On Thu, 13 Dec 2001, Gil Andre wrote: > The "scriptkiddies" are the users. The people who write the > scripts are, themselves, much more talented. Most of the time > they *do* *not* use their own scripts to do damage. They just > discover a security problem, test it a couple of times, write > a script to prove that it is a real and present danger (and not > just a theoretical one) and send the whole thing to the > software company and to some security web site, such as BugTraq. I know, therfore the "attackers" of shellworld can be defined in the kiddie-cat > Actually, Microsoft usually reacts pretty quickly. The problem > is the sheer number of security problems discovered every week. > And also the fact that MS Windows is such a huge beast that one > patch may well create new security issues or even break Windows > down... This has happened recently. And the number of patches > means most administrators do not have enough time to apply them > all to all their machines -- leaving servers exposed to worms, > viruses and script kiddies. In short: windows is too big, incorporates too much in too many lines of code intangled in just ONE os ;) > True. I was only giving Sun as an example of a big company that > was very slow to patch their security problems. Their situation > has improved somehow in the last few years, though. ok > True, but NetBSD is not designed, first and foremost, with > security in mind. OpenBSD is NetBSD + several years of > security auditing of the source code. NetBSD has got an > excellent track record, though, but its emphasis is on > portability, not security. Thanx, didn't know this. > That's the problem with Linux: most distributions install way too > many services on a machine. by default (RH Mandrake, Suse) > In my opinion, a workstation should have OpenSSH enabled (for > distant administration) and not anything else. Debina closes ssh for root login, although I think with OpenSSH for protocol 2 they changed it. > Most Linux distributions, trying to help the beginner user, throw > in lpr, bind, Apache, FTP, telnet, NFS, etc, etc... All of which > make a machine very insecure. I know, question is what does a beginner even want with all these service. He/She probably will not even use them. > Which is why BSD has a small edge over Linux in this regard: in > a BSD system you have to activate all the services you want to > run -- the rest are inactive by default, which makes the machine > a little harder to configure but much more secure by default. Look at the debian-baseinstall, no services included by default at all ;) > "Computer Forensics", meaning understanding what went wrong and > what the "hacker" did to the machines he/she attacked is a very > difficult subject. Especially if a "root kit" (compromised > binaries) was installed... You should attend Sane2002 (http://www.sane2002.nl) if they have the Blackhead session again ;) > Regards, > > _______________________________________________ > > Gil Andre -- Technical Writer -- Knox Software > gandre@arkeia.com > _______________________________________________ > > > > _______________________________________________ > > Blinux-list@redhat.com > https://listman.redhat.com/mailman/listinfo/blinux-list > -- slainte mhaith (good health), slainte (cheers) Uisce Beatha (water of live/health) ----------- Andor Demarteau E-mail: ademarte@students.cs.uu.nl student computer science www: http://www.students.cs.uu.nl/~ademarte/ Utrecht University irc: see webpage for details ----------- Believe in yourself, know what you want, and make it happen!