| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: khermansen at ht-technology.com (Kristian Hermansen) Subject: [inbox] Re: CyberInsecurity: The cost of Monopoly Just my two cents, but the number of patches does NOT necessarily equate to platform stability. If you had more people researching Netware flaws (since the percentage of people using it is so low in comparison), I'm sure your theory would deflate. I'm not saying that Windows is secure in the least, but I think that every corporation trades off the cost of secure/quality code for insecure/sloppy feature sets. The reason that MOST people look to exploit software/OS's is so that they can gain priviledges on the system. Windows machines make up 90-95% of the systems on the internet, so people who discover an exploit for this widely used OS are likely to find a vulnerable machine which is easily exploitable and has the resources they want. Unix/Linux systems are very powerful, and although they don't make up a large portion of the net, they are widely used as servers, which typically have vast resourses available by an exploiter. Novell, on the other hand, are rare to run into. How many people on this list have ever owned a Novell box? How many have even ever encountered one before? This is partly the reason for the lack of security patches. If there are so few boxes on the net with relatively little use, why do we need Netware exploits? They do exist, but who here has ever used one? If Netware were as popular as Windows, I'm sure a whole mess of bugs would be found. Anyways, that's just like my opinion...man....(the dude) Kris Hermansen ----- Original Message ----- From: "Curt Purdy" <purdy@...man.com> To: "'Rodrigo Barbosa'" <rodrigob@...spammers.org>; <full-disclosure@...ts.netsys.com> Sent: Sunday, September 28, 2003 6:11 PM Subject: RE: [inbox] Re: [Full-Disclosure] CyberInsecurity: The cost of Monopoly > I must disagree. When Netware has had one major security patch this year > vs. 39 for Microsoft, the quality of the platform becomes fundamental. > > Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA > Information Security Engineer > DP Solutions > > ---------------------------------------- > > If you spend more on coffee than on IT security, you will be hacked. > What's more, you deserve to be hacked. > -- former White House cybersecurity zar Richard Clarke > > > -----Original Message----- > From: full-disclosure-admin@...ts.netsys.com > [mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of Rodrigo > Barbosa > Sent: Saturday, September 27, 2003 3:36 AM > To: full-disclosure@...ts.netsys.com > Subject: [inbox] Re: [Full-Disclosure] CyberInsecurity: The cost of > Monopoly > > > On Fri, Sep 26, 2003 at 11:59:04PM -0600, Bruce Ediger wrote: > > On Fri, 26 Sep 2003, Rick Kingslan wrote: > > Oh, wait. Apache has about 2 times the market share of IIS, and I'm > > still getting Code Red and Nimda hits TWO YEARS after they were released. > > > > By contrast, I only got about 2 days worth of hits from Slapper. > > Ok, I'm all for opensource and stuff. But this kind of thing, like > still getting hitted by code red (same here), speaks more about the > quality of the administrators then of the platform itself. > > -- > Rodrigo Barbosa <rodrigob@...spammers.org> > "Be excellent to each other ..." - Bill & Ted (Wyld Stallyns) > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
Powered by blists - more mailing lists