Information Security News mailing list archives
Re: "Is Linux a net security risk?"
From: Chris Brenton <cbrenton () SOVER NET>
Date: Thu, 8 Jun 2000 19:38:44 -0400
kw wrote:
Never in my life have I seen such a high degree of utter fucking bullshit in one single article.
I could not agree more, but I would probably state it differently. ;)
By Helen Han SYDNEY, 7 June, 2000 - A SANS Institute of America report has named Linux and Unix operated sites as more vulnerable to internet attacks than Windows and Mac powered sites.
As someone who was involved with the top 10 list I would like to clearly state that SANS, myself and everyone else involved in this project _did not_ name or attempt to name any one operating systems as being more/less secure than any other. The comments above are clearly those of the writer and no one else. The top 10 list is posted at: http://www.sans.org/topten.htm and it clearly states "Here is the expertsÂ’ list of the Ten Most Often Exploited Internet Security Flaws along with the actions needed to rid your systems of these vulnerabilities." The list is exactly that, a tally of the top 10 exploits that those of us involved in the project have seen in the wild the most. There is no attempt to correlate this info as to whether an operating system is more or less secure. In fact, nearly half the items (CGI, Export file shares, password policy, SNMP community names) are completely platform independent. They are an equal problem on any given networked platform. No where in the posting does SANS name Linux or any other operating system as a "security risk" as the title of this article implies. I hate to say it, but this author has no idea what she's talking about. I also find it interesting that out of all the people interviewed, none of them where directly involved with the project. You would think that at least one direct source would have been involved. Regards, Chris -- ************************************** cbrenton () sover net * Mastering Cisco Routers http://www.amazon.com/exec/obidos/ASIN/078212643X/ * Mastering Network Security http://www.amazon.com/exec/obidos/ASIN/0782123430/ ISN is sponsored by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- "Is Linux a net security risk?" kw (Jun 08)
- Re: "Is Linux a net security risk?" Matt Dickerson (Jun 08)
- Re: "Is Linux a net security risk?" Chris Brenton (Jun 08)