[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Sat, 2008-04-05 at 08:41 +0100, Neil Winchurst wrote: > Recently there was a programme on BBC about Identity Fraud. > Interesting. This has made me wonder..... > > I have always assumed that using Linux made me safer from viruses and > other nasties. Is this correct? Yes. 'safer' not 'safe'. Bugs in free software can still have security implications and no human is completely safe from social engineering attacks. The kernel provides a lot of protection but you also need to ensure that the rest of the OS (the GNU bit) is up to date with security fixes and latest updates, that you are not being obviously stupid in your configuration etc. etc. To be personally threatened by a security bug in GNU/Linux you would need to have a poorly configured router, be running a server of some kind or be offering some kind of internet-visible service (like SSH) through your router firewall. Most attacks will actually come via email and are targeted at the human, not the OS. "Vulnerability exists between keyboard and chair." > On the programme every computer used to > demonstrate various security risks was running Windows. It seems that > Identity Theft is a huge and growing problem. Am I being too complacent > because I use Linux only? Using GNU/Linux will not protect you from identity theft if you regularly put bank statements and credit card receipts into the rubbish without shredding them first. Your computer cannot protect you from identity theft via untrustworthy employees who read the magnetic strip and keylog your PIN in a shop. There are a host of other ways that identity fraud can be done - your computer is actually quite a small part and can only really have a role in protecting your online identity. Online identity, for most people, means your login details for your bank etc. This has nothing to do with the kernel, not that much to do with software and everything to do with how you use and configure the software. You need to use the support within your email client (and browser possibly) to help you identify scams that come in via email. Don't click on links without checking the actual URL. Don't view email as HTML, always as plain text (where you can see the <div> and <a href=.. stuff). There are a host of other steps you can take to counter social engineering attacks via email but the majority are to do with you, not the OS. -- Neil Williams ============= http://www.data-freedom.org/ http://www.nosoftwarepatents.com/ http://www.linux.codehelp.co.uk/
Attachment:
signature.asc
Description: This is a digitally signed message part
-- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html