Full Disclosure mailing list archives

Re: RE: Linux (in)security

From: Kenton Smith <ksmith () chartwelltechnology com>
Date: 22 Oct 2003 11:17:44 -0600

What I find interesting about this is that the survey was done by a
company that sells security services. And of course I'm sure the news
release was put out by them as well.
Why not show in-house IT staff as being just as stupid as any other
user.
Sales pitch; "You need our services because your administrator was
tricked into giving his password in an online survey."

On Wed, 2003-10-22 at 08:12, Schmehl, Paul L wrote:

-----Original Message-----
From: Peter Busser [mailto:peter () adamantix org] 
Sent: Wednesday, October 22, 2003 3:10 AM
To: full-disclosure () lists netsys com
Subject: Linux (in)security (Was: Re: [Full-disclosure] Re: 
No Subject)

In general people seem to believe that Linux is either secure 
or can be made secure by removing packages and unused 
services. This believe that Linus is already secure makes 
people uninterested in security. Why improve something that 
is already sufficient? Besides that, it is more rewarding to 
write a new window manager providing more and faster flashy 
eye candy than to fix potential memory allocation problems 
that noone ever notices. Well, until it becomes a problem that is.


Is it any wonder?  With thousands of rabid slash dotters cajoling their
friends into switching to Linux because "it's secure out of the box" and
"it can't be infected like Windows", what would anyone expect?  The same
idiots that can't keep a Windows box from being owned are now using
Linux.  And the result is the same.

Now, lest you get your hopes up and think it's possible to change the
world, read this:

http://www.ukauthority.com/articles/story898.asp

After reading this, I had a good cry and then took some aspirin.  :-(

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: [inbox] Re: RE: Linux (in)security, (continued)
- - - Re: [inbox] Re: RE: Linux (in)security Henning Brauer (Oct 30)
    - Re: RE: Linux (in)security Ron DuFresne (Oct 23)
    - Re: RE: Linux (in)security Peter Busser (Oct 23)
    - Re: RE: Linux (in)security Ron DuFresne (Oct 23)
    - Linux Exec Shield (was: Linux (in)security) Chris Ruvolo (Oct 23)
    - Re: Linux Exec Shield (was: Linux (in)security) Peter Busser (Oct 23)
    - Re: Linux Exec Shield (was: Linux (in)security) Arjan van de Ven (Oct 23)
    - Re: Linux Exec Shield (was: Linux (in)security) Chris Ruvolo (Oct 24)
- Re: RE: Linux (in)security Shawn McMahon (Oct 22)
  - Re: RE: Linux (in)security I.R. van Dongen (Oct 22)
- Re: RE: Linux (in)security Kenton Smith (Oct 22)
  - Re: RE: Linux (in)security Robert Brockway (Oct 22)
- Re: RE: Linux (in)security John Sage (Oct 23)
  - Re: RE: Linux (in)security madsaxon (Oct 23)
    - Re: RE: Linux (in)security Ron DuFresne (Oct 23)
    - Re: RE: Linux (in)security Paul Schmehl (Oct 23)
- RE: RE: Linux (in)security Bassett, Mark (Oct 22)
- RE: Linux (in)security Feher Tamas (Oct 27)