Bryan Phinney wrote:
On Sunday 22 August 2004 02:14 pm, Vincent Voois wrote:
Or by leaving it as it is. I believe Mandrake Linux is delivered with default firewall settings in a similar way XP's firewall is set by default. (turned off)
Ah, so you don't remember selecting a security level when you installed Linux, right? If you select a higher security level, the poor man's firewall of a
Nopes i don't remember that, i've done this only one time :P
I don't know of any enterprise running Linux servers that don't have at least one person on hand to do day to day administration and configuration. YMMV. It is possible, from my experience, to get an MSCE and still not be able to properly troubleshoot or administer computer systems, we have a few in my office. So, if you were referring to Windows servers, I have no doubt that might be the case.
Hmmz, i had a collegue with MCSE certificate that considered servers on a hardware technical base were the same as desktop pc's.
The guy was fired after he excuted the system erase utility on a Compaq system, taken by the hand by third level helpdesk engineering remotely instructed through phone. The guy was blindly executing key-sequences he got on command and made one terrible mistake in the main smartstart environment by executing system erase utility instead of array configuration utility.
I mean, why don't people really READ and OBSERVE what they are doing.
I don't have MSCE, MCA/MCP and i don't intend to qualify myself for such papers either, though i read and learn the material and on each job i learn something new if i see examples being processed by system admins that do the real job.
I sometimes have a malfunction on a HP-UX system or an Ibm box running Unix. And not the new edition of today, but the box runs uninterruptedly for the past several years.
The system administrator asks me to check the replacement hardware first and if it isn't the same, he doesn't want me to exchange it for the fact the kernel might not support the different device.
This mostly counts for tape-drives as the model sometimes deviates form what is currently seated in the machine, but also for SCSI/RAID-cards.
System admins aren't really snappy upon recompiling kernel's either.
But don't forget:some individual home users have access to their company network through VPN (when enabled). I've seen backdoor infiltrations in company LAN's thanks to the laptops or private desktops of their employees that hosted the backdoor, which could infiltrate their system on regular basis.
I don't, even for a minute, believe that a hacker is going to target individual machines with the intent of gaining access to an enterprise through a VPN connection. Whether or not they might so happen to luck into
Wrongly interpreted, a company worker that has a laptop from his boss, at his works, logs onto LAN through Ethernet and at home uses VPN over his common ISP-DSL.
The guy gets infected by Blaster / Sasser when he is just browsing the internet across his ordinary ISP DSL connection (VPN turned off) because his machine is much vulnerable there. I'm talking about infection in the early stage of the release of these worms, in any later state companies COE scripts mostly take care the virus will be gone.
In the mean time, when he connects back with VPN to the network, the worms attempt to spread themselves across the WAN of the company.
It was not the intend of the virus writer for this virus to infiltrate company's LAN/WAN's this way, but this is the extra side-effect which can happen. It's not about getting sensitive data or corrupting servers, but it is a good way to narrow down the backbone's bandwidth of a company.
much more likely to be targeting unix and linux boxen and they are not using the vulnerability of the week MS worm to do their work. They are also much more likely to be hitting the server directly, not trying to backdoor through a VPN.
Personally there are several ways to get a virus inside an enterprise domain without needing DoS techniques or trying to enter.
Just simply a couple of network techniques in one file, cloak it as some commercial demo-product on a neat floppy and just send a few copies to the company you want to tab into. (oldest trick in the book, but still works effectively as most virus scanners aren't setup to do heuristic scanning, supposing we discus a very smart virusscanner)
We pick out an ISP that can host you anonymously (in particular an known isp which is on most mail blacklist for spamming etc.)
You set up a small page on a free webserver where you can publish a simple file through your own written ftp client to upload a small text-file containing your current ip and a unique identifyer string.
We report the website to several search engines and wait for them to have it indexed.
The virus will attempt to once in a while scan the searchengines upon that identifyer (using the local proxysettings of the current user) and it will store the ip address that is published in the upper info header. Then it shall make an attempt to connect to that ip-address upon port 53 as this is one of the ports that mostly can't be closed to stop ppl from using client -server apps to connect with eachother.
In this way you have a dedicated virus that does not depend upon a fixed IP address but wether it's host offers access to the plain internet. But it does require the virusmaker knowledge of networking and how the OS structure looks like and is being linked.
For Windows this is pretty easy, for Linux i don't know. At least not one of the daily scriptkiddy actions i guess.
Using Windows viruses bypassing security measures as examples of compromising machine methods on a Linux mailing-list is especially hilarious. Please keep going, you are making my point much better than I appear to be doing.
I'm glad you're starting to understand me i'm not out here to attack Linux.
Assuming that you have any for Linux boxen. I am not really interested in hearing tricks for MS machines, I can google for those on Astalavista.
Neworder you probably mean.
which forum it is, for each vulnerability that you disclose, I would expect a patch within a matter of days. And, not only will you not be sued (as MS has threatened to do in the past), the developers will probably thank you for the disclosure.
I still need to learn a lot how Linux works.
I program in XBasic, which also works in Linux, but only in XWindows :P
I don't think i will get far writing Linux virus which is 1.5Megs large (as i have to recompile the runtime library if i want it to get any smaller) :P
However, If I were to compare a runaway skateboard travelling at 80 mph to a Volvo traveling at the same speed, in terms of safety, I doubt that I would arrive at a conclusion that they are the same because they both involve some risk. I would not classify such a statement to really be painting an accurate portrait of reality.
Which of the mobile devices in your metaphore is classified as windows?
The skateboard is windows, the Volvo is Linux. I would have thought that was pretty clear. As in, which OS would a reasonable and semi-knowledgable user
I just wanted to really read it once more.
feel safer running? I only have to Google for "computer threats" to come to conclusions.>
Ever asked Jeeves' opinion? (There's more than google)
IRC can also be quite informative once in a while... just join the known channels, lurk and log.
I've had some trick-files to do some flag-busting in VAX/VMS en SCO, but that was still when the SU command was exploitable (and a simple sysadmsh could be invoked) I'm really way out too long.
the updates, I can't imagine a problem finding blackhat tools for Windows. If that day ever comes, I will paint the windows logo on my face and sing "Start it Up" at the local Linux LUG.
HAhahaha, i hold you to that... Maybe in 50 years, it's your turn to do that :P
But i already stated Linux is safer than windows in the first mail.
Quite true. You said: "It's because Windows still dominates the most of the current user- and business-market that most people don't bother themselves in hacking Linux." This implies that the only reason that Linux is safer than Windows is that it people don't bother themselves in hacking Linux.
Hmmz, am i not giving examples enough to show that the above is not the only thing why Linux is safer? It's one of the reasons making virusses for Windows seems more popular to me, but there are for sure many more. It's just more fun bringing down windows because it's so easy.
So, just to clear up any possible misconceptions, I hold that your assertion.. snip ..
Linux compared to windows, you should be disillusioned from that now.
Open source forever right?
..snip..It may be demonstratible, but can you point out each security bug of each
OS and compare the severity of them with eachother?
There are published reports of vulnerabilities and patches issued for Linux. I assume that there are similar announcements for Windows (although that is
is based on comparitive percentages of machines in the market, not hard numbers that can be attributed to market share.
Windows machines still seem to be more attacked IMHO, dunno if it's really because it's easier, or funnier or because there are so many people that hate Bill Gates which might be a reason enough for some quirks to write viruses for MS.
But most news i see about viruses and exploits are only for Windows. The question is still:why windows?
There's also something called MacOS and OSX. (Also Mac ofcourse) and i hardly read anything about that either.
Don't tell me the Mac is that safe too.
For the record, out of personal experience, I ran and run Windows on a number of computers (work) and have been running Linux for about 4 years now on my home machines. None of my home machines have ever been compromised or hit by any outside threat. I have been the victim of DOS and Windows viruses in the past. So, from my personal experience, Linux is safer.
I've had viruses in the past under DOS and Win9x, i used a router from one day to pull off the threats. I've setup a sniffer once just to check what kind of requests were targeted for my ip. What a waste of bandwidth all these different portscanners polling my ip at least once a minute. And with all those viruses it became only worse. With the router, peace came on my own PC, but not my dialup modem. This is still a problem. Another thing why i dislike inventors of mass-mailing and exploit viruses.
source. That is simply because there are more eyes looking at open source and it is easier to find potential vulnerabilities when you have the source code.
Jups, but i don't favor closed source, it has other advantages too (specially in speed of development and quality). It will disappear eventually as you can see it happening already also at MS.
Well, here is free info. Whatever method you want. Use Mandrake's RPM's to patch your software or simply compile and roll your own versions as the new source is put out for each application you run. Totally up to you. Ain't OS grand.
You talk about the rpmi method probably?
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
