[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

[OT] Security (Re: Managing Innovation)

  • To: xml-dev@l...
  • Subject: [OT] Security (Re: Managing Innovation)
  • From: Joe English <jenglish@f...>
  • Date: Wed, 01 Oct 2003 09:01:24 -0700
  • In-reply-to: <830178CE7378FC40BC6F1DDADCFDD1D1CEBC0B@R...>
  • References: <830178CE7378FC40BC6F1DDADCFDD1D1CEBC0B@R...>

ot security

Dare Obasanjo wrote:
> > From: Joe English
> > True, Unix has had a fairly good track record of security --
> > there have only been a handful of Code
> > Red/NIMDA/Blaster/Sobig/SWEN/ etc., etc., etc.,
> > bring-down-the-entire-internet scale security breaches that I
> > can think of -- the Morris Worm in 1988, that Apache exploit
> > in 2002 --
>
> True, most people who exploit Unix machines prefer to use them as zombie
> machines for DDos attacks instead of the network abusing type of
> exploits that tend to show up on the Windows platform.

[ Actually, it looks like SOBIG-infected machines are also being
  used as DDoS attack zombies.  That and open relays for spam. ]

> Like I said, this
> reflects more on the level of sophistication of its users and market
> share than about the quality of its security model.


The fact that one of those systems has traditionally *had*
a security model counts for something too, I suspect.

Also: when a Unix box gets rooted, it's usually -- not
always, but usually -- because of an exploitable bug
found in poorly-written system software.

Windows boxes suffer their share of the same kind of
problem, but they are also subject to things like SWEN
and Word macro viruses, which are able to spread because
*the system is working exactly as designed*.

(And don't give me the usual crap about how SWEN et al.
are merely social engineering exploits.  It is the design
of Windows in general, and Outlook in particular, that
makes it possible for SWEN-style attacks to be as wildly
successful as they have been.  Social engineering can only
get SWEN onto a naive user's hard drive, or a virus-bearing
document into Word.  Once there they can take over the host,
and that's because of Microsoft engineering.)


--Joe English

  jenglish@f...

PURCHASE STYLUS STUDIO ONLINE TODAY!

Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced!

Buy Stylus Studio Now

Download The World's Best XML IDE!

Accelerate XML development with our award-winning XML IDE - Download a free trial today!

Don't miss another message! Subscribe to this list today.
Email
First Name
Last Name
Company
Subscribe in XML format
RSS 2.0
Atom 0.3
 

Stylus Studio has published XML-DEV in RSS and ATOM formats, enabling users to easily subcribe to the list from their preferred news reader application.


Stylus Studio Sponsored Links are added links designed to provide related and additional information to the visitors of this website. they were not included by the author in the initial post. To view the content without the Sponsor Links please click here.

Site Map | Privacy Policy | Terms of Use | Trademarks
Free Stylus Studio XML Training:
W3C Member
Stylus Studio® and DataDirect XQuery ™are products from DataDirect Technologies, is a registered trademark of Progress Software Corporation, in the U.S. and other countries. © 2004-2013 All Rights Reserved.