Re: Obama Order Sped Up Wave of Cyberattacks Against Iran

[Ian Hayes <cthulhucalling () gmail com>]

On Sun, Jun 10, 2012 at 2:06 PM, Laurelai <laurelai () oneechan org> wrote:
> I am a bit surprised by the direction of this conversation and I have been
> waiting for someone to say the obvious in regards to protecting yourself
> from .gov malware, it really is quite simple if you think about it. Stuxnet,
> duqu, flame, ect.. all only run on windows platforms. If the people you are
> protecting are concerned about that kind of malware (and they should be) it
> would be a great time to tell them about GNU/Linux, BSD, ect..

What makes you think the world doesn't already know about these, and
that the various world governments don't already have their own 0days
or hooks into them? Why was Stuxnet written on Windows? Not because of
it's history of flaws, but because the Siemens PLC code that
interfaces with the centrifuges runs on Windows. If it ran on any
other platform, I would *guarantee* that it would still happen. "Just
run Linux" is not a panacea that instantly cures everything. Mac
fanboys used to say the same thing until someone decided to shut them
up. I've worked at places where it was Linux 100% and we STILL had
security issues. Conversely, I've worked at Windows heavy shops that
were actually well-run, and didn't have the mythical security issues
that seem to plague the news.

The operating system is merely the conduit, one has to look past that
to the motivation of the attacking party. Consider this your own
Riddle of Steel.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/