[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] Operating Systems Security, "Microsoft Security, baby steps"

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: RE: [Full-Disclosure] Operating Systems Security, "Microsoft Security, baby steps"
From: Luke Scharf <lscharf@xxxxxxxxxx>
Date: Fri, 19 Mar 2004 09:15:21 -0500

On Fri, 2004-03-19 at 01:49, Todd Burroughs wrote:
> Wasn't that something that MS tried to say, the "hackers" are reverse
> engineering our patches?  That was funny, but the sad thing is that a
> lot of people will believe it.

I have no doubt that people reverse engineer their patches.

However, saying "hackers ONLY reverse engineer our patches" is a lot
different from saying "one possible technique for abusing a Windows
system is to look for problems by reverse engineering out patches."

Biiiiiiig difference.  Driving while sloshed is one possible way to get
hurt while driving a car, but certainly not the only way.

> What I meant is that you can most likely actually use the Internet to get
> patches with a fresh install before you get taken over, not that somehow
> UNIX-like systems make patches before the exploits are out there and being
> used ;-)  It's quite apparent by other threads on the list that this is
> not generally the case with Windows.  Just being patched doesn't mean
> that you are safe, but it's better than running well known security holes.

For the last couple of years (maybe longer?) RedHat Linux (and recently
Fedora) have been shipping with a built-in firewall that enabled by
default.

If you don't know it's there, the it should certainly be enabled!  :-) 
And if you decide to turn it off, you have to at least justify the
effort to run /usr/sbin/lokkit.

I hear that some BSD's do something similar.

> Obviously, if you go on the Net with all services running, especially
> on an unpatched box, you're gonna get rooted pretty quickly.

Yup.  Last I checked, Sun does it this way...  Yay!  Fortunately,
they're a smaller target, and ppro is decent.  But, it still takes me a
few minutes to turn off all of the unnecessary stuff before I can begin
the real work of setting up a useful system (and re-enabling anything
that I actually need).

-Luke

-- 
Luke Scharf, Systems Administrator
Virginia Tech Aerospace and Ocean Engineering

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- RE: [Full-Disclosure] Operating Systems Security, "Microsoft Security, baby steps"
  - From: Schmehl, Paul L
- RE: [Full-Disclosure] Operating Systems Security, "Microsoft Security, baby steps"
  - From: Todd Burroughs

Prev by Date: RE: [Full-Disclosure] Re: Administrivia
Next by Date: OT: Re: [Full-Disclosure] Re: Administrivia
Previous by thread: RE: [Full-Disclosure] Operating Systems Security, "Microsoft Security, baby steps"
Next by thread: Re: [Full-Disclosure] Operating Systems Security, "Microsoft Security, baby steps"
Index(es):
- Date
- Thread