|
Ahh... we're gonna have a ball now.... Bryan Phinney wrote: This i explained in the end.On Saturday 21 August 2004 06:33 am, Vincent Voois wrote: It also assumes that you know exactly which daemons are running on the target machine, Not nessesarily damage, but opening backdoors for ways of intrusion may be sufficient.and which versions of those daemons and you have a vulnerability that hasn't been patched. And, it assumes that by exercising the vulnerability, you can somehow cause some actual damage to the machine. Specially if you want to hack a company server to retreive data. Like simple security exploits of MySql databases (and using a non-secured PHPMyAdmin environment :P, just browse google for a "welcome to phpMyAdmin" term and find out if there are unsecured servers, you don't even need to spoof IP in some cases) On Linux this is harder to accomplish.In the case of a worm, the whole point is to infect and propagate. So, you have to make another leap and assume that whatever you can cause to happen is complex enough to turn off all additional protections, notifications to sysadmin, and continue to spread to other boxen. Windows has no security, i don't know why Microsoft still tries to convince people that it is secure, it isn't.If you are implying that this is "quite simple," especially compared to the average script kiddie using a virus construction kit to implement the latest windows vulnerability published 6 months ago and still unpatched, you must be quite the hacker. That they improved their firewall construction to make Windows less vulnerable doesn't mean it is more secure from within it's environment. It just has more barriers now, but there will soon enough come new exploit discoveries. Spyware is one of the backdoors that can become the exploit if people don't use anti-spyware software against it. If anyone should fear intrusion into your private life, it is for sure spyware that can cause much more damage than only corrupt your system. (depending what sensitive information is stored on it) I'm a moron, i had no troubles installing Linux on an average PC working without needing to do much handwork. Leaving it that way unattended and unconfigured (besides defaults) maybe isn't a problem for now, but when leaks become known in a later period and i the same moron don't pay attention to update security, my box becomes more vulnerable for certain attacks. They don't nessesarily have to cause very much damage (as i said earlier) HAhahahahaha, i like your reply, i did not intent to bring it as black and white as you picked it up but the main idea is that any os is vulnerable to something. And if it's not known today, it will be discovered later and let's just hope it is being discovered by the developers and not by users that intend harm with it. For AFAIK, it always has been plain simple to hack a windows platform using *NIX techniques and this is what i often do on occasion when SID tables of NT servers got that corrupted that local admin isn't able to log anymore with the local password. (The well known Linux bootflop and it's extra flop with SCSI drivers) And it still works, wether it's NT 4.0, 2000, XP and even local admin password hacking util works on Windows Server 2003. Either Microsoft has this tool as part of their disaster recovery kit, or they have their eyes wide shut. I'm a field service engineer in real life, but i do not run into Linux configurations on a daily or even weekly basis, but when i see how Linux is utilised within our company, it's only for hacking Microsoft business :P Maybe the majority quirk script kiddies are not really older than 14 and don't really have any desire to do too much trouble bringing down some website-server using the ordinary DoS-attack tools through IRC. Besides, with DoS you can also take out Linux and various routers and switches if you do it properly enough. It's not vulnerable to the box itself, but irritating to everyone depending on the pipeline they require for usage. So also on the internet you have various levels of rascals, but it was not my purpose to put it THAT black and white as you reply to it. The point is, when i saw the thread whooping up Netsky Virus which is as much pain in the arse as any other worm that causes similar effects (and how many variants of it are still out there), i wanted to point out that Linux has other security flaws than Windows and that no OS is specifically safer than the other. And as a possibility for the idea one is being less attacked it might be the idea that you can cause more problems attacking the majority using a certain platform than trying to bring down the whole backbone which serves this whole majority of certain platform users. (I'm sorry, but as smart as people are, they are in certain cases also just as dumb. (I'm not excluded)) How much damage one could actually do depends on what can be exploited (which application or daemon) and what can be executed or transmitted. Neither systems are really safe, but they get safer each update. But every new feature also introduces new (maybe security) bugs. It's part of the development cycle that is hardly unavoidable. It's just a pitty that some of the smart persons around who find the exploit, do not have the loyalty to report it to the OS developer, but instead create an SDK-to-go for scriptkiddies to play around with, clugging up the network bandwidth with heavyload shit of page requests nobody is waiting for. Sincere regards, Vince. |
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
