I don't really want to get caught up in this flame war, but in CSC 405 (security, [1]) we are using password-cracking tools, running well-known exploits, and even writing our own shellcode injection scripts. We're studying and explaining why and how these different things work.

Any takers on which platform has so many security flaws that we can spend a semester exploiting them in this class?

Someone tell me, in this article, where the "explanation" of security is? The only thing this article says is that linux has better default configurations. Except for svn's default behavior to cache your password [2], Firefox's default of URL completing all of your webpages and history - not to mention that javascript+history+link color exploit that's been around for a decade, or that pidgin doesn't even try to encrypt your passwords on the disk [3] not to mention the fact that linux still isn't smart enough to handle an unprivileged user's execution of "for(;;) fork()". RHEL doesn't even come with quotas turned on by default, which will screw up your computer in like 2 seconds.

Sheesh. Y'all have successfully trolled me! Hopefully some of you will come out to Mike Torto's rPath talk today, I'm kinda excited about it!