lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1FA45C2E5F2E4B46967415DA3A804FE83C3880@mail.greenborder.com>
Date: Tue Apr 25 21:40:45 2006
From: bill.stout at greenborder.com (Bill Stout)
Subject: What is wrong with schools these days?

Point taken; bkfsec, Michael, Valdis.  

Statistics are just that.  There may be a better crafted comparison
between the webservers than Secunia vulnerabilities.

I think we're in agreement that an administrator has to be familiar with
securing that particular OS.

Bill Stout

-----Original Message-----
From: bkfsec [mailto:bkfsec@....lonestar.org] 
Sent: Tuesday, April 25, 2006 12:34 PM
To: Bill Stout
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] What is wrong with schools these days?

Bill Stout wrote:

>You know, having made a few NTexploit lists in the past, I wanted to
>make the point the M$ was less secure.  Unfortunately the facts were
>against me.
>
>Two IIS 6.0 vulnerabilities reported from 2003-2006 
>http://secunia.com/product/1438/ 
>Twenty-eight Apache 2.0 vulnerabilities reported from 2003-2006
>http://secunia.com/product/73/
>
>Paul is right.
>
>I would never suggest a Windows admin use UNIX, or visa-versa.  A
>product is only as secure as it's configured.
>
>  
>
Facts and statistics are two different things, my friend.

I'm not saying that Paul's specifically wrong... he's not.  Just that 
those statistics aren't the end of the road for the "facts".  Lots of 
other factors play into things.

What I usually say is that if run by a clueful administrator with an eye

to system audit, control, and security, a Free Software system _can_ be 
made more secure than a proprietary system, particularly a Microsoft 
based solution. 

Now, given equal setup time, resources, and management backing for the 
project -- well, that may be a different story.  But you can't blame the

*nix systems for being hamstrung by a lack of resources.  :)

I stand by that statement.  And would happily point out that if you run 
any system without configuring it with an eye to security, you're 
probably going to have a problem.

             -bkfsec



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ