| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: peter at adamantix.org (Peter Busser) Subject: RE: Linux (in)security Hi! > You're investing a significant amount of time into convincing us that > linux boxes sitting on the internet (even when completely up to date and > reasonably locked down) aren't 100% secure. > > Rest easy, each and every one of us knows this. I would certainly hope so. :-) What I try to point out (and fail to do so it seems) is that there are relatively simple methods that can already help quite a bit to improve secutity of a Linux box. If you read the following URL: http://groups.google.com/groups?selm=20030525190037%2470c6%40gated-at.bofh.it You'll see that one box got hacked 37 times in a year. The other box 0 times. The difference: A kernel patch called PaX. It seems to me that not all insecurity is created equal. > The point raised by others in this thread (which you seem to object to, > although you haven't really responded to) is that linux (operated by a > knowlegable user) is 'stronger' than a similar Microsoft box. How relevant, the wooden house vs. the grass house argument. The fact that MS-Windows is less secure does not make Linux more secure. I think it is even counter productive. If MS-Windows was perceived as more secure than Linux, people would spend a lot of time improving the security of Linux systems. Now there is the idea that it is not worth the effort, because Linux is after all secure. Groetjes, Peter Busser -- The Adamantix Project Taking trustworthy software out of the labs, and into the real world http://www.adamantix.org/
Powered by blists - more mailing lists