What I won't discuss (cont)

Physical security
Keystroke logger dongles, tempest monitor attacks

Boot security
lilo/grub/bios passwords, sulogin 

User-space security tools
StackGuard, FormatGuard, tmpwatcher

Bugs in specific software
BIND, Sendmail, OpenSSL timing attacks, Apache Denial of Service attacks, BIND, Mutt imap vulnerability, Sendmail, BIND...

Known bad ideas
rsh / rlogin / telnet, xhost+, logging in as root

Anything I've inadvertantly omitted