Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: What is wrong with schools these days?

From: "CrYpTiC MauleR" <crypticmauler () linuxmail org>
Date: Tue, 25 Apr 2006 17:24:06 -0500
Personally I would use a Linux box because if a hole is found you can bet its fixed soon and at least have option of 
using latest nightly etc to update to and fix the hole. I can't say the same for Microfsoft's 1 month patch cycle which 
keeps me open to hole or forces me to disable a service or feature just to be conforted a little until they get around 
to it. Yes I agree no OS is safe, depends on the user and how much effort they put into configuring it and patching it 
on time. All OSs in general can be considered unsafe unless they are properly setup. Yes some are more safe out of the 
box, but most have uneeded services as you said that can be the different of being safe and being owned.



----- Original Message -----
From: "Paul Schmehl" <pauls () utdallas edu>
To: full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] What is wrong with schools these days?
Date: Tue, 25 Apr 2006 12:26:55 -0500


CrYpTiC MauleR wrote:

All you had to say was Microsoft =oP


That's hilarious.  The number one defaced website OS is Linux.  
(See Zone-H.org if you don't believe me.)

The number one problem I have here is unix boxes.  You know why? 
Because a lot of open-source bozos run around claiming unix is more 
secure than Windows.  So a lot of clueless people think that, if 
they just set up a RedHat box, they won't have anything to worry 
about.

Ask them what that little red ball with the X in it is - you know - 
the one flashing up there in the taskbar- and they'll say I dunno.

No OS is secure by default.  No OS can remain secure if it's not 
properly configured and maintained.  Look at your box right now.  
How many of you have inetd or xinetd running?  Why?  What services 
does it provide that you need?  Do you even know what chargen or 
rpc.statd is? If not, why are they running (if they are)?  How many 
of you have a workstation running with more than just ssh enabled 
and *no* firewall running?

You name the OS, and I can tell you of at least one incident of 
hacking.  We haven't had a Windows box hacked in a long time.  The 
last five were two Macs and three RedHat boxes.  Does that mean 
Macs and RedHat are insecure?  NO!  It means, until the general 
public understands the problem and knows what the solution is, 
hacking will continue apace with no sign of letting up.

The real problem is ignorance.

-- Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
<< smime.p7s >>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/







-- 
_______________________________________________
Check out the latest SMS services @ http://www.linuxmail.org
This allows you to send and receive SMS through your mailbox.

Powered by Outblaze

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: