lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 21 Nov 2011 12:24:03 +0000
From: Darren Martyn <d.martyn.fulldisclosure@...il.com>
To: "Jason A. Donenfeld" <Jason@...c4.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Ubuntu 11.10 now unsecure by default

Jason has a good point. Now to make a simple statement - I am not (nor was
I) agreeing with the Ubuntu bashing in this, merely stating a point that it
puts user friendliness over security AT TIMES. I only switched distro for I
had... Disagreements... with Ubuntu's Wireless stack in installations more
recent than 10.04LTS.

I still run 10.04 "Netbook Remix" on the occasion that I have access to a
netbook (I no longer own even a desktop) and like it, it does the bloody
job, is easy to install rapidly, and does not require much fucking about
with. Sure, the purists may demand one compiles kernel from source, reads
parts (or all) of the src to look for POSSIBLE bugs, etc, and "builds their
own Linux", but I find that 8/10 times that is impractical, an unnecessary
complication, or merely too time consuming.

Just as an aside, my goal once I aquire my own computer (or rather, a
replacement for the boxes I no longer have) is to do the following:
1) Read the latest kernels source over a long period of time, looking for
bugs and to get a better understanding of how it works on that level
2) Build my own distro
3) Write my own network manager based off the LORCON/MadWiFi drivers (using
PyLORCON bindings) for the GNOME interface to replace the not-reliable
"network manager" applet.

Is there anyone else on the list with similar aspirations to understand the
underlying OS on that level or is everyone content with simply bitching
about distros?

On Mon, Nov 21, 2011 at 10:27 AM, Jason A. Donenfeld <Jason@...c4.com>wrote:

> Hello Full Disclosure Hysterics & Friends,
>
> I have now read through five dozen complaints about how Ubuntu
> is fundamentally an "unsecure" operating system, filled with more holes
> than Swiss cheese.
>
> If somebody could direct me toward a local root exploit against a fully
> up-to-date Ubuntu 11.04 or 11.10 that attacks a piece of software that is
> installed by default, I would be most impressed and persuaded by your
> assertions, as well as being very appreciative.
>
> Thank you,
> Management
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
My Homepage :D <http://compsoc.nuigalway.ie/%7Einfodox>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ