Email: Password: Remember Me | Create Account (Free)

Back to Subject List

Old thread has been locked -- no new posts accepted in this thread
???
11/17/07 20:13
Read: times


 		 #147138 - Concur
Responding to: ???'s previous message
Joseph Hebert said:
I submit that just because they're the biggest websites doesn't make them the biggest targets. I tend to agree that Windows is most targeted because it's the most prevalent.


I agree with your assessment of why Windows is targeted the most. It has the biggest base of users that don't know squat about security. If Linux penetration were at even 50%, a large enough population of non-security conscious people would be using Linux, too, and it would be targeted.

I was surprised my Linux box was targeted. Between what I perceived as better security and Linux and the relatively low ROI for finding and hacking a Linux box when you could just email a virus/trojan to a million Windows users, I was surprised by the fact that my Linux box was rooted. The root password was such that I'm quite sure it was not guessed. They got in some way that bypassed the need for a password. To this day I don't know how, but it definitely taught me that the relative obscurity and low number of users of Linux is not enough to keep hackers disinterested. It also taught me that Linux isn't all that secure because given the password I was using, some weakness in the OS (or in one of the dozens of free apps that get installed with it by default) let that hacker in password-free.

Joseph Herbert said:
Have you ever read "The Cuckoo's Egg?"


Excellent book. A friend loaned it to me over a decade ago and just a few weeks ago, on a cold and rainy day when my wife was out of town and I felt like relaxing, I went down to the bookstore and bought myself a copy and read it straight through. A very readable book for a geek. :)

I wish I had a job where someone paid me to track down lowlife hacker scum. These days, though, it's just accepted as the norm and you generally just close the hole and hope they'll move on to some other target rather than tracking them down.

But as I understand it, the truth is that the actual vector of attack is the attachment, not the email itself. And the attachment can't do anything until and unless you open it.


That's my understanding as well. I know that Outlook had problems years ago with auto-displaying attachments and that was a dangerous approach. I avoided all email programs that used the IE-rendering engine like the plague. My understanding is that that problem has long since been fixed. But regardless, that's a problem with the application, not the OS.

And there is one other problem I see with one of the arguments proffered here. It has been suggested that since everybody has access to the source code, security patches would be much more quickly realized. But who would actually, intentionally, modify their OS with something that was "making the email rounds?" And if it became the norm to do so, how long would it take the hackers to exploit this new behavior as a vector of attack?


Very true. Microsoft might take weeks or even months to respond to a problem, but once they do they auto-patch virtually everyone. Unless you're a full-time geek or in a full-time job that is to maintain your box's integrity, it would normally take most "normal" users far longer than that to recompile their operating system--if they even knew what that meant.

Regards,
Craig Steiner


List of 36 messages in thread
TopicAuthorDate
Says it better than I can            01/01/70 00:00      
   re 'evangelism'            01/01/70 00:00      
      So limited            01/01/70 00:00      
         I believe it's obvious            01/01/70 00:00      
         If YOU would read what I posted            01/01/70 00:00      
      Wine and VirtualBox            01/01/70 00:00      
         and you suggest that for DEVELOPMENT???            01/01/70 00:00      
   Don't know about Linux but love your D52.EXE            01/01/70 00:00      
      Why ?            01/01/70 00:00      
   What makes Linux less vunerable?            01/01/70 00:00      
      Design            01/01/70 00:00      
         that's great, but ...            01/01/70 00:00      
            Yes, it is            01/01/70 00:00      
               Huh?            01/01/70 00:00      
                  Re: Huh?            01/01/70 00:00      
                     Linux vs Windows            01/01/70 00:00      
                        What sort of Linux do you have, Craig?            01/01/70 00:00      
                        Oh yea ?            01/01/70 00:00      
                           True            01/01/70 00:00      
                           Looks like...            01/01/70 00:00      
         Security            01/01/70 00:00      
         AMEN!            01/01/70 00:00      
         Everybody should use linux!            01/01/70 00:00      
            Linux attacks            01/01/70 00:00      
               Not Targets            01/01/70 00:00      
                  Caveat Emptor            01/01/70 00:00      
                     email vulnerability            01/01/70 00:00      
                        Kleinstein            01/01/70 00:00      
                  Linux is the "solution" ... for now ...            01/01/70 00:00      
                  Concur            01/01/70 00:00      
                     Layers            01/01/70 00:00      
                        Perhaps            01/01/70 00:00      
                           Separation            01/01/70 00:00      
   If Linux was an airline            01/01/70 00:00      
      Keep reading            01/01/70 00:00      
   Bad logic            01/01/70 00:00      

Back to Subject List