lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAE2k8gq7+PR8fk1kSoR10f8rmMyy4OjCTNnL88ue7DPa8TY=bQ@mail.gmail.com>
Date: Sun, 10 Jun 2012 16:35:26 -0700
From: Ian Hayes <cthulhucalling@...il.com>
To: Laurelai <laurelai@...echan.org>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Obama Order Sped Up Wave of Cyberattacks
 Against Iran

On Sun, Jun 10, 2012 at 2:06 PM, Laurelai <laurelai@...echan.org> wrote:
> I am a bit surprised by the direction of this conversation and I have been
> waiting for someone to say the obvious in regards to protecting yourself
> from .gov malware, it really is quite simple if you think about it. Stuxnet,
> duqu, flame, ect.. all only run on windows platforms. If the people you are
> protecting are concerned about that kind of malware (and they should be) it
> would be a great time to tell them about GNU/Linux, BSD, ect..

What makes you think the world doesn't already know about these, and
that the various world governments don't already have their own 0days
or hooks into them? Why was Stuxnet written on Windows? Not because of
it's history of flaws, but because the Siemens PLC code that
interfaces with the centrifuges runs on Windows. If it ran on any
other platform, I would *guarantee* that it would still happen. "Just
run Linux" is not a panacea that instantly cures everything. Mac
fanboys used to say the same thing until someone decided to shut them
up. I've worked at places where it was Linux 100% and we STILL had
security issues. Conversely, I've worked at Windows heavy shops that
were actually well-run, and didn't have the mythical security issues
that seem to plague the news.

The operating system is merely the conduit, one has to look past that
to the motivation of the attacking party. Consider this your own
Riddle of Steel.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ