Re: [SLUG] Insight on Code Red II

From: Derek Glidden (dglidden@illusionary.com)
Date: Thu Aug 09 2001 - 11:56:51 EDT


Wyly Wade wrote:
>
> There are several exploits that allow root access within linux there are
> few windows exploits that allow you control of the machine other dds or
> flood attacks.

Really? What root exploits are there for Linux? I'd like at least a
couple of URLs to these exploits so that I can see for myself exactly
what they mean and if they're one of the known exploits for BIND or if
it's something truly new and dangerous like being able to compromise a
machine by opening an email as a non-root user.

And as far as there being "few windows exploits" BUGTRAQ certainly
disagrees with you:

http://www.securityfocus.com/
 
> I am an advocate for opensource and have spent hundreds of hours
> contributing to it as well as working with it. I feel there are many
> merits to stand on for the different linux distro's but I would not
> actively say that security is at the top of that list.

You clearly don't have even the slightest clue about Windows "security"
vs. Linux/UNIX security and are making this statement from a position of
utter ignorance.

The whole point of the UNIX security model that Linux follows is that
every user and process is segregated out to prevent things like opening
an email attachment from wiping your whole filesystem. Windows
"security" model is one of "one system, one user" which is what makes it
so vulnerable. However, no matter how much I'll explain the
differences, I have the suspicion that you will just disagree with me on
principle rather than with any intelligent response, so I'll leave it at
that.

"Sure I love Linux and work with it all the time but Windows is better."

Mmmmm... smells like Astroturf...

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
#!/usr/bin/perl -w
$_='while(read+STDIN,$_,2048){$a=29;$b=73;$c=142;$t=255;@t=map
{$_%16or$t^=$c^=($m=(11,10,116,100,11,122,20,100)[$_/16%8])&110;
$t^=(72,@z=(64,72,$a^=12*($_%16-2?0:$m&17)),$b^=$_%64?12:0,@z)
[$_%8]}(16..271);if((@a=unx"C*",$_)[20]&48){$h=5;$_=unxb24,join
"",@b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/...$/1$&/;$d=
unxV,xb25,$_;$e=256|(ord$b[4])<<9|ord$b[3];$d=$d>>8^($f=$t&($d
>>12^$d>>4^$d^$d/8))<<17,$e=$e>>8^($t&($g=($q=$e>>14&7^$e)^$q*
8^$q<<6))<<9,$_=$t[$_]^(($h>>=8)+=$f+(~$g&$t))for@a[128..$#a]}
print+x"C*",@a}';s/x/pack+/g;eval 

usage: qrpff 153 2 8 105 225 < /mnt/dvd/VOB_FILENAME \ | extract_mpeg2 | mpeg2dec -

http://www.eff.org/ http://www.opendvd.org/ http://www.cs.cmu.edu/~dst/DeCSS/Gallery/



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 18:55:43 EDT