Printable View
"The Linux fans will be thrilled to find out that their favorite
operating system have proved the safest at the contest organized this
week by the security firm TippingPoint"
[url]http://www.efluxmedia.com/news_Linux_Unhackable_At_TippingPoint_Contest_15743.html[/url]
"Doug Mentohl" <doug_mentohl@linuxmail.org> wrote in message
news:c4ff314a-c66f-45b4-aa1c-e4b1382cb720@a23g2000hsc.googlegroups.com...[color=blue]
> "The Linux fans will be thrilled to find out that their favorite
> operating system have proved the safest at the contest organized this
> week by the security firm TippingPoint"
>
> [url]http://www.efluxmedia.com/news_Linux_Unhackable_At_TippingPoint_Contest_15743.html[/url][/color]
You are starting to take lessons from Shestowicz, I see. A more careful
search on the matter shows that none of the machines could be compromised
remotely (day one) or even locally (day two) with their OS as the only
active element. Once third-party software was allowed, Apple went first and
Vista was compromised by an Adobe flaw based on Java. The perp said that
the same attack would work with Apple or Linux, so the Ubuntu resistance was
pure serendipity.
Bottom line the flaw was in the Adobe product, not in the Microsoft product
and Linux has nothing to be proud of other than being ignored by the
attacker.
>>>>> "amicus" == amicus curious <ACDC@sti.net> writes:
amicus> You are starting to take lessons from Shestowicz, I see.
amicus> A more careful search on the matter shows that none of the
amicus> machines could be compromised remotely (day one) or even
amicus> locally (day two) with their OS as the only active
amicus> element. Once third-party software was allowed, Apple
amicus> went first and Vista was compromised by an Adobe flaw
amicus> based on Java. The perp said that the same attack would
amicus> work with Apple or Linux, so the Ubuntu resistance was
amicus> pure serendipity.
amicus> Bottom line the flaw was in the Adobe product, not in the
amicus> Microsoft product and Linux has nothing to be proud of
amicus> other than being ignored by the attacker.
Then, I have to ask why Linux is being ignored. Maybe, the hackers
consider hacking into a Linux system to be "out of scope", because
it's too difficult?
(Many book authors do pull out (usually, appropriately) the "out of
scope" card to avoid discussing into details of complicated things
that are too difficult and hence "uninteresting" or distracting to the
readers.)
--
Lee Sau Dan §õ¦u´° ~{@nJX6X~}
E-mail: [email]danlee@informatik.uni-freiburg.de[/email]
Home page: [url]http://www.informatik.uni-freiburg.de/~danlee[/url]
LEE Sau Dan wrote:
[color=blue][color=green][color=darkred]
>>>>>> "amicus" == amicus curious <ACDC@sti.net> writes:[/color][/color]
>
> amicus> You are starting to take lessons from Shestowicz, I see.
> amicus> A more careful search on the matter shows that none of the
> amicus> machines could be compromised remotely (day one) or even
> amicus> locally (day two) with their OS as the only active
> amicus> element. Once third-party software was allowed, Apple
> amicus> went first and Vista was compromised by an Adobe flaw
> amicus> based on Java. The perp said that the same attack would
> amicus> work with Apple or Linux, so the Ubuntu resistance was
> amicus> pure serendipity.
>
> amicus> Bottom line the flaw was in the Adobe product, not in the
> amicus> Microsoft product and Linux has nothing to be proud of
> amicus> other than being ignored by the attacker.
>
> Then, I have to ask why Linux is being ignored. Maybe, the hackers
> consider hacking into a Linux system to be "out of scope", because
> it's too difficult?
>
> (Many book authors do pull out (usually, appropriately) the "out of
> scope" card to avoid discussing into details of complicated things
> that are too difficult and hence "uninteresting" or distracting to the
> readers.)[/color]
Linux boxes are the most prized boxes for crackers, & are often a *more*
attractive target than windoze ones. The reason they don't bother trying to
crack them, is because Linux boxes are *much* harder to crack than Windoze
ones. If this wasn't the case, are all the security experts wrong?
Anyway, anything said by amicus curious - Bill Wiesberger can be dismissed, as
he's a shill for M$ with no credibility.
--
Mandriva - 2008.1 - RC2 - 64bit OS.
COLA trolls: [url]http://colatrolls.blogspot.com/[/url]
Doug Mentohl wrote:[color=blue]
> "The Linux fans will be thrilled to find out that their favorite
> operating system have proved the safest at the contest organized this
> week by the security firm TippingPoint"
>
> [url]http://www.efluxmedia.com/news_Linux_Unhackable_At_TippingPoint_Contest_15743.html[/url][/color]
Mental forgot the "Ubuntu community had to yank five of the eight
Ubuntu-hosted community servers sponsored by Canonical offline Aug. 6 after
discovering that the servers had been hijacked and were attacking other
machines."
[url]http://www.eweek.com/c/a/Security/Ubuntu-Servers-Hijacked-Used-to-Launch-Attack/[/url]
On Tue, 1 Apr 2008 09:45:06 -0500, DFS wrote:
[color=blue]
> Doug Mentohl wrote:[color=green]
>> "The Linux fans will be thrilled to find out that their favorite
>> operating system have proved the safest at the contest organized this
>> week by the security firm TippingPoint"
>>
>> [url]http://www.efluxmedia.com/news_Linux_Unhackable_At_TippingPoint_Contest_15743.html[/url][/color]
>
>
> Mental forgot the "Ubuntu community had to yank five of the eight
> Ubuntu-hosted community servers sponsored by Canonical offline Aug. 6 after
> discovering that the servers had been hijacked and were attacking other
> machines."
>
> [url]http://www.eweek.com/c/a/Security/Ubuntu-Servers-Hijacked-Used-to-Launch-Attack/[/url][/color]
Probably because Roy Schestowitz's web site infected them somehow.
Ever notice how Schestowitz shills Ubuntu all over digg.com?
Interesting isn't it?
--
Moshe Goldfarb
Collector of soaps from around the globe.
Please visit The Hall of Linux Idiots:
[url]http://linuxidiots.blogspot.com/[/url]
>>>>> "William" == William Poaster <wp@leafnode.amd64.eu> writes:
William> Linux boxes are the most prized boxes for crackers,
Of course, Linux is a very useful *tool* for crackers and hackers,
because of its flexibility and rich of functions.
William> & are often a *more* attractive target than windoze
William> ones.
No. Linux is not an attractive target for attacking, because of the
very strong protection mechanisms (e.g. file permissions, process
isolation, etc.). It is a *challenging* target, but not very
attractive because it's too difficult.
William> The reason they don't bother trying to crack them, is
William> because Linux boxes are *much* harder to crack than
William> Windoze ones.
So, Linux is not as attractive as a target, because makes the task too
difficult (but really *challenging* and interesting).
--
Lee Sau Dan §õ¦u´° ~{@nJX6X~}
E-mail: [email]danlee@informatik.uni-freiburg.de[/email]
Home page: [url]http://www.informatik.uni-freiburg.de/~danlee[/url]
On 31 Mar, 14:02, "amicus 'funkentroll in disguise' curious" wrote:[color=blue]
> "Doug Mentohl" wrote in message[/color]
[color=blue]
> You are starting to take lessons from Shestowicz, I see. *A more carefulsearch on the matter shows ..[/color]
Like where, I quoted the article, how does a twisted lowlife **** like
yourself spin this ito an attack on 'Shestowicz'. Kindly address the
contents of a post instead of attacking someone not called 'Doug
Mentohl' ...
"Doug Mentohl" <doug_mentohl@linuxmail.org> wrote in message
news:b9462611-c298-4593-b442-058f1f4dc3af@q27g2000prf.googlegroups.com...
On 31 Mar, 14:02, "amicus 'funkentroll in disguise' curious" wrote:[color=blue]
> "Doug Mentohl" wrote in message[/color]
[color=blue]
> You are starting to take lessons from Shestowicz, I see. A more careful
> search on the matter shows ..[/color]
Like where, I quoted the article, how does a twisted lowlife **** like
yourself spin this ito an attack on 'Shestowicz'. Kindly address the
contents of a post instead of attacking someone not called 'Doug
Mentohl' ...
Surely you are just being coy. My post was obviously no attack on
Shestowicz, he has already established himself as a laughingstock. I was
chiding you for not being fully candid about the details of the hacking test
you cited. Since he is the stereotype for such behavior, I alluded to it.
And I did address the contents of your post, clearly showing where you were
being disingenuous, and I note that you have no defense for your conduct in
not disclosing the details of the matter.
On 2008-04-01, DFS <nospam@dfs_.com> wrote:[color=blue]
> Doug Mentohl wrote:[color=green]
>> "The Linux fans will be thrilled to find out that their favorite
>> operating system have proved the safest at the contest organized this
>> week by the security firm TippingPoint"
>>
>> [url]http://www.efluxmedia.com/news_Linux_Unhackable_At_TippingPoint_Contest_15743.html[/url][/color]
>
>
> Mental forgot the "Ubuntu community had to yank five of the eight
> Ubuntu-hosted community servers sponsored by Canonical offline Aug. 6 after[/color]
...which means squat to most end users, or even most server admins
who are not in the habit of going out of their way to run dodgey PHP apps.
[color=blue]
> discovering that the servers had been hijacked and were attacking other
> machines."
>
> [url]http://www.eweek.com/c/a/Security/Ubuntu-Servers-Hijacked-Used-to-Launch-Attack/[/url]
>
>
>[/color]
--
Metallica is not worth the ruination of someone |||
who has pirated their music / | \
Posted Via Usenet.com Premium Usenet Newsgroup Services
----------------------------------------------------------
** SPEED ** RETENTION ** COMPLETION ** ANONYMITY **
----------------------------------------------------------
[url]http://www.usenet.com[/url]
JEDIDIAH wrote:[color=blue]
> On 2008-04-01, DFS <nospam@dfs_.com> wrote:[color=green]
>> Doug Mentohl wrote:[color=darkred]
>>> "The Linux fans will be thrilled to find out that their favorite
>>> operating system have proved the safest at the contest organized
>>> this week by the security firm TippingPoint"
>>>
>>> [url]http://www.efluxmedia.com/news_Linux_Unhackable_At_TippingPoint_Contest_15743.html[/url][/color]
>>
>>
>> Mental forgot the "Ubuntu community had to yank five of the eight
>> Ubuntu-hosted community servers sponsored by Canonical offline Aug.
>> 6 after[/color]
>
> ...which means squat to most end users, or even most server admins
> who are not in the habit of going out of their way to run dodgey PHP
> apps.[/color]
minimize the problem? check.
blame anything but Linux or Linux admins? check.
Great "advocacy", JED!
[color=blue][color=green]
>> discovering that the servers had been hijacked and were attacking
>> other machines."
>>
>> [url]http://www.eweek.com/c/a/Security/Ubuntu-Servers-Hijacked-Used-to-Launch-Attack/[/url][/color][/color]
"DFS" <nospam@dfs_.com> wrote in message
news:UtXIj.16579$%15.12882@bignews7.bellsouth.net...[color=blue]
> JEDIDIAH wrote:[color=green]
>> On 2008-04-01, DFS <nospam@dfs_.com> wrote:[color=darkred]
>>> Doug Mentohl wrote:
>>>> "The Linux fans will be thrilled to find out that their favorite
>>>> operating system have proved the safest at the contest organized
>>>> this week by the security firm TippingPoint"
>>>>
>>>> [url]http://www.efluxmedia.com/news_Linux_Unhackable_At_TippingPoint_Contest_15743.html[/url]
>>>
>>>
>>> Mental forgot the "Ubuntu community had to yank five of the eight
>>> Ubuntu-hosted community servers sponsored by Canonical offline Aug.
>>> 6 after[/color]
>>
>> ...which means squat to most end users,[/color][/color]
Which means that it's vulnerable, it was hacked, and it took a while for
Canonical to discover that it's own servers were attacking each other. Just
because "every user" wasn't affected doesn't make it any less important.
[color=blue][color=green]
>> or even most server admins
>> who are not in the habit of going out of their way to run dodgey PHP
>> apps.[/color][/color]
Sounds to me like a variant of the "linux is just the kernel" defense. Why
haven't all these eyeballs found and fixed these PHP bugs?
[color=blue]
> minimize the problem? check.
> blame anything but Linux or Linux admins? check.
>
> Great "advocacy", JED![/color]
It's the users fault. Linux is just the kernel. So what, most people don't
use *that* feature.
[color=blue]
>[color=green][color=darkred]
>>> discovering that the servers had been hijacked and were attacking
>>> other machines."
>>>
>>> [url]http://www.eweek.com/c/a/Security/Ubuntu-Servers-Hijacked-Used-to-Launch-Attack/[/url][/color][/color]
>
>[/color]
--
Posted via a free Usenet account from [url]http://www.teranews.com[/url]
On Wed, 2 Apr 2008 22:41:32 -0500, DFS wrote:
[color=blue]
> JEDIDIAH wrote:[color=green]
>> On 2008-04-01, DFS <nospam@dfs_.com> wrote:[color=darkred]
>>> Doug Mentohl wrote:
>>>> "The Linux fans will be thrilled to find out that their favorite
>>>> operating system have proved the safest at the contest organized
>>>> this week by the security firm TippingPoint"
>>>>
>>>> [url]http://www.efluxmedia.com/news_Linux_Unhackable_At_TippingPoint_Contest_15743.html[/url]
>>>
>>>
>>> Mental forgot the "Ubuntu community had to yank five of the eight
>>> Ubuntu-hosted community servers sponsored by Canonical offline Aug.
>>> 6 after[/color]
>>
>> ...which means squat to most end users, or even most server admins
>> who are not in the habit of going out of their way to run dodgey PHP
>> apps.[/color]
>
> minimize the problem? check.
> blame anything but Linux or Linux admins? check.
>
> Great "advocacy", JED![/color]
Jedi doesn't advocate Linux he writes books for DR Seuss.
--
Moshe Goldfarb
Collector of soaps from around the globe.
Please visit The Hall of Linux Idiots:
[url]http://linuxidiots.blogspot.com/[/url]
On 2 Apr, 19:20, "amicus_curious" I run and hide wrote:[color=blue]
> I was chiding you for not being fully candid about the details of the hacking test you cited ..[/color]
[color=blue]
> And I did address the contents of your post, clearly showing where you were being disingenuous ..[/color]
Like where in this post did I was 'disingenuous'
I quoted an article ..
[url]http://groups.google.co.uk/group/comp.os.linux.advocacy/msg/33dbb1821e7f3be4[/url]
You are merely being your usual dishonest, disingenuous, offencive
cunt, as usual ..
"Doug Mentohl" <doug_mentohl@linuxmail.org> wrote in message
news:6ffba12d-6dff-4ffc-a3e0-205f2510a0b1@s13g2000prd.googlegroups.com...[color=blue]
> On 2 Apr, 19:20, "amicus_curious" I run and hide wrote:[color=green]
>> I was chiding you for not being fully candid about the details of the
>> hacking test you cited ..[/color]
>[color=green]
>> And I did address the contents of your post, clearly showing where you
>> were being disingenuous ..[/color]
>
> Like where in this post did I was 'disingenuous'
>
> I quoted an article ..
>[/color]
But not the whole article and also not other articles that contained more
pertinent information. That is being disingenuous, i.e. false, misleading.
On 3 Apr, 15:46, "amicus_curious" wrote:
[color=blue]
> But not the whole article and also not other articles that contained more pertinent information. *That is being disingenuous, i.e. false, misleading..[/color]
What more 'pertinent information' are you refering to ...
You're gone beyone a joke, fuddie, your now just being pathetic ..
On 2008-04-03, Ezekiel <a@b.com> wrote:[color=blue]
>
> "DFS" <nospam@dfs_.com> wrote in message
> news:UtXIj.16579$%15.12882@bignews7.bellsouth.net...[color=green]
>> JEDIDIAH wrote:[color=darkred]
>>> On 2008-04-01, DFS <nospam@dfs_.com> wrote:
>>>> Doug Mentohl wrote:
>>>>> "The Linux fans will be thrilled to find out that their favorite
>>>>> operating system have proved the safest at the contest organized
>>>>> this week by the security firm TippingPoint"
>>>>>
>>>>> [url]http://www.efluxmedia.com/news_Linux_Unhackable_At_TippingPoint_Contest_15743.html[/url]
>>>>
>>>>
>>>> Mental forgot the "Ubuntu community had to yank five of the eight
>>>> Ubuntu-hosted community servers sponsored by Canonical offline Aug.
>>>> 6 after
>>>
>>> ...which means squat to most end users,[/color][/color]
>
> Which means that it's vulnerable, it was hacked, and it took a while for
> Canonical to discover that it's own servers were attacking each other. Just
> because "every user" wasn't affected doesn't make it any less important.[/color]
It makes it important in the same way that the traditional
problems with BIND and sendmail are important.
[color=blue]
>[color=green][color=darkred]
>>> or even most server admins
>>> who are not in the habit of going out of their way to run dodgey PHP
>>> apps.[/color][/color]
>
> Sounds to me like a variant of the "linux is just the kernel" defense. Why
> haven't all these eyeballs found and fixed these PHP bugs?[/color]
You might as well ask why buffer overflows still happen.
[color=blue]
>
>[color=green]
>> minimize the problem? check.
>> blame anything but Linux or Linux admins? check.
>>
>> Great "advocacy", JED![/color]
>
> It's the users fault. Linux is just the kernel. So what, most people don't
> use *that* feature.[/color]
Sometimes it is the users fault. It's stupid to deny it. Denying
such things make it harder to spell out sane computing practices and
things that should be avoided.
Without this, morons like you would still be running around with
versions of sendmail that could bring down the entire net regardless
of which "kernel" was running underneath.
[deletia]
The nice thing about being free to choose your tools without
some Lemming whining at you about the mandatory flavor of the
month is that you can blacklist the crap (like IE and msoffice)
and avoid it.
PHP for all practical purposes is a 3rd party app. The fact
that you can root it is about as relevant as the fact that you
can root AutoCAD on Windows.
--
The average IT manager is a less effective mentor than a
Spongebob Squarepants cartoon.
Posted Via Usenet.com Premium Usenet Newsgroup Services
----------------------------------------------------------
** SPEED ** RETENTION ** COMPLETION ** ANONYMITY **
----------------------------------------------------------
[url]http://www.usenet.com[/url]
"Doug Mentohl" <doug_mentohl@linuxmail.org> wrote in message
news:e7404156-dab8-40a1-bc70-
[color=blue]
>What more 'pertinent information' are you refering to ...[/color]
1. The part where it was acknowledged that Windows and Ubuntu were not
compromised in their native versions as installed, ie. Windows didn't break.
2. The part where the problem was with Adobe Flash and Java, not with
Windows.
3. The part where the perpetrator of the hack allowed that it would work
against Ubuntu as well as Vista, but he like Vista better, which was part of
the prize he got for winning.
On 3 Apr, 20:23, "amicus_curious" wrote:
[color=blue]
> 1.[/color]
[color=blue]
> 2.[/color]
[color=blue]
> 3.[/color]
How does any of 1, 2, 3 invalidate ...
"The Linux fans will be thrilled to find out that their favorite
operating system have proved the safest at the contest organized this
week by the security firm TippingPoint"
Oh and 'Vindows' did break .. :)
"In the third and final day Shane Macaulay from Security Objectives
won the Fujitsu U810 laptop running Vista Ultimate SP1"
On 2008-04-03, amicus_curious <ACDC@sti.net> wrote:[color=blue]
>
> "Doug Mentohl" <doug_mentohl@linuxmail.org> wrote in message
> news:e7404156-dab8-40a1-bc70-
>[color=green]
>>What more 'pertinent information' are you refering to ...[/color]
>
> 1. The part where it was acknowledged that Windows and Ubuntu were not
> compromised in their native versions as installed, ie. Windows didn't break.
>
> 2. The part where the problem was with Adobe Flash and Java, not with
> Windows.[/color]
Anymore the Windows kernel isn't the problem. It's been this way
for awhile. The apps are the problem and Microsoft led the way in
doing really stupid things at the app level.
This isn't even getting into bugs.
Bugs in Flash or Java are a serious problem since they are
so widely used. This does lead to the question of why these
bugs aren't manifesting in Linux and OS/X and causing similar
problems.
[color=blue]
>
> 3. The part where the perpetrator of the hack allowed that it would work
> against Ubuntu as well as Vista, but he like Vista better, which was part of
> the prize he got for winning.
>[/color]
--
Oracle... can't live with it... |||
/ | \
can't just replace it with postgres...
Posted Via Usenet.com Premium Usenet Newsgroup Services
----------------------------------------------------------
** SPEED ** RETENTION ** COMPLETION ** ANONYMITY **
----------------------------------------------------------
[url]http://www.usenet.com[/url]