On Sun, 30 Mar 2008, Chris wrote:
Manuel Aróstegui wrote:
El sáb, 29-03-2008 a las 12:24 -0400, Jim escribió:
Read article
That's cool, but it's far to be the real scenario we face everyday.
I guess that Linux box was secure but the truth here, as far as I've
been able to see is that either Windows or Linux (I have no mac
experience) are both pretty insecure if they're been running by a dumb
administrator.
It is clear that a Linux, out of the box, has less chances to be hacked
than a windows in the same situation.
But for me, this hacking contest does not represent a real scenario.
Anyways, I'm glad Linux survived, do not take me wrong :-)
Manuel
Let's also not forget the most important part of the article - it mentioned
something about Java allowing MS security to be circumvented.
That leads me to think that if Java was not installed on that box, would it
have been hacked?
If you don't want to install Java you need to tell us what alternative is
going to provide better security. Many developers use Java because the
work needed to implement the functionality (including the attention to
security issues) would be prohibitive.
MS was chosen for this attack because the person who knew the Java
exploit also happened to be familiar with MS. Such attacks often
proceed in stages:
1. get user-level access via a browser, java, etc.
2. elevate to "admin/root" privileges, which is where knowledge of
the specific OS comes in.
Often the 1st step works on multiple platforms.
Perhaps not. So, I think the article is very misleading. To me, I could care
either way. as pointed out else where in this thread, a properly patched and
managed box (under any OS) can be very difficult to hack.
Or not, if you happen to know of an unpatched vulnerability.
I wonder why (at least in this article) OpenBSD was not mentioned. Perhaps it
was just a session that was betwix Linux & MS.
OS X was the first to fall (via safari), so the BSD camp didn't fare very
well.
--
George N. White III <aa056@xxxxxxxxxxxxxx>
