[Gllug] how safe is linux against identity thief

Jon Fautley jfautley at redhat.com
Tue Mar 24 15:33:47 UTC 2009 

On Tue, 24 Mar 2009 15:17:05 +0000
Harry Rickards <hrickards at l33tmyst.com> wrote:

> I wasn't trying to suggest that iptables would stop the identity  
> thief, but if Lucy were to accidentally install a malicious piece of  
> software that were to setup a server on the machine, then a firewall  
> may stop it. I used iptables as an example, as as far as I can tell  
> (I'm not a security expert, as you can probably tell) it seems to be  
> the industry standard.

Standard in which industry?

I see what you're getting at, but the chances of someone having gained
access to Lucy's PC by connecting TO it are minimal. Most unsavoury
bits of software connect outwards - as most of the time people will
firewall the incoming connection, but leave outbound unrestricted.

It's quite likely in this instance that Lucy has either logged into her
bank via an insecure terminal, used a non-secure password (probably
coupled with obtaining other information, maybe social engineering,
maybe even diving through her rubbish), or there's someone dodgy at her
bank that's passed her details on :)

Even if it was malicious software, it's unlikely that, unless you had an
extremely restrictive firewall, IPTables would have made any
difference.

Oh, and while I'm writing this email - good to see you've got the top
posting thing sorted, but if you can please also remove the unnecessary
text in the email - you only need to quote the bit(s) you're responding
to.. as I have here :)

Cheers,

/j
-- 
Jon Fautley RHCE, RHCDS, RHCX, RHCA  email: jfautley at redhat.com
Senior Consultant                    cell :     +44 7841 558683
Global Professional Services
Red Hat UK, 200 Fowler Avenue, Farnborough, Hampshire, GU14 7JP
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 204 bytes
Desc: not available
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20090324/a1e4f621/attachment.pgp>
-------------- next part --------------
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

More information about the GLLUG mailing list