[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] RE: Linux (in)security

To: "Schmehl, Paul L" <pauls@utdallas.edu>
Subject: Re: [Full-Disclosure] RE: Linux (in)security
From: Kenton Smith <ksmith@chartwelltechnology.com>
Date: 22 Oct 2003 11:17:44 -0600

What I find interesting about this is that the survey was done by a
company that sells security services. And of course I'm sure the news
release was put out by them as well.
Why not show in-house IT staff as being just as stupid as any other
user.
Sales pitch; "You need our services because your administrator was
tricked into giving his password in an online survey."

On Wed, 2003-10-22 at 08:12, Schmehl, Paul L wrote:
> > -----Original Message-----
> > From: Peter Busser [mailto:peter@adamantix.org] 
> > Sent: Wednesday, October 22, 2003 3:10 AM
> > To: full-disclosure@lists.netsys.com
> > Subject: Linux (in)security (Was: Re: [Full-Disclosure] Re: 
> > No Subject)
> > 
> > In general people seem to believe that Linux is either secure 
> > or can be made secure by removing packages and unused 
> > services. This believe that Linus is already secure makes 
> > people uninterested in security. Why improve something that 
> > is already sufficient? Besides that, it is more rewarding to 
> > write a new window manager providing more and faster flashy 
> > eye candy than to fix potential memory allocation problems 
> > that noone ever notices. Well, until it becomes a problem that is.
> 
> Is it any wonder?  With thousands of rabid slash dotters cajoling their
> friends into switching to Linux because "it's secure out of the box" and
> "it can't be infected like Windows", what would anyone expect?  The same
> idiots that can't keep a Windows box from being owned are now using
> Linux.  And the result is the same.
> 
> Now, lest you get your hopes up and think it's possible to change the
> world, read this:
> 
> http://www.ukauthority.com/articles/story898.asp
> 
> After reading this, I had a good cry and then took some aspirin.  :-(
> 
> Paul Schmehl (pauls@utdallas.edu)
> Adjunct Information Security Officer
> The University of Texas at Dallas
> AVIEN Founding Member
> http://www.utdallas.edu/~pauls/
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] RE: Linux (in)security
  - From: Robert Brockway <robert@timetraveller.org>

References:
- [Full-Disclosure] RE: Linux (in)security
  - From: "Schmehl, Paul L" <pauls@utdallas.edu>

Prev by Date: [Full-Disclosure] WSTI03 Honeypots conference
Next by Date: Re: [Full-Disclosure] RE: Linux (in)security
Previous by thread: [Full-Disclosure] Re: Linux Exec Shield (was: Linux (in)security)
Next by thread: Re: [Full-Disclosure] RE: Linux (in)security
Index(es):
- Date
- Thread