FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 03-30-2008, 09:56 AM
Chris
 
Default Linux is KING - Couldn't be hacked - Mac, Vista went down in flames

Manuel Aróstegui wrote:

El sáb, 29-03-2008 a las 12:24 -0400, Jim escribió:

Read article


That's cool, but it's far to be the real scenario we face everyday.
I guess that Linux box was secure but the truth here, as far as I've
been able to see is that either Windows or Linux (I have no mac
experience) are both pretty insecure if they're been running by a dumb
administrator.
It is clear that a Linux, out of the box, has less chances to be hacked
than a windows in the same situation.

But for me, this hacking contest does not represent a real scenario.

Anyways, I'm glad Linux survived, do not take me wrong :-)
Manuel


Let's also not forget the most important part of the article - it
mentioned something about Java allowing MS security to be circumvented.


That leads me to think that if Java was not installed on that box, would
it have been hacked?


Perhaps not. So, I think the article is very misleading. To me, I could
care either way. as pointed out else where in this thread, a properly
patched and managed box (under any OS) can be very difficult to hack.


I wonder why (at least in this article) OpenBSD was not mentioned.
Perhaps it was just a session that was betwix Linux & MS.


Best Regards,

Chris



--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 03-30-2008, 07:07 PM
Chris
 
Default Linux is KING - Couldn't be hacked - Mac, Vista went down in flames

On Sun, 30 Mar 2008 15:48:27 -0300 (ADT)
"George N. White III" <aa056@chebucto.ns.ca> wrote:

> On Sun, 30 Mar 2008, Chris wrote:
>
> > Manuel Aróstegui wrote:
> >> El sáb, 29-03-2008 a las 12:24 -0400, Jim escribió:
> >>> Read article
> >>
> >> That's cool, but it's far to be the real scenario we face everyday.
> >> I guess that Linux box was secure but the truth here, as far as
> >> I've been able to see is that either Windows or Linux (I have no
> >> mac experience) are both pretty insecure if they're been running
> >> by a dumb administrator.
> >> It is clear that a Linux, out of the box, has less chances to be
> >> hacked than a windows in the same situation.
> >>
> >> But for me, this hacking contest does not represent a real
> >> scenario.
> >>
> >> Anyways, I'm glad Linux survived, do not take me wrong :-)
> >> Manuel
> >
> > Let's also not forget the most important part of the article - it
> > mentioned something about Java allowing MS security to be
> > circumvented.
> >
> > That leads me to think that if Java was not installed on that box,
> > would it have been hacked?
>
> If you don't want to install Java you need to tell us what
> alternative is going to provide better security. Many developers use
> Java because the work needed to implement the functionality
> (including the attention to security issues) would be prohibitive.

I still feel that if Java was not installed on the MS box, it still
raises the question, would the box have been hacked?

Java is not part of the default install (afaik) XP, Vista, etc.
One might ask, perhaps the folks that setup these boxen, did they
knowingly install Java with the pre-thought that that would be a way
in.

> MS was chosen for this attack because the person who knew the Java
> exploit also happened to be familiar with MS. Such attacks often
> proceed in stages:

Here again, this seems unfair. These tests should have been done on
boxen that did not have 3rd part apps etc. Still seems like a tainted
test.

> 1. get user-level access via a browser, java, etc.
> 2. elevate to "admin/root" privileges, which is where knowledge of
> the specific OS comes in.
>
> Often the 1st step works on multiple platforms.

Assuming the multi-platforms are setup with as close to the same
programs as possible.

>
> > Perhaps not. So, I think the article is very misleading. To me, I
> > could care either way. as pointed out else where in this thread, a
> > properly patched and managed box (under any OS) can be very
> > difficult to hack.
>
> Or not, if you happen to know of an unpatched vulnerability.
>
> > I wonder why (at least in this article) OpenBSD was not mentioned.
> > Perhaps it was just a session that was betwix Linux & MS.
>
> OS X was the first to fall (via safari), so the BSD camp didn't fare
> very well.
>

As you do know, I specifically mentioned OpenBSD. I would like to see
them folks go against an out of the box install of Linux (any distro)
and OpenBSD - that would be a telling tale indeeed.

In any event, as we all also know, these sorts of tests and results can
be manipulated to reflect any ones agenda - I for one, have never been
a fan of these things. It really proves nothing.

--
Best regards,
Chris

"There's no place like 127.0.0.1"
--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 03-30-2008, 07:07 PM
Chris
 
Default Linux is KING - Couldn't be hacked - Mac, Vista went down in flames

On Sun, 30 Mar 2008 15:48:27 -0300 (ADT)
"George N. White III" <aa056@chebucto.ns.ca> wrote:

> On Sun, 30 Mar 2008, Chris wrote:
>
> > Manuel Aróstegui wrote:
> >> El sáb, 29-03-2008 a las 12:24 -0400, Jim escribió:
> >>> Read article
> >>
> >> That's cool, but it's far to be the real scenario we face everyday.
> >> I guess that Linux box was secure but the truth here, as far as
> >> I've been able to see is that either Windows or Linux (I have no
> >> mac experience) are both pretty insecure if they're been running
> >> by a dumb administrator.
> >> It is clear that a Linux, out of the box, has less chances to be
> >> hacked than a windows in the same situation.
> >>
> >> But for me, this hacking contest does not represent a real
> >> scenario.
> >>
> >> Anyways, I'm glad Linux survived, do not take me wrong :-)
> >> Manuel
> >
> > Let's also not forget the most important part of the article - it
> > mentioned something about Java allowing MS security to be
> > circumvented.
> >
> > That leads me to think that if Java was not installed on that box,
> > would it have been hacked?
>
> If you don't want to install Java you need to tell us what
> alternative is going to provide better security. Many developers use
> Java because the work needed to implement the functionality
> (including the attention to security issues) would be prohibitive.

I still feel that if Java was not installed on the MS box, it still
raises the question, would the box have been hacked?

Java is not part of the default install (afaik) XP, Vista, etc.
One might ask, perhaps the folks that setup these boxen, did they
knowingly install Java with the pre-thought that that would be a way
in.

> MS was chosen for this attack because the person who knew the Java
> exploit also happened to be familiar with MS. Such attacks often
> proceed in stages:

Here again, this seems unfair. These tests should have been done on
boxen that did not have 3rd part apps etc. Still seems like a tainted
test.

> 1. get user-level access via a browser, java, etc.
> 2. elevate to "admin/root" privileges, which is where knowledge of
> the specific OS comes in.
>
> Often the 1st step works on multiple platforms.

Assuming the multi-platforms are setup with as close to the same
programs as possible.

>
> > Perhaps not. So, I think the article is very misleading. To me, I
> > could care either way. as pointed out else where in this thread, a
> > properly patched and managed box (under any OS) can be very
> > difficult to hack.
>
> Or not, if you happen to know of an unpatched vulnerability.
>
> > I wonder why (at least in this article) OpenBSD was not mentioned.
> > Perhaps it was just a session that was betwix Linux & MS.
>
> OS X was the first to fall (via safari), so the BSD camp didn't fare
> very well.
>

As you do know, I specifically mentioned OpenBSD. I would like to see
them folks go against an out of the box install of Linux (any distro)
and OpenBSD - that would be a telling tale indeeed.

In any event, as we all also know, these sorts of tests and results can
be manipulated to reflect any ones agenda - I for one, have never been
a fan of these things. It really proves nothing.

--
Best regards,
Chris

"There's no place like 127.0.0.1"
--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 04-02-2008, 02:31 PM
"Mikkel L. Ellertson"
 
Default Linux is KING - Couldn't be hacked - Mac, Vista went down in flames

Les wrote:

Actually, Microsoft was a late comer to personal computers. I own
(still) an Altair 8800B, and owned a
Morrow Microdecision before that, both on CP/M. And prior to that I had
systems that ran various other OS's
that were a bit more limited, and one straight bootstrap system for

which you had to furnish an OS of your favorite
flavor. Microsoft did not create, or really enable personal computers,
they just got the contract to write the OS for IBM, and were able to
bootstrap that into the corporation you see today.

Microsoft's entry into the personal computer market was by supplying
a version of BASIC that for several operating systems. I can
remember loading it from tape, and later burning it to EPROM with a
small relocation program to move it into RAM at the address it
expected to run. (It was not relocatable...)


Mikkel
--

Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 

Thread Tools




All times are GMT. The time now is 12:52 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org