lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <004901c38643$489c9ce0$ca02a8c0@winxpnetsniper>
From: khermansen at ht-technology.com (Kristian Hermansen)
Subject: [inbox] Re: CyberInsecurity: The cost of Monopoly

Just my two cents, but the number of patches does NOT necessarily equate to
platform stability.  If you had more people researching Netware flaws (since
the percentage of people using it is so low in comparison), I'm sure your
theory would deflate.  I'm not saying that Windows is secure in the least,
but I think that every corporation trades off the cost of secure/quality
code for insecure/sloppy feature sets.  The reason that MOST people look to
exploit software/OS's is so that they can gain priviledges on the system.
Windows machines make up 90-95% of the systems on the internet, so people
who discover an exploit for this widely used OS are likely to find a
vulnerable machine which is easily exploitable and has the resources they
want.  Unix/Linux systems are very powerful, and although they don't make up
a large portion of the net, they are widely used as servers, which typically
have vast resourses available by an exploiter.  Novell, on the other hand,
are rare to run into.  How many people on this list have ever owned a Novell
box?  How many have even ever encountered one before?  This is partly the
reason for the lack of security patches.  If there are so few boxes on the
net with relatively little use, why do we need Netware exploits?  They do
exist, but who here has ever used one?  If Netware were as popular as
Windows, I'm sure a whole mess of bugs would be found.  Anyways, that's just
like my opinion...man....(the dude)

Kris Hermansen


----- Original Message ----- 
From: "Curt Purdy" <purdy@...man.com>
To: "'Rodrigo Barbosa'" <rodrigob@...spammers.org>;
<full-disclosure@...ts.netsys.com>
Sent: Sunday, September 28, 2003 6:11 PM
Subject: RE: [inbox] Re: [Full-Disclosure] CyberInsecurity: The cost of
Monopoly


> I must disagree.  When Netware has had one major security patch this year
> vs. 39 for Microsoft, the quality of the platform becomes fundamental.
>
> Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
> Information Security Engineer
> DP Solutions
>
> ----------------------------------------
>
> If you spend more on coffee than on IT security, you will be hacked.
> What's more, you deserve to be hacked.
> -- former White House cybersecurity zar Richard Clarke
>
>
> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com
> [mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of Rodrigo
> Barbosa
> Sent: Saturday, September 27, 2003 3:36 AM
> To: full-disclosure@...ts.netsys.com
> Subject: [inbox] Re: [Full-Disclosure] CyberInsecurity: The cost of
> Monopoly
>
>
> On Fri, Sep 26, 2003 at 11:59:04PM -0600, Bruce Ediger wrote:
> > On Fri, 26 Sep 2003, Rick Kingslan wrote:
> > Oh, wait.  Apache has about 2 times the market share of IIS, and I'm
> > still getting Code Red and Nimda hits TWO YEARS after they were
released.
> >
> > By contrast, I only got about 2 days worth of hits from Slapper.
>
> Ok, I'm all for opensource and stuff. But this kind of thing, like
> still getting hitted by code red (same here), speaks more about the
> quality of the administrators then of the platform itself.
>
> --
> Rodrigo Barbosa <rodrigob@...spammers.org>
> "Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ