         ubuntu-server mailing list
>         ubuntu-server at lists.ubuntu.com
>         https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
>         More info: https://wiki.ubuntu.com/ServerTeam
>         
> 
> 
> 
> -- 
> ubuntu-server mailing list
> ubuntu-server at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
> More info: https://wiki.ubuntu.com/ServerTeam
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20090414/687cb2e0/attachment.html>

More information about the ubuntu-server mailing list