Re: LUG: Most computer users need Linux - Tue, 13 Apr 2010 19:10:25 +0100

Subject : Re: LUG: Most computer users need Linux

From : Edward Anderson <nilbus@nilbus.[redacted]>

Date : Tue, 13 Apr 2010 19:10:25 +0100

Though we use a Linux VM since it's most convenient and has the best
tools to demonstrate these vulnerabilities, all the attacks we study
affect every platform. though these vulnerabilities can exist on
Linux, the open-source model allows them to be discovered and fixed
far more easily, and the package management systems Linux uses allows
quick and efficient distribution of security fixes, not only to the OS
like Windows Update, but to every app installed on your system.

I think the author's point holds true that Linux is muh more
appliance-like for average users than windows is.

Edward

On Tuesday, April 13, 2010, Jay Goel <jpgoel@ncsu.[redacted]> wrote:
> I don't really want to get caught up in this flame war, but in CSC 405 (security, [1]) we are using password-cracking tools, running well-known exploits, and even writing our own shellcode injection scripts. We're studying and explaining why and how these different things work.
>
>
> Any takers on which platform has so many security flaws that we can spend a semester exploiting them in this class?
> Someone tell me, in this article, where the "explanation" of security is? The only thing this article says is that linux has better default configurations. Except for svn's default behavior to cache your password [2], Firefox's default of URL completing all of your webpages and history - not to mention that javascript+history+link color exploit that's been around for a decade, or that pidgin doesn't even try to encrypt your passwords on the disk [3] not to mention the fact that linux still isn't smart enough to handle an unprivileged user's execution of "for(;;) fork()". RHEL doesn't even come with quotas turned on by default, which will screw up your computer in like 2 seconds.
>
>
> Sheesh. Y'all have successfully trolled me! Hopefully some of you will come out to Mike Torto's rPath talk today, I'm kinda excited about it!
> Jay
>
>
> [1] http://fairfax.csc.ncsu.edu/csc405/labs/[2] http://svnbook.red-bean.com/en/1.4/svn.tour.initial.html
>
> [3] http://developer.pidgin.im/wiki/PlainTextPasswords
>
> On Tue, Apr 13, 2010 at 11:22 AM, Daniel Underwood <daniel.underwood@ncsu.[redacted]> wrote:
>
>> I disagree, personally (at least with the preachy tone of the
>> article). ... Most folks just need purpose-built environments/tools
>> for they want to do: email, facebook, and banking.
>
> I know what you mean. I just feel it's a succinct explanation of
> security-
> related benefits written in a very accessible way.
> --
> Daniel Underwood
> North Carolina State University
> Graduate Student - Operations Research
> email: daniel.underwood@ncsu.[redacted]
> phone: XXX.302.3291
> web: http://www4.ncsu.edu/~djunderw/
>
>
>
>