If you've got an internet server of any sort, then cracking is always going be a possibility, and security bugs are discovered (and quickly fixed) every week. But if you're behind a firewall which blocks all incoming ports then cracking is just about impossible.
But malware exploiting software bugs is certainly possible in any OS. But, contrary to what that Register article says, that bug was fixed in hours and new kernel images released. I upgraded my Debian systems to fix that bug a couple of days ago. It rather looks as though Claranet weren't taking proper note of the security reports.