Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Re: "Is Linux a net security risk?"

From: Chris Brenton <cbrenton () SOVER NET>
Date: Thu, 8 Jun 2000 19:38:44 -0400
kw wrote:


Never in my life have I seen such a high degree of utter fucking bullshit
in one single article.


I could not agree more, but I would probably state it differently. ;)


By Helen Han

SYDNEY, 7 June, 2000 - A SANS Institute of America report has named Linux
and Unix operated sites as more vulnerable to internet attacks than
Windows and Mac powered sites.


As someone who was involved with the top 10 list I would like to clearly
state that SANS, myself and everyone else involved in this project _did
not_ name or attempt to name any one operating systems as being
more/less secure than any other. The comments above are clearly those of
the writer and no one else.

The top 10 list is posted at:
http://www.sans.org/topten.htm

and it clearly states "Here is the expertsÂ’ list of the Ten Most Often
Exploited Internet Security Flaws along with the actions needed to rid
your systems of these vulnerabilities."

The list is exactly that, a tally of the top 10 exploits that those of
us involved in the project have seen in the wild the most. There is no
attempt to correlate this info as to whether an operating system is more
or less secure. In fact, nearly half the items (CGI, Export file shares,
password policy, SNMP community names) are completely platform
independent. They are an equal problem on any given networked platform.
No where in the posting does SANS name Linux or any other operating
system as a "security risk" as the title of this article implies.

I hate to say it, but this author has no idea what she's talking about.
I also find it interesting that out of all the people interviewed, none
of them where directly involved with the project. You would think that
at least one direct source would have been involved.

Regards,
Chris
--
**************************************
cbrenton () sover net

* Mastering Cisco Routers
http://www.amazon.com/exec/obidos/ASIN/078212643X/
* Mastering Network Security
http://www.amazon.com/exec/obidos/ASIN/0782123430/

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".
Previous By Date Next
Previous By Thread Next

Current thread: