There was a recent discussion about how nearly every computer operating system could be "powned" by the NSA, and how you should use "my favorite supersecure OS" to avoid the problem.
This is somewhat unhelpful.
There is a basic principle of computer security - no access means no vulnerability. An attacker can hammer away at a machine and if it doesn't respond - then he/she/it doesn't get anywhere. (I'll make this more formal after the orange do-dad)
How then do you check if your machine responds to outsiders? There's a relatively easy to use tool for this - nmap. (short unixy way of saying network mapper).
Network communications use sets of packets of data that are transmitted in various ways. The protocol used almost exclusively today is TCP/IP. (TCP defines the formal structure of the two machines talking to each other while IP defines the structure of the data itself) Formally, TCP/IP goes through a defined handshake protocol when it is in the process of exchanging a data packet. (There are attacks which abuse this handshake protocol, but they are mostly for denial of service (nowadays). I'm going to ignore these attacks simply because there isn't very much you can do about them - except use a seperate router/firewall and keep your operating system up to date). Part of this handshake involves finding the service or particular program that handles a given packet. This is known as the port.
For example, the dailykos webserver uses port 80 - which calls up whichever webserver (probably apache) that will return the web page you're looking at. SMTP - or email goes to port 25, Chargen (pages and pages of characters) is port 19 and SSH (secure shell) is port 22.
If there isn't a program associated with a port then the TCP/IP handler immediately drops the communication and ignores the rest of it. Ports can also be blocked and simply invisible.
So clearly - if you don't respond to a call on a port then the problem of cracking into your machine becomes much harder - the attacker needs to crash the whole thing rather than just a buggy email program.
This is where nmap comes into the fore.
nmap ip-address (those numbers that are associated with your machine for example
nmap 192.168.1.112)
scans the machine and tells you what services/ports are open. There are a whole mess more commands, but the defaults do most of what you need. You can also use wild cards (192.168.1.*) to scan a range of addresses. You may have to use "administrator" or "root" to run this command and versions exist for linux, windows and OSX. (by the way - if you're going to scan your campus/work network make sure that the network people won't get upset first and try some of the stealth options).
What you will find is what is open on your machine.
Ideally nothing is open, but usually that's not the case. For example the linux Mint machine I'm using has a couple of netbios ports open so that it plays well with windows. Since windows is the default OS at my august institution of higher learning, I leave those open so that I'm not shut out of the campus network. None the less I know how to turn those off if I decide that the risks outweigh the benefits. I usually find a lot more ports open on the typical windows machine. (I haven't scanned an OSX machine in a while). Recent versions of Android are completely closed.
Many home computers used for gaming will have special game server ports open. These programs are probably not that well tested for vulnerabilities.
It is important to see what is open on your machine. It is equally important to ask yourselft if it is something that you want/need to use. For example, this machine does not ever serve webpages or SSH - so those ports are locked down. It has the bare minimum of netbios ports open to see what is on a windows workgroup and use a windows printer.
Does having no open ports mean you're completely secure?
No. But it does mean that the system is a lot harder to attack. Which brings up a more interesting question - How would such a machine be attacked?
The answer is by getting the user - the human - the weak spot in the security - to help the attacker. For example, embedding the http://user:password@site construct in a script to log into a router from the inside (nominally secure side) of a firewall and change the router settings to allow an outsider to configure it. (This is why it's really really really important to change the default password if you set up a router/wifi unit for a home network - it's only a couple of lines of PHP script to try the most common ones and then your router is open). Similarly Phishing attacks try to trick the user into revealing information that the fraudster wants - the victims wade in "eyes wide shut". Another fun approach is to change the nameserver - the host that gives you a number when you type in a name - to a smaller less used one that is easy to stuff with fraudulent web addresses. Browser-side scripting can do a whole bunch of fun things - some of my favorite examples are the websites that offer to scan your computer for vulnerabilities or "tune your registry" and use the bait of improving your machine as cover to install a worm, virus or some other sleazy bit of code.
But these attacks all require your active participation. Someone scanning from the outside can't just make them happen.
(not to the cognescenti - I've tried to be clear to a non-technical audience and have therefore been a bit general in the presentation)