I think there is some miss conception about where my stance is on the
strengths of linux and where I put my support. I spend 80% of my time in
a linux or bsd based system and 90+% of the code that I write runs on
one of many unix derivatives. I prefer freebsd over most (bsd or linx
distros) although I have been playing with plan9 a lot lately and have
found some great advantages to kfs.
Your crass and immature comments do not affect me... although I would
invite mature conversation.
My favorite exploits that I have been using lately are a lot of session
hijacking and zone transfer exploits. Also I will be releasing a paper
in about two months through Guardent (www.guardent.com) about a
technique that very effectively maps out the internal structure of
networks regardless of firewalls and circumvents IDS systems.
While I do agree with the statement about the amount of bugs in windows.
There are a considerable a mount more but I still stand by there are few
that will provide you a command line level or root level remote access
to a windows machine (that maybe because I do not use windows often).
As far as the monolithic security of a windows machine it is an issue it
is one of many issues that have problems. Another that is significant is
the lacking of level 0 kernel mode security check thus allowing a rouge
dll to do anything.
One of my biggest issue with both windows and linux systems currently is
the everlasting password/password hash. I have been working on a single
use hash structure.
wt
-----Original Message-----
From: Derek Glidden [mailto:dglidden@illusionary.com]
Sent: Thursday, August 09, 2001 11:57 AM
To: slug@nks.net
Subject: Re: [SLUG] Insight on Code Red II
Wyly Wade wrote:
>
> There are several exploits that allow root access within linux there
are
> few windows exploits that allow you control of the machine other dds
or
> flood attacks.
Really? What root exploits are there for Linux? I'd like at least a
couple of URLs to these exploits so that I can see for myself exactly
what they mean and if they're one of the known exploits for BIND or if
it's something truly new and dangerous like being able to compromise a
machine by opening an email as a non-root user.
And as far as there being "few windows exploits" BUGTRAQ certainly
disagrees with you:
http://www.securityfocus.com/
> I am an advocate for opensource and have spent hundreds of hours
> contributing to it as well as working with it. I feel there are many
> merits to stand on for the different linux distro's but I would not
> actively say that security is at the top of that list.
You clearly don't have even the slightest clue about Windows "security"
vs. Linux/UNIX security and are making this statement from a position of
utter ignorance.
The whole point of the UNIX security model that Linux follows is that
every user and process is segregated out to prevent things like opening
an email attachment from wiping your whole filesystem. Windows
"security" model is one of "one system, one user" which is what makes it
so vulnerable. However, no matter how much I'll explain the
differences, I have the suspicion that you will just disagree with me on
principle rather than with any intelligent response, so I'll leave it at
that.
"Sure I love Linux and work with it all the time but Windows is better."
Mmmmm... smells like Astroturf...
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
#!/usr/bin/perl -w
$_='while(read+STDIN,$_,2048){$a=29;$b=73;$c=142;$t=255;@t=map
{$_%16or$t^=$c^=($m=(11,10,116,100,11,122,20,100)[$_/16%8])&110;
$t^=(72,@z=(64,72,$a^=12*($_%16-2?0:$m&17)),$b^=$_%64?12:0,@z)
[$_%8]}(16..271);if((@a=unx"C*",$_)[20]&48){$h=5;$_=unxb24,join
"",@b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/...$/1$&/;$d=
unxV,xb25,$_;$e=256|(ord$b[4])<<9|ord$b[3];$d=$d>>8^($f=$t&($d
>>12^$d>>4^$d^$d/8))<<17,$e=$e>>8^($t&($g=($q=$e>>14&7^$e)^$q*
8^$q<<6))<<9,$_=$t[$_]^(($h>>=8)+=$f+(~$g&$t))for@a[128..$#a]}
print+x"C*",@a}';s/x/pack+/g;eval
usage: qrpff 153 2 8 105 225 < /mnt/dvd/VOB_FILENAME \
| extract_mpeg2 | mpeg2dec -
http://www.eff.org/ http://www.opendvd.org/
http://www.cs.cmu.edu/~dst/DeCSS/Gallery/
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 18:56:40 EDT