Sure, Ubuntu boxes have been owned. We've seen evidence of that on this forum. They're usually poorly configured servers though, I haven't personally seen any desktops without services getting owned on this forum.
+10,000Originally Posted by OpSecShellshock
Again, the whole purpose of the Basic Security Wiki was to address these precise points that the OP raised. 1. How can we give the average user a sense of security without getting too technical? 2. How can an average user set up a reasonably secure Ubuntu box? 3. Can we introduce slightly more complex ideas to the new user? 4. Can we give the average user some guidance in reading logs when they think they've been owned?
The major problem we encountered when creating those documents is that security IS technical. It cannot be distilled into easy-to-digest sound bytes for non-technical users. If we are going to be really, truly honest, the fact is you need to understand a threat before you can say you're properly defending against it. So an uneducated user can never say they're 100% secure.
For us to say "relax and enjoy" to me says "don't worry about anything, click on anything, don't bother with updates." And that's patently untrue. Unfortunately at this point in time, the user bears some of the responsibility in remaining secure. Perhaps one day the industry will improve and be able to secure non-technical users in spite of themselves. But for now it just doesn't work that way.