Full Disclosure mailing list archives
Re: [inbox] Re: CyberInsecurity: The cost of Monopoly
From: "Kristian Hermansen" <khermansen () ht-technology com>
Date: Mon, 29 Sep 2003 00:36:42 -0400
Just my two cents, but the number of patches does NOT necessarily equate to platform stability. If you had more people researching Netware flaws (since the percentage of people using it is so low in comparison), I'm sure your theory would deflate. I'm not saying that Windows is secure in the least, but I think that every corporation trades off the cost of secure/quality code for insecure/sloppy feature sets. The reason that MOST people look to exploit software/OS's is so that they can gain priviledges on the system. Windows machines make up 90-95% of the systems on the internet, so people who discover an exploit for this widely used OS are likely to find a vulnerable machine which is easily exploitable and has the resources they want. Unix/Linux systems are very powerful, and although they don't make up a large portion of the net, they are widely used as servers, which typically have vast resourses available by an exploiter. Novell, on the other hand, are rare to run into. How many people on this list have ever owned a Novell box? How many have even ever encountered one before? This is partly the reason for the lack of security patches. If there are so few boxes on the net with relatively little use, why do we need Netware exploits? They do exist, but who here has ever used one? If Netware were as popular as Windows, I'm sure a whole mess of bugs would be found. Anyways, that's just like my opinion...man....(the dude) Kris Hermansen ----- Original Message ----- From: "Curt Purdy" <purdy () tecman com> To: "'Rodrigo Barbosa'" <rodrigob () suespammers org>; <full-disclosure () lists netsys com> Sent: Sunday, September 28, 2003 6:11 PM Subject: RE: [inbox] Re: [Full-disclosure] CyberInsecurity: The cost of Monopoly
I must disagree. When Netware has had one major security patch this year vs. 39 for Microsoft, the quality of the platform becomes fundamental. Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA Information Security Engineer DP Solutions ---------------------------------------- If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- former White House cybersecurity zar Richard Clarke -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com]On Behalf Of Rodrigo Barbosa Sent: Saturday, September 27, 2003 3:36 AM To: full-disclosure () lists netsys com Subject: [inbox] Re: [Full-disclosure] CyberInsecurity: The cost of Monopoly On Fri, Sep 26, 2003 at 11:59:04PM -0600, Bruce Ediger wrote:On Fri, 26 Sep 2003, Rick Kingslan wrote: Oh, wait. Apache has about 2 times the market share of IIS, and I'm still getting Code Red and Nimda hits TWO YEARS after they were
released.
By contrast, I only got about 2 days worth of hits from Slapper.Ok, I'm all for opensource and stuff. But this kind of thing, like still getting hitted by code red (same here), speaks more about the quality of the administrators then of the platform itself. -- Rodrigo Barbosa <rodrigob () suespammers org> "Be excellent to each other ..." - Bill & Ted (Wyld Stallyns) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: CyberInsecurity: The cost of Monopoly, (continued)
- Re: CyberInsecurity: The cost of Monopoly Gregory A. Gilliss (Sep 25)
- RE: CyberInsecurity: The cost of Monopoly Mike Hoskins (Sep 26)
- RE: CyberInsecurity: The cost of Monopoly Marc Maiffret (Sep 26)
- Re: CyberInsecurity: The cost of Monopoly Fabio Gomes de Souza (Sep 26)
- Re: CyberInsecurity: The cost of Monopoly Paul Schmehl (Sep 26)
- RE: CyberInsecurity: The cost of Monopoly Rick Kingslan (Sep 26)
- RE: CyberInsecurity: The cost of Monopoly Bruce Ediger (Sep 26)
- Re: CyberInsecurity: The cost of Monopoly Matthew Murphy (Sep 27)
- Re: CyberInsecurity: The cost of Monopoly Rodrigo Barbosa (Sep 27)
- RE: [inbox] Re: CyberInsecurity: The cost of Monopoly Curt Purdy (Sep 28)
- Re: [inbox] Re: CyberInsecurity: The cost of Monopoly Kristian Hermansen (Sep 28)
- Re: [inbox] Re: CyberInsecurity: The cost of Monopoly Gregory A. Gilliss (Sep 29)
- Re: [inbox] Re: CyberInsecurity: The cost of Monopoly Valdis . Kletnieks (Sep 30)
- Re: [inbox] Re: CyberInsecurity: The cost of Monopoly Rodrigo Barbosa (Sep 29)
- Re: CyberInsecurity: The cost of Monopoly Gregory A. Gilliss (Sep 26)
- RE: CyberInsecurity: The cost of Monopoly Rick Kingslan (Sep 27)
- Re: CyberInsecurity: The cost of Monopoly Fabio Gomes de Souza (Sep 28)
- RE: CyberInsecurity: The cost of Monopoly Rick Kingslan (Sep 27)