Index

Subject : Re: LUG: Most computer users need Linux

From : Jay Goel <jpgoel@ncsu.[redacted]>

Date : Tue, 13 Apr 2010 11:47:03 -0400

Parent


I don't really want to get caught up in this flame war, but in CSC 405 (security, [1]) we are using password-cracking tools, running well-known exploits, and even writing our own shellcode injection scripts. We're studying and explaining why and how these different things work.

Any takers on which platform has so many security flaws that we can spend a semester exploiting them in this class?

Someone tell me, in this article, where the "explanation" of security is? The only thing this article says is that linux has better default configurations. Except for svn's default behavior to cache your password [2], Firefox's default of URL completing all of your webpages and history - not to mention that javascript+history+link color exploit that's been around for a decade, or that pidgin doesn't even try to encrypt your passwords on the disk [3] not to mention the fact that linux still isn't smart enough to handle an unprivileged user's execution of "for(;;) fork()". RHEL doesn't even come with quotas turned on by default, which will screw up your computer in like 2 seconds.

Sheesh. Y'all have successfully trolled me! Hopefully some of you will come out to Mike Torto's rPath talk today, I'm kinda excited about it!

Jay

[1] http://fairfax.csc.ncsu.edu/csc405/labs/
[2] http://svnbook.red-bean.com/en/1.4/svn.tour.initial.html
[3] http://developer.pidgin.im/wiki/PlainTextPasswords

On Tue, Apr 13, 2010 at 11:22 AM, Daniel Underwood < daniel.underwood@ncsu.[redacted] > wrote:

> I disagree, personally (at least with the preachy tone of the
> article). ... Most folks just need purpose-built environments/tools
> for they want to do: email, facebook, and banking.

I know what you mean.  I just feel it's a succinct explanation of
security-
related benefits written in a very accessible way.
--
Daniel Underwood
North Carolina State University
Graduate Student - Operations Research
email: daniel.underwood@ncsu.[redacted]
phone: XXX.302.3291
web: http://www4.ncsu.edu/~djunderw/



Replies :