On Fri, 2004-03-19 at 01:49, Todd Burroughs wrote: > Wasn't that something that MS tried to say, the "hackers" are reverse > engineering our patches? That was funny, but the sad thing is that a > lot of people will believe it.
I have no doubt that people reverse engineer their patches. However, saying "hackers ONLY reverse engineer our patches" is a lot different from saying "one possible technique for abusing a Windows system is to look for problems by reverse engineering out patches." Biiiiiiig difference. Driving while sloshed is one possible way to get hurt while driving a car, but certainly not the only way. > What I meant is that you can most likely actually use the Internet to get > patches with a fresh install before you get taken over, not that somehow > UNIX-like systems make patches before the exploits are out there and being > used ;-) It's quite apparent by other threads on the list that this is > not generally the case with Windows. Just being patched doesn't mean > that you are safe, but it's better than running well known security holes. For the last couple of years (maybe longer?) RedHat Linux (and recently Fedora) have been shipping with a built-in firewall that enabled by default. If you don't know it's there, the it should certainly be enabled! :-) And if you decide to turn it off, you have to at least justify the effort to run /usr/sbin/lokkit. I hear that some BSD's do something similar. > Obviously, if you go on the Net with all services running, especially > on an unpatched box, you're gonna get rooted pretty quickly. Yup. Last I checked, Sun does it this way... Yay! Fortunately, they're a smaller target, and ppro is decent. But, it still takes me a few minutes to turn off all of the unnecessary stuff before I can begin the real work of setting up a useful system (and re-enabling anything that I actually need). -Luke -- Luke Scharf, Systems Administrator Virginia Tech Aerospace and Ocean Engineering _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
