Full Disclosure mailing list archives

security through obsolescence??!@?!

From: full-disclosure () lists netsys com (Charles 'core' Stevenson)
Date: Mon, 15 Jul 2002 15:23:40 -0600

kevin,

word man... rexd to the rescue? hehe... my god I know a couple of 
sysadmins who have the same philosophy. but it's pointless. it's like 
removing read priveleges from vulnerable suids! some of us have over a 
gigabyte of security related exploits, scanners, sniffers, backdoors 
etc.. Dating back to the 80's. ;)

peace,
core

KF wrote:

This has to be one of the stupidest comments I have ever heard! Do you 
honestly think that there are not people with REAL skill out there... 
not just simple skript kiddies. I certainly hope that you wouldn't try 
to "secure" your network with an old redhat 4.2 box,  Xenix or an old NT 
3.51 server. Installing old software is NOT an effective means of 
warding off attackers... infact you may attract a more "old school" with 
"0-day" from back in their day. There has to be numerious issues in 
those old OS's that people have not told the vendors ... there were 
never any public patches made ... etc. Don't kid yourselves... and if 
you REALLY think this works... be so kind as to give us the IP addresses 
for these legacy machines.
-KF

Posted: 06/06/2002 at 12:10 GMT
  [724.gif] Here's an interesting way to secure an Internet-connected
  computer against intruders: Make sure the operating system and
  software it runs are so old that current hacking tools won't work on
  it. This was suggested by Brian Aker, one of the programmers who works
  on Linux.com, NewsForge, Slashdot, and other OSDN sites; he runs
  several servers of his own that host a number of small non-profit
  sites in the Seattle area. "I have one box still running a version of
  Solaris that's so old none of the script kiddies can figure it out,"
  Brian says. "They tend to focus on the latest and greatest, and don't
  have the slightest idea how to handle my old Sun box."




_______________________________________________
Full-Disclosure - We believe in it.
Full-Disclosure () lists netsys com
http://lists.netsys.com/mailman/listinfo/full-disclosure

Current thread:

Anonymous surfing my ass!, (continued)
- - - Anonymous surfing my ass! Steve (Jul 14)
    - Anonymous surfing my ass! Chris L. Mason (Jul 14)
    - Anonymous surfing my ass! Nick FitzGerald (Jul 14)
    - Counseling not to use Windows (was Re: Anonymous surfing my ass!) David F. Skoll (Jul 14)
    - Counseling not to use Windows (was Re: Ano Nick FitzGerald (Jul 14)
    - Counseling not to use Windows (was Re: Ano Ron DuFresne (Jul 14)
    - Counseling not to use Windows (was Re: Ano Chris L. Mason (Jul 15)
    - Counseling not to use Windows (was Re: Ano David F. Skoll (Jul 15)
    - w32.frethem.k@mm and good reading Mark J. Walborn (Jul 15)
    - security through obsolescence??!@?! KF (Jul 15)
    - security through obsolescence??!@?! Charles 'core' Stevenson (Jul 15)
    - security through obsolescence??!@?! martin f krafft (Jul 15)
    - w32.frethem.k@mm and good reading Ron DuFresne (Jul 15)
    - w32.frethem.k@mm and good reading Nathan Fain (Jul 16)
    - Anonymous surfing my ass! Ron DuFresne (Jul 14)
    - Anonymous surfing my ass! Charles 'core' Stevenson (Jul 14)