You really, REALLY, need to read this:
https://wiki.ubuntu.com/BasicSecurity
You should also look here:
http://www.ubuntu.com/usn/
That last link is the known, published list of vulnerabilities in Ubuntu. Yes, Ubuntu has vulnerabilities.
What's on this list is not nearly as important as what's not on this list.
Most of the time, everything on this list has an update to close the vulnerability. They don't generally publish the vulnerability until they can stop it. Sometimes they do, if it's a serious problem and there's no fix available.
But here's what's NOT on that list:
- Vulnerabilities known to white-hats which are not yet tested.
- Vulnerabilities known to white-hats which have been tested but not yet solved.
- Vulnerabilities known to black-hats which have not been discovered by white-hats.
- Vulnerabilities unknown by anyone which may be bugs that transmit data in an unsuspected way.
- You can probably figure out a few more ways, I'm not going to write a book.
If you haven't figured it out yet, white hats in this case are the good guys: Developers, Ubuntu staff, well-intentioned users, organizations like CERT. Black hats are the bad guys.
Now, there's a whole lot of people who believe that if you keep your system updated you don't have anything to worry about. That's untrue. There may be days, weeks or months between the time a black hat discovers a vulnerability and the time it's blocked by a security update, and the time you actually
install that update.
If you're one of the unlucky ones and had an exploit on your system, the update might fix the problem but chances are your system already has malware on it or somebody knows your passwords, and you probably will not know it unless you actively look for it and know what to look for.
Bookmarks