[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1079705721.6858.83.camel@flybynight>
From: lscharf at aoe.vt.edu (Luke Scharf)
Subject: Operating Systems Security, "Microsoft
Security, baby steps"
On Fri, 2004-03-19 at 01:49, Todd Burroughs wrote:
> Wasn't that something that MS tried to say, the "hackers" are reverse
> engineering our patches? That was funny, but the sad thing is that a
> lot of people will believe it.
I have no doubt that people reverse engineer their patches.
However, saying "hackers ONLY reverse engineer our patches" is a lot
different from saying "one possible technique for abusing a Windows
system is to look for problems by reverse engineering out patches."
Biiiiiiig difference. Driving while sloshed is one possible way to get
hurt while driving a car, but certainly not the only way.
> What I meant is that you can most likely actually use the Internet to get
> patches with a fresh install before you get taken over, not that somehow
> UNIX-like systems make patches before the exploits are out there and being
> used ;-) It's quite apparent by other threads on the list that this is
> not generally the case with Windows. Just being patched doesn't mean
> that you are safe, but it's better than running well known security holes.
For the last couple of years (maybe longer?) RedHat Linux (and recently
Fedora) have been shipping with a built-in firewall that enabled by
default.
If you don't know it's there, the it should certainly be enabled! :-)
And if you decide to turn it off, you have to at least justify the
effort to run /usr/sbin/lokkit.
I hear that some BSD's do something similar.
> Obviously, if you go on the Net with all services running, especially
> on an unpatched box, you're gonna get rooted pretty quickly.
Yup. Last I checked, Sun does it this way... Yay! Fortunately,
they're a smaller target, and ppro is decent. But, it still takes me a
few minutes to turn off all of the unnecessary stuff before I can begin
the real work of setting up a useful system (and re-enabling anything
that I actually need).
-Luke
--
Luke Scharf, Systems Administrator
Virginia Tech Aerospace and Ocean Engineering
Powered by blists - more mailing lists