No, he was putting public keys (not private) into a home directory. Specifically, the user was root which was only possible because a)
/root was exported (via exporting /), b) root squash wasn't enabled. Yes, nfs3 is fundamentally insecure. Any vaguely competent sysadmin knows this and knows to take appropriate precautions.
And what's the appropriate action besides root_squash and proper host access control (/etc/exports,tcp wrappers, firewall, etc
It still doesn't do any real authentication.
All trojans/bots/ransomsware is designed to circumvent antivirus. It is a arms wars between viri and anti-virus. At the moment the viri are winning it
:(.
Well it's a reactive business (hopefully) so that's to be expected.
TCP isn't noticably more secure than UDP - the extra fields in TCP are unsigned and can be spoofed too.
But it's a lot harder since you need to have the server believe you've established a connection and can't just dump spoofded data on the wire like with UDP.
Thus, security is implemented on top of the transport layer, where it works just as well for udp as tcp. The advantage of udp then is that you get more payload per encrypted or signed unit, thus higher speed.
What are you talking about: NFSv4 ?, ipsec ? What is this security you speak of.
Also, avoid distros that set up NFS to use tcp instead of the default udp. That's a huge performance killer, and not needed unless you use hubs instead of switches or need to tunnel the traffic.)
I'm not avoiding a distro if it chooses tcp over udp.
Isn't using UDP instead of TCP removing that last bit of pseudo-security NFS has ?
Aren't you now vulnerable to all sort of spoofing mayhem now ?
init doesn't manage services. Services are either managed by inetd or by themselves. init only has to start the services.
That's not completely true: init (re)spawns (a|min)getties on the ttys. So it does some monitoring of its "special" children.
Wether this is feature creep and/or an exception I don't know.
The only problem with Macs is that people hoard them instead of throwing them in the trash where they belong. Else I would have picked up a Mac Mini on the ground, install BootCamp on it and then it would be about good enough as a DHCP server and porn storage unit.
So you want one but can't get one through "dumpster diving". Oh, poor you.
"Ninety percent of baseball is half mental." -- Yogi Berra