Slashdot Mirror

but the fact remains... Windows/Microsoft has been playing catch-up in security where Linux has been leading over the last decade.

So where are those facts?

Because they way I look at it there has been several embarrasing, high-profile successful attacks on Linux servers over the past few years:

Debian server compromised: http://www.zdnet.com/debian-se...
Ubuntu servers compromised: http://www.theregister.co.uk/2...
kernel.org compromised: http://lwn.net/Articles/457142... (we're still waiting for the post morten on that)
linuxfoundation.org and linux.com compromised: http://thehackernews.com/2011/...
red hat and fedora servers compromised: http://www.cnet.com/news/red-h...

(and we do not even mention the OpenSSL fiasco)

So where are the widespread Windows Server compromises?

Hmm... That's not what I heard.

But... but... but.... it'z teh LINUXXXXXX!!!!!111!!!!!

Whatever the actual intent, this redesign will do nothing other than accelerate the exodus to hacker news/reddit.

Do you mean thehackernews.com? I don't see how that layout is any better than the new /. layout. I like whitespace, but here it is waste.

The SEA hacked Outbrain, which is a content provider. CNN, WP, NY Times, all use this companies software to recommend stories to readers.

http://thehackernews.com/2013/08/Outbrain-hacked-Syrian-Electronic-Army.html

http://techblog.outbrain.com/2013/08/update-outbrain-security-breach/

That was just the payload, that with the appropiate sources could vary. Bricking your laptop could be the less harmful thing it could do, you will still be free and have money in the bank to buy another.

Here's an article I found (by clicking through a few times from TFA). For those who don't want to read:

However according to PayPal’s head of PR, they claim to be investigating the alleged hack, but so far they have stated that they are unable to validate any evidence that there has been a security breach which we can only take to be a good thing.

They also say 28,000 accounts, which means the odds of an individual being hacked are very very low (considering there are over 110 million users). Even still, it's a good idea to change your password, at least.

Think again http://thehackernews.com/2011/10/malware-for-xbox-kinect-created-by-15.html

Exactly how Java ends up executing the malicious code isn't really relevant to end users. I don't have any parts of Java installed because I don't trust that it's going to be secure. I don't care enough about Java to go digging through the individual bits and pieces to identify which things are safer to install. It doesn't matter to me whether the DT is at fault, or the JRE, or J2EE or JDK or whatever else, I don't care. What I care about is avoiding infections, and since Java plays a part in 37% of infections, I'm not going to install any of it.

Well, since browsers are responsible for 100% of the infections listed, I expect you don't have them installed, either? And since Windows was also 100% responsible for infections, you don't have that either? For that matter, what are you doing on the internet? It is responsible for 100% of those infections!!!

Given malicious code, I propose that executing it is as dangerous whether it's Java, C, or even JavaScript.

There's obviously a major difference there. My browser isn't going to happily download and execute a C application because some web page convinced it to.

I think you may need to revisit your assumptions.

Right, that's why I don't feel like I'm missing anything and, due to the fact that the Java ecosystem is the vector for so many infections, I don't see any reason why anyone should have it installed unless they need it for a specific part of their job.

Again, Java isn't the vector, it's the browser/plugin aspect that is. That's like blaming C for being a vector because windows is largely written with it. The JRE, in and of itself, is no more insecure than anything else your CPU executes. If you enable pieces that allow outside access and code execution, then there is much greater potential for problems. This is an apt comparison, as the JRE's primary purpose is to run specific java code, not random snippets from the web, at least for everything I'm involved in.

My employer disagrees:

http://thehackernews.com/ has been blocked. Reason: The category of Hacking has been blocked by your System Administrator

InMotionHosting offers tons of disk space for a very low price.
I and other people who used to use them highly do not recommend them
Start with these : http://blog.sucuri.net/2011/09/mass-compromise-at-inmotionhosting-com.html
http://thehackernews.com/2011/09/inmotion-hosting-server-and-trinity-fm.html

They messed up the cleanup, damaging sites that had already cleaned up by themselves.

Last but not least: http://www.windows8update.com/2011/11/17/top-10-reasons-that-i-dont-use-inmotion-hosting-for-my-website-and-business/

RefRef is the new LOIC, interesting write-up here, confirmed accurate by @AnonCMD.

Is this what took down Wikileaks?

well if you see all the recent hacks which leaked complete user databases. If the passwords were not in the clear, many were simple md5 hashes without salt.
That was even the case for a high profile site like rootkit.com
http://www.thehackernews.com/2011/02/rootkitcom-database-leaked-by-anonymous.html

They already have one set of suspects from a single IP address :

These were the IP addresses that sent the largest number of packets. Packets coming from Anonymous contained strings like "wikileaks," "goof," and "goodnight". The affidavit was offered in support of a search warrant for the home of an Arlington, Texas couple and their son. They have not been charged yet, but the house was the source of 3,678 packets in about two-and-a-half hours.

From the original source:

Yesterday , we have reported that On 5th May, 2011 - Sony BGM's Greek website was also got hacked. One of Them Provided the Full extract database from the site. b4d_vipera was the hacker who Deface the site using SQL injection method. There are 8385 users on this website. Sample of hacked Database was leaked at http://pastebin.com/WqLysjiN. This was 7th Attack on Sony.