Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [inbox] Re: CyberInsecurity: The cost of Monopoly

From: "Kristian Hermansen" <khermansen () ht-technology com>
Date: Mon, 29 Sep 2003 00:36:42 -0400
Just my two cents, but the number of patches does NOT necessarily equate to
platform stability.  If you had more people researching Netware flaws (since
the percentage of people using it is so low in comparison), I'm sure your
theory would deflate.  I'm not saying that Windows is secure in the least,
but I think that every corporation trades off the cost of secure/quality
code for insecure/sloppy feature sets.  The reason that MOST people look to
exploit software/OS's is so that they can gain priviledges on the system.
Windows machines make up 90-95% of the systems on the internet, so people
who discover an exploit for this widely used OS are likely to find a
vulnerable machine which is easily exploitable and has the resources they
want.  Unix/Linux systems are very powerful, and although they don't make up
a large portion of the net, they are widely used as servers, which typically
have vast resourses available by an exploiter.  Novell, on the other hand,
are rare to run into.  How many people on this list have ever owned a Novell
box?  How many have even ever encountered one before?  This is partly the
reason for the lack of security patches.  If there are so few boxes on the
net with relatively little use, why do we need Netware exploits?  They do
exist, but who here has ever used one?  If Netware were as popular as
Windows, I'm sure a whole mess of bugs would be found.  Anyways, that's just
like my opinion...man....(the dude)

Kris Hermansen


----- Original Message ----- 
From: "Curt Purdy" <purdy () tecman com>
To: "'Rodrigo Barbosa'" <rodrigob () suespammers org>;
<full-disclosure () lists netsys com>
Sent: Sunday, September 28, 2003 6:11 PM
Subject: RE: [inbox] Re: [Full-disclosure] CyberInsecurity: The cost of
Monopoly



I must disagree.  When Netware has had one major security patch this year
vs. 39 for Microsoft, the quality of the platform becomes fundamental.

Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions

----------------------------------------

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity zar Richard Clarke


-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com]On Behalf Of Rodrigo
Barbosa
Sent: Saturday, September 27, 2003 3:36 AM
To: full-disclosure () lists netsys com
Subject: [inbox] Re: [Full-disclosure] CyberInsecurity: The cost of
Monopoly


On Fri, Sep 26, 2003 at 11:59:04PM -0600, Bruce Ediger wrote:

On Fri, 26 Sep 2003, Rick Kingslan wrote:
Oh, wait.  Apache has about 2 times the market share of IIS, and I'm
still getting Code Red and Nimda hits TWO YEARS after they were

released.


By contrast, I only got about 2 days worth of hits from Slapper.


Ok, I'm all for opensource and stuff. But this kind of thing, like
still getting hitted by code red (same here), speaks more about the
quality of the administrators then of the platform itself.

--
Rodrigo Barbosa <rodrigob () suespammers org>
"Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: