Domain: geodsoft.com
Stories and comments across the archive that link to geodsoft.com.
Comments · 14
-
Re:Relativity
Changing the default boot on ubuntu:
http://ubuntuguide.org/#changedefaultosgrub
Here's instructions on how to set it for whatever booted last:
http://geodsoft.com/howto/dualboot/grub.htm
Not so hard, really. -
Re:Wow, wow, wow.. let me get this straight..
Part of it is just to make it hard to get _everyone's_ data.
It's been pretty much admitted to that the NSA is working hard, and spending lots of money, doing exactly this. Even to the extent they haven't admitted to it I'm fairly certain it's being done on a regular basis.
While cracking one guy's password may be easy to do if you really want to know what he's been doing, if that costs a couple million in computing resources (not precisely the hardware, but rather the computer time, cryptanalysts, etc) you're not going to be able to simply do it to everyone. So I guess the question is, how long does a password-based encryption need to be these days to cost at least $1M in computing resources to crack?
Well, it certainly depends on the algorithm, but let's look at an example... "L0phtCrack takes less than a second to process the default dictionary of nearly 30,000 words and about a minute and a half to process two additional characters in conjunction with the 30,000 word list (on a PIII 500)." (http://geodsoft.com/howto/password/cracking_pass
w ords.htm). That alone would probably crack a good portion if not a majority of Gmail users passwords (even if you pretend they're not going to use the same password they already use for Gmail, in which case the government could force Google to snoop it post https decryption).Brute forcing is a bit harder, but with just a million dollars (which would be a pittance in terms of the estimated billions of dollars in NSA funding), the NSA could probably easily crack all 6-7 ASCII character or less passwords using standard brute force algorithms. Add in specialized hardware, which I'm sure they have, and maybe they could even do 8-10 or more. Reduce the size of the character set, which would make things more practical, and you could add one or two characters on to that. I don't know, but I personally wouldn't feel comfortable with anything short enough for me to memorize. Even then I guess I wouldn't feel completely comfortable, I mean, for all I know the NSA found a hole in RSA and/or proved NP=P (though I suspect such a revolutionary discovery would have leaked somehow). I guess what I'm saying is if you *really* care about the government discovering what you have on your computer, don't hook it up to the Internet.
I think it's pretty clear that "it probably wouldn't be all that hard to decrypt most of the passwords". I mean, just using a dictionary cracker like L0phtCrack would probably accomplish that. I'd personally go further, and suggest that the US government could probably crack the vast majority of passwords. The remaining ones wouldn't even have to be cracked, really. It'd be enough to target those people in other ways.
-
Re:highly anticipated?
OpenBSD's weakness' list (just a TINY sampling of what is/was possible to penetrate OpenBSD):
1.) OpenBSD False syslogd Source IP Reporting Weakness:
http://www.securityfocus.com/bid/6219
2.) OpenBSD's mysql security weakness:
http://www.monkey.org/openbsd/archive2/bugs/200103 /msg00022.html
(Seems OpenBSD isn't as "secure out of the box" as I stated most all OS' are w/out tweaking it)
3.) PAM Authentication Execution Path Timing Information Leakage Weakness:
http://securityfocus.com/bid/7342
(Funny, I see OpenBSD on THAT list also)
4.) systrace in OpenBSD:
http://www.informit.com/articles/article.asp?p=363 731&seqNum=7&rl=1
"Despite its many features, systrace has a number of limitations that bear mentioning. First, it lacks a facility to specify that you can permit once for a system call, such as binding to a socket. This can allow an attacker to recycle a system call, potentially at elevated privilege.
Second, system calls have no exclusive or. For example, an application might be permitted to open a le or a device, but not both. This weakness could ultimately be leveraged by an attacker who seeks to do more than a program was intended to do.
Lastly, the parent process has no control over spawned processes. For example, if you allow /bin/sh to be executed, you cannot control it beyond its own systrace policy. One way to get around this limitation is to specify a policy for the child process to inherit if it is to be less liberal than the normal system policy. This would be done via systrace"
5.) OpenBSD lprm(1) exploit:
Code is right there:
http://security.opennet.ru/base/bsd/1047145087_128 9.txt.html
For an exploit into OpenBSD...
*****
Need I go on? I don't think so but I easily could... OpenBSD's not some "magically secure system" any more than any other is and new holes get found on them all every month.
So, DrSkwid?
Please: Don't try to tell others that your OpenBSD is 'impregnable out of the box', because like most other OS'? It isn't.
(Sure, some of that may or may not have been patched above from my lists by this point, but you try to make it seem as if OpenBSD is some 'security panacea' magical formula, & it's clearly not).
And, it most certainly isn't as flexible, ubiquitous, & powerful as Windows Server 2003 is with as any applications surrounding it in both commercial and freeware implementations as Windows has a tremendous wealth of and most certainly does not run on as many types of hardware.
6.) This is not just myself stating it, here is another one regarding that:
http://geodsoft.com/opinion/server_comp/security/l inux.htm
"The default OpenBSD install is much more secure but also much less functional than a Windows NT or 2000 default install and most"
Keyword = DEFAULT! AND, less functional. BIG sticking points vs. Windows Server 2003.
Which is WHY I put up my list for Windows 2000/XP/2003 server users.
To teach them how to REALLY secure these Os' from MS, far above the DEFAULT security settings they ship with and how + why.
Give it up DrSkwid about OpenBSD being 'so great' when clearly, it's not by comparison. And, having to call me names?
Not too intelligent, nor fact based. The sign of the loser in forums online. It's right up there with spelling and grammar checking.
Above all - It's easy to secure -
If you're a vandal on wikipedia...
... you should use a a really common password. That way, if your cover is blown, you'll have at least the consolation that you'll find a nice phull bucket of phish on Tim Starling's page!
-
Re:One unconsidered factor
This has been discussed on Slashdot before. If you want a quick source, most boxes running Apache are running Linux, and you can take a look at netcraft to see the percentage of Apache boxes out there -- it's by far the dominant platform.
Linux and BSD are the dominant Apache platforms. I'm fairly comfortable saying that Linux is a much more common Apache deployment platform than BSD, but sure, I'll look it up. These numbers, the first I grabbed from Google, say that this is indeed true.
Aside from the fact that all the studies I've seen posted of Linux desktop usage are at best around 1%, anecodal evidence and a general feeling from reading articles and seeing sales of business software that business intranets (behind firewalls) tend to use Windows boxes on workstations, I just think that few people will argue that Linux is not a common desktop machine today. I know of only two people in person (and one is me) that definitely run Linux as their only desktop OS, and I spend an awful lot of time talking to tech folks.
Do you have any reason to say that what I was pointing out is false? I think that it's pretty much conventional wisdom. Do you need people to justify data like "Windows 98 tends to crash more than Mac OS X" at each usage? -
Re:What a crappy "article"Way to illustrate my point exactly. You are definitely in denial. I can help. Here's a quote from a fairly objective paper I found on Google and File and Directory Security:
Standard UNIX file and directory security is very limited compared to Windows NT flexible access control list capabilities.
It's pretty well known that the NTFS/Windows is more flexible and more granular than the Unix model. What were you saying about ignorance?
Also, with regard to the fully integrated NOS comment, I have no idea what it is you're taking issue with. How exactly is a Windows client not fully integrated into AD with security and the like?
-
I tell you what...
I run ClarkConnect on my firewall. Redhat, Debian, Gentoo, Lunar and Slackware on my *personal* box. Lycoris on my wife's box (no humorous responses please).
While the individual merits of each distro can be argued to no end, I do have to note that only Lycoris and ClarkConnect (Based om RH 7.2) worked perfectly out of the box. (Inasmuch as Windoze does)
Noting that, I would say that if you want to learn the differences between the distros, you should first learn how to multi-boot your machine. The greatest learning experience for me has been to have a working distro available at all times, while I'm trying to get a new (to me) distro working that I'm not familiar with. (Such as linux-from-scratch)
Anyway, I hope I haven't strayed too far from the subject, but I had to add my $.02.
In short, IMHO, if you are a complete newbie, learn how to multi-boot, install Lycoris, Mandrake and Debian. (or go to DistroWatch and pick a couple.) Graduate from one to the next while keeping your working distro intact. Then, Paraphrasing another post I read "apt-get when you finally get it together" - lol.
Happy Thanksgiving!
-
I tell you what...
I run ClarkConnect on my firewall. Redhat, Debian, Gentoo, Lunar and Slackware on my *personal* box. Lycoris on my wife's box (no humorous responses please).
While the individual merits of each distro can be argued to no end, I do have to note that only Lycoris and ClarkConnect (Based om RH 7.2) worked perfectly out of the box. (Inasmuch as Windoze does)
Noting that, I would say that if you want to learn the differences between the distros, you should first learn how to multi-boot your machine. The greatest learning experience for me has been to have a working distro available at all times, while I'm trying to get a new (to me) distro working that I'm not familiar with. (Such as linux-from-scratch)
Anyway, I hope I haven't strayed too far from the subject, but I had to add my $.02.
In short, IMHO, if you are a complete newbie, learn how to multi-boot, install Lycoris, Mandrake and Debian. (or go to DistroWatch and pick a couple.) Graduate from one to the next while keeping your working distro intact. Then, Paraphrasing another post I read "apt-get when you finally get it together" - lol.
Happy Thanksgiving!
-
OpenBSD's Security is Overrated
And here's why:
By default, every network service is turned off in an OpenBSD install. So of course it's going to be secure! There's no possible way for a machine not connected to the 'net to be hacked into! Contrast this with Microsoft's method of enabling every network service in the default install. This is the reason why so many NT boxes have been exploited; not because of inferior products, but because of the fact that tens of thousands of people are needlessly running remote access software on the desktop.
In my with securing servers, Mandrake 8.0 takes the least amount of effort to lock down while still providing a useful server after the default install. The BSD community should take a hint and start gearing toward usability rather than "superior" security. -
Apples anyone, or how about some tasty Oranges?How about some different numbers...everyone loves statistics. "The following numbers were obtained by counting web site defacements as listed at Attrition.org from June 2000 through May 2001:" Breakin Stats
The trouble with comparing Linux distros to Windows lies in the fact that Linux distros include so many different applications. I just did a count of installed packages on a RedHat box I am using, and I got 780 installed packages. I'd like to see a comparison of the number of exploits between the RedHat distro and Windows installed with 700 of the most common applications for it. That might be a more useful comparison. Also, I will readily acknowledge the weakness and lack of true usefulness of the numbers below, so no need to flame me for the lack of usability...I'm only posting the info I found, so no need to stone the messenger.
Windows
4336 Windows NT
1070 Windows 2000
2 Windows 95
5408 Windows total
All UNIX and Like
1185 Linux Red Hat
999 Linux unknown distributions
36 Linux Connectiva
23 Linux Debian
17 Linux Cobalt
17 Linux SuSE
13 Linux ALZZA
12 Linux Mandrake
1 Linux Slackware
2304 Linux total
485 Solaris & Sun OS (1)
267 IRIX
163 FreeBSD
121 BSDI
44 SCO
28 Generic UNIX
18 Compaq Tru64 UNIX
9 AIX
7 HPUX HP
4 Digital UNIX DG
3 OpenBSD
2 NetBSD
1 PowerBSD
1 Digital OSF1
1153 UNIX & Like total
3457 UNIXs & Linux
8865 Total Windows and all UNIX
Other
2 Mac OS
1 Netware
63 unidentified -
Re:Open source-ing Open Source Licenses?
-
Re:Good Article but a question or 2
-
Re:Good Article but a question or 2
-
OpenBSD
I use an old P133 (overkill, I know) running OBSD as my firewall/gateway/ntp server/dhcp server. I could have gone out and spent money on a nice compact unit, but I like the fact that I can upgrade my OS, tweak my filters and above all: learn more about OBSD, networking and OS hardening.