On Tue, 2003-10-21 at 21:36, HaywireMac wrote: > On Tue, 21 Oct 2003 20:48:34 -0700 > James Sparenberg <[EMAIL PROTECTED]> uttered: > > > Not true, I've seen the paper he refers to. It's possible to patch a > > running kernel in order to gain ownership... that's the scary part. > > In theory, and with the expertise of a hacker like Silvio Cesare. Is > this something desktop Linux users should be concerned about? No.
The largest advantage most users have is that the true experts at doing things like this... won't because they have to much to lose. > > > > > > > This is hype, pure and simple, another attempt to gain notoriety by > > > pointing out "flaws" in a kernel that has proved itself beyond > > > question more secure than the "other" kernel. > > > > No he didn't do this. What he said was that a piecemeal attempt at > > security is not a solution, instead it's a path to death. True > > security occurs will all parts are in concert. What good is a > > firewall if the chat software allows a rootkit to come down along with > > a message? His point is that piecemeal security and patches are a lot > > like locking a screen door. Nice idea but eventually someone will > > figure out how to cut the screen. Patching the screen may close the > > hole but it doesn't increase security. He's right it has to be a > > ground up decision/effort. > > What currently existing or planned chat software would allow a rootkit > to come down the pipe and be executed? If the user accepts a file, makes > it executable, and runs it, there's nothing that can be done anyway. > Education is the key, not more paranoia. Current, I know of none. In the past kicq (or any other icq client) had this bug. (Hey my icq number has 5 digits..... been around it for a while.) However one of the less advertised reason for the recent switch by yahoo and MSN on their protocols is just this reason. Which is why older clients are blocked. > > > > > > > To further claim that Linux needs to go the route of the Trusted > > > Computing initiative...well, yer right, that's not funny, that's > > > scary. > > > > And inline with a harsh reality. Linux is not secure. It can be made > > secure. But in and of itself it isn't. Security comes not from what > > the OS is. But on whether or not the tools exist to make that OS > > secure. Take a look at NSA linux if you want to see some really neat > > stuff about security. > > It's certainly secure enough to avoid going down the path of tying > software to hardware. The Trusted Computing Initiative is not to be > trusted at all. To tell me what software I'm allowed to run on my > hardware because some l33t h4x0r knows how to patch a running kernel is > pure paranoia, and it would be the death of open source. The most restrictive music in the world is blues. just 12 notes. But look at all of the music that's been made from it (Jazz, Gospel, Rock, Rap etc etc etc.) Security isn't a restriction ... well ok I'll admit that to most "experts" thats what security is. Security is the outgrowth of Liberty (ask Benjamin Franklin) If all of the pieces where in concert then you could run anything you want. No sweat. Most restrictions come from having to block or otherwise thwart an insecure system. James > > I'll take my chances, thank you very much.
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
