On 2/12/07, Jochem van Dieten <[EMAIL PROTECTED]> wrote:
> But what is Linux doing? Is there a structured security and audit process?
> Is there a team being payed to make long days reviewing code instead of
> developing cool new features? Do those teams exist for all the addons that
> are shipped
** Private ** wrote:
> linux is more secure than windows because only dorks use
> linux..:-)
That moment is not far away anymore.
While everybody keeps pointing at the big bad Microsoft and their silly
'vulnerable by default' out-of-the-box configuration, Microsoft is changing.
And
No, I'm talking about the little retailers and the rest of the people who go
out and pick up a box from office depot or compusa, so they can check their
email, and keep their finances in order.
The Open Source movement doesn't address these people. From my stand point,
it isn't a money thing, open
On 2/11/07, Nick McClure <[EMAIL PROTECTED]> wrote:
> What magazines are you getting? Who is reading them?
>
> You think they guy running a four person retail store is reading
> Business 2.0?
Ah, four person retail store-- depends. Is it a book store? ;)
Yeah, I get your point. I don't think i
What magazines are you getting? Who is reading them?
You think they guy running a four person retail store is reading
Business 2.0?
> -Original Message-
> From: Denilicious [mailto:[EMAIL PROTECTED]
>
> I don't think this sentiment reflects the current views-- Just about
> every mag I'v
On 2/10/07, Nick McClure <[EMAIL PROTECTED]> wrote:
> But most companies don't know about those options.
>
> Open source has a stigma when it comes to the average small business,
> they look at and assume it developed by a bunch of 13 year old kids in
> their parent's basement, if they even know wh
ond one.
> -Original Message-
> From: Denilicious [mailto:[EMAIL PROTECTED]
> Sent: Saturday, February 10, 2007 3:02 AM
> To: CF-Community
> Subject: Re: Why Linux is more secure than Windows
>
> On 2/9/07, Nick McClure <[EMAIL PROTECTED]> wrote:
> > Larger co
On 2/9/07, Nick McClure <[EMAIL PROTECTED]> wrote:
> Larger companies that have IT people can do that, small companies that don't
> rely on the support provided by the vendor. Because they don't have to go
> out and find somebody else to support a product.
I was talking about using a "vendor", act
Larger companies that have IT people can do that, small companies that don't
rely on the support provided by the vendor. Because they don't have to go
out and find somebody else to support a product.
Most companies support their own products, so they expect the people that
developed the products t
*falls over*
tooo...much...text...
*twitch*
*twitch*
urrk..urrkk..
On 2/9/07, Denilicious <[EMAIL PROTECTED]> wrote:
> On 2/8/07, Jim Davis <[EMAIL PROTECTED]>
~|
Upgrade to Adobe ColdFusion MX7
Experience Flex 2 & MX7 integ
On 2/8/07, Jim Davis <[EMAIL PROTECTED]>
> -Original Message-
> > From: Denstizzo [mailto:[EMAIL PROTECTED]:]
> > Are you proposing that the number of people who know C++, isn't that
> > large? Or perhaps that it's so difficult to pick up a language, that
> > there
> > aren't many people f
> -Original Message-
> From: Jochem van Dieten [mailto:[EMAIL PROTECTED]
> Sent: Thursday, February 08, 2007 5:44 AM
> To: CF-Community
> Subject: Re: Why Linux is more secure than Windows
>
> ** Private ** wrote:
> > But the idea that a problem in open source s
> -Original Message-
> From: Denstizzo [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, February 07, 2007 8:44 PM
> To: CF-Community
> Subject: Re: Why Linux is more secure than Windows
>
> On 2/7/07, Jim Davis <[EMAIL PROTECTED]> wrote:
>
> Are you propos
linux is more secure than windows because only dorks use linux..:-)
--
---
Robert Munn
www.funkymojo.com
~|
Upgrade to Adobe ColdFusion MX7
Experience Flex 2 & MX7 integration & create powerful cross-pla
On 2/8/07, Vivec <[EMAIL PROTECTED]> wrote:
>
> Do youcould you just get this down tosay...one or two paragraphs?
> :)
>
> You're saying that a key advantage of Open Source is that the user
Dude, I am so relaying everything else I have to say- er, type- thru you!
But- My god man!, yo
** Private ** wrote:
> The process that owns port 80 on IIS 6.0 machines is the HTTP.SYS
> driver (when enabled). This is a kernel-mode driver that only
> forwards requests and *cannot* have user-mode application code loaded
> into it, as it does no execution. Any exploits into this are useless
Hi Jochem,
The process that owns port 80 on IIS 6.0 machines is the HTTP.SYS driver
(when enabled). This is a kernel-mode driver that only forwards requests and
*cannot* have user-mode application code loaded into it, as it does no
execution. Any exploits into this are useless.
Further
** Private ** wrote:
> But the idea that a problem in open source software is less problematic than
> in closed source because "you can just fix it yourself" always strikes me as
> completely silly.
I do not consider that argument silly. I run (or have run at some point in
time) my own custom ver
Do youcould you just get this down tosay...one or two paragraphs?
:)
You're saying that a key advantage of Open Source is that the user
himself can alter the code and extend functionality as he needs to.
You also mentioned the many modifications and extensions of the Apache
webserver as ev
On 2/7/07, Jim Davis <[EMAIL PROTECTED]> wrote:
>
> > -Original Message-
> > From: Denstizzo [mailto:[EMAIL PROTECTED]
> > Sent: Wednesday, February 07, 2007 12:43 PM
> > To: CF-Community
> > Subject: Re: Why Linux is more secure than Windows
> &g
> -Original Message-
> From: Denstizzo [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, February 07, 2007 12:43 PM
> To: CF-Community
> Subject: Re: Why Linux is more secure than Windows
>
> There are people you pay to administer it. Same as anything else.
> We&
doesn't have to run as that
account.
> -Original Message-
> From: Jochem van Dieten [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, February 07, 2007 4:00 PM
> To: CF-Community
> Subject: Re: Why Linux is more secure than Windows
>
> ** Private ** wrote:
> >
** Private ** wrote:
> What account does Apache start under?
The account you configure it to start under.
>> The most
>> obvious privilege is the privilege to start processes under a
>> different user account.
>
> The IIS worker process starts under it's own identity - Network
> Service.
Apache can be made to run under any account that has run as a service
privileges in Windows.
On 2/7/07, Matthew wrote:
>
> What account does Apache start under?
>
> The most
> > obvious privilege is the privilege to start processes under a
> > different user account.
>
> The IIS worker process sta
What account does Apache start under?
The most
> obvious privilege is the privilege to start processes under a
> different user account.
The IIS worker process starts under it's own identity - Network Service. It's a
incoming request that starts this process. Who's starting processes under
On 2/6/07, William Bowen <[EMAIL PROTECTED]> wrote:
>
> > I hate it when people start talking open source for enterprise
> > applications that require 24x7x365 because when something does go wrong,
> > I got nobody to call.
>
> Told this (well, similar) to my boss the other day in a synopsis of my
He said Windows was less secure, not IIS. Let's see Apache on Linux v.
Apache on Windows and see how that looks.
On 2/6/07, Vivec wrote:
>
> Utter and complete rubbish.
>
> The amount of system calls in a webserver serving a static HTML page
> does not indicate how vulnerable an OS is.
>
> Plus h
> -Original Message-
> From: Jochem van Dieten [mailto:[EMAIL PROTECTED]
>
> According to MS at least Nimda was in IIS itself:
> http://www.microsoft.com/technet/security/bulletin/ms00-078.mspx
I remember getting these hits in log files, they never caused my any
problems because I didn't
** Private ** wrote:
> Can you please explain this to me:
>
>> IIS needs to be run as a privileged user, Apache doesn't. Due to this
>> simple fact, IIS is inherently less secure. If Apache gets compromised,
>> you get the Apache account. If IIS gets compromised, you get the
>> server.
>
> I d
** Private ** wrote:
> From: Jochem van Dieten
>>
>> How about Code Red and Nimda?
>
> Code Red targeted the MS Index Server, Nimba tried a few other buffer over
> runs to IDC as I recall.
According to MS at least Nimda was in IIS itself:
http://www.microsoft.com/technet/security/bulletin/ms00-0
Jochem,
Can you please explain this to me:
> IIS needs to be run as a privileged user, Apache doesn't. Due to this
> simple fact, IIS is inherently less secure. If Apache gets compromised,
> you get the Apache account. If IIS gets compromised, you get the
> server.
I don't know Apache at al
> -Original Message-
> From: Jochem van Dieten [mailto:[EMAIL PROTECTED]
>
> How about Code Red and Nimda?
Code Red targeted the MS Index Server, Nimba tried a few other buffer over
runs to IDC as I recall. Both things that should have been disabled by MS by
default, and disabled by any S
** Private ** wrote:
> Bah, the source code doesn't directly tell you its secure.
But without secure source code you can not have a secure application.
> To my knowledge there hasn't been any attacks against IIS, every attack
> was against some specific technology that was usually found to have
> I hate it when people start talking open source for enterprise
> applications that require 24x7x365 because when something does go wrong,
> I got nobody to call.
Told this (well, similar) to my boss the other day in a synopsis of my
response to a proposal to move our CF /SQLServer 2000 stuff to
Bah, the source code doesn't directly tell you its secure.
To my knowledge there hasn't been any attacks against IIS, every attack
was against some specific technology that was usually found to have been
left open by the user.
If you have IIS doing a strait web request for HTTP with HTML that doe
On 2/6/07, Nick McClure <[EMAIL PROTECTED]> wrote:
>
> Who cares about LAMP, you want to compare Apples to Apples, get Tomcat
> involved.
Bet *nix is still "better".
Anyways, the real issue is, how can I tell if IIS is secure?
Audit the source code? Oh, yeah.
Or: How about: want to make it bet
Who cares about LAMP, you want to compare Apples to Apples, get Tomcat
involved.
> -Original Message-
> From: Vivec [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, February 06, 2007 4:53 PM
> To: CF-Community
> Subject: Re: Why Linux is more secure than Windows
>
> Utter
Utter and complete rubbish.
The amount of system calls in a webserver serving a static HTML page
does not indicate how vulnerable an OS is.
Plus he's comparing a bare bones linux installation with IIS which has
..asp and a whole host of other services running with it.
Let's see his comparison of
> I'd say I agree with the blogger.
+1
though the pictures hurt my eyes
~|
Upgrade to Adobe ColdFusion MX7
Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs
http:http://ad.doubleclick.net/clk;56760587;1
I'd say I agree with the blogger.
On 2/6/07, Bruce Sorge <[EMAIL PROTECTED]> wrote:
>
> This guy did a study on the subject and came up with this. What do you all
> think?
>
> http://blogs.zdnet.com/threatchaos/?p=311
>
> --
> Bruce Sorge
>
> "I'm a mawg: half man, half dog. I'm my own best friend
40 matches
Mail list logo