[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] What is wrong with schools these days?

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] What is wrong with schools these days?
From: Peter Besenbruch <prb@xxxxxxxx>
Date: Tue, 25 Apr 2006 11:20:21 -1000

Paul Schmehl wrote:

That's hilarious. The number one defaced website OS is Linux. (SeeZone-H.org if you don't believe me.)


No, their data shows Windows has the lead there, at least on page one.

Ask them what that little red ball with the X in it is - you know - theone flashing up there in the taskbar- and they'll say I dunno.

As a Debian user, I don't get those flashing, red balls. That means I'msafe. ;)

No OS is secure by default. No OS can remain secure if it's notproperly configured and maintained. Look at your box right now. Howmany of you have inetd or xinetd running? Why? What services does itprovide that you need? Do you even know what chargen or rpc.statd is?If not, why are they running (if they are)? How many of you have aworkstation running with more than just ssh enabled and *no* firewallrunning?

Here is the real reason for my post. Inetd runs when it is told tolisten for connections. In my case, it ran to listen on behalf of VMwareServer, which I no longer have installed. The program that inetd wouldhave invoked was no longer there. I commented out the line in/etc/inetd.conf and killed inetd. Thanks for mentioning that; you mademe look.

You name the OS, and I can tell you of at least one incident of hacking.We haven't had a Windows box hacked in a long time. The last five weretwo Macs and three RedHat boxes. Does that mean Macs and RedHat areinsecure? NO! It means, until the general public understands theproblem and knows what the solution is, hacking will continue apace withno sign of letting up.


Agreed, yet I would have a bone or two to pick.

I have a neighbor who has hosed two Windows systems through infections.He tried hard to hose the Linux side of things, but, as he was clueless,he couldn't make the worms he saved to disk executable.

I have sent my daughter to school with a laptop and no firewall on it (Idon't have the network details for what to allow). Instead, I usedSynaptic to do an in depth search for the word "server" and removed abunch of packages. Is ssh installed? Sure, but just the client. IsSamba? Just enough to query her school's system, no server. KDE filesharing? It has to be installed before you can configure it. You get theidea.

My daughter's computer runs cleanly, and nothing strange has shown up.Her friends complain a lot about pop-ups that they didn't used to get.

Another neighbor had two daughters that kept getting their Windowsmachines infected. They didn't know how it happened. I switched them toLinux, and the infections stopped. I got a clue when one of them called,asking how to install "free" software from some Web site.

Clueless people will always be with us. No OS is going to keep themsafe, but some may do a better job than others. You seem successful inmanaging Windows boxes, but my experience is the opposite. Thosedaughters who kept getting their computer infected? They never were toldthe root password. It also meant a lot that they couldn't just doubleclick something and have it run. Such a simple difference in design canmean the world.

I have relatives who switched to a Mac. They never questioned why ittook 45 minutes to check their e-mail with their old computer over abroadband connection, and were amazed that it took a couple of secondswith the new one. So far, it still takes a couple of seconds.

Linux can be hacked, but the vectors differ from Windows, and arenarrower. E-mail worms will never take off. Web site remote exploits maywork somewhat better. The big vulnerability on Linux comes when you runservers that allow external connections. My experience with Redhat islimited, but it struck me as a distribution that installed the kitchensink. That can lead to trouble in inexperienced hands. Redhat isn't thateasy to set up, either, yet I am amazed that someone installed it, anddidn't know what that flashing, red, thingy was down in the task bar.

The real problem is ignorance.


Along with bad design.

--
Hawaiian Astronomical Society: http://www.hawastsoc.org
HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] What is wrong with schools these days?
  - From: Valdis . Kletnieks
- RE: [Full-disclosure] What is wrong with schools these days?
  - From: John Lightfoot

References:
- re: [Full-disclosure] What is wrong with schools these days?
  - From: CrYpTiC MauleR
- Re: [Full-disclosure] What is wrong with schools these days?
  - From: Paul Schmehl

Prev by Date: RE: [Full-disclosure] What is wrong with schools these days?
Next by Date: Re: [Full-disclosure] What is wrong with schools these days?
Previous by thread: Re: [Full-disclosure] What is wrong with schools these days?
Next by thread: Re: [Full-disclosure] What is wrong with schools these days?
Index(es):
- Date
- Thread