Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Through Obsolescence

Posted by Hemos on from the security-through-elderly dept.

dlur writes "This article and this article (both variations of the same article written by roblimo) delve past security through obscurity, into using old, out of date software to secure a site. Maybe it's not always in your best interest to snag the latest kernel? Perhaps think twice before jumping at the chance to buy MS's latest OS."

12 of 263 comments (clear)

  1. This is great! by Rantastic · · Score: 5, Funny

    No one can break into my house because I have a moat and a drawbridge, and a dragon behind the door. Old, but effective.

    --
    Ask Slashdot: Where bad ideas meet poor googling skills.
    1. Re:This is great! by Rantastic · · Score: 3, Funny

      As you glide in, guns blazing, your last thought, as your body is charred by dragon flame, is that you should have remebered that dragons (at least good ones) have thick armoured scales.

      I wonder if there is something useful I can do with metal lump that is left from the frame of your melted hang-glider. Perhaps I can setup an old AIX server to hand out some simple web pages...

      --
      Ask Slashdot: Where bad ideas meet poor googling skills.
    2. Re:This is great! by sharkey · · Score: 3, Funny

      the dragon is enchanted

      Silver .50BMG, of course.

      --

      --
      "Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
    3. Re:This is great! by PaulBellini · · Score: 3, Funny

      Yeah, but have you ever tried to get a permit for a dragon? It's hell.

  2. Gopher by arson1 · · Score: 5, Funny

    Time to move my mp3 collection over to a gopher server :)

    --


    --
    Don't sweat the petty things, and don't pet the sweaty things.
  3. OMG! This is fantastic! by GMontag · · Score: 2, Funny

    Now I can dust off that old VAX in my livingroom and figure out how to load CP/M on it for my eStore!

    --
    Eve Fairbanks says I drive a hybrid!LOL
  4. Dammit, don't let the secret out! by allism · · Score: 3, Funny

    We ship DOS based and Windows based medical data collection software out of our shop, and we've had WAY fewer problems (one, to be exact, compared with over a dozen) with people hacking into our DOS stuff vs our Windows stuff, despite the fact that we have 50 times more DOS units in the field than Windows.

    Not to mention that the laptops we ship the DOS software on gets stolen a lot less frequently, since our DOS software will run on 286s...

    --
    Denver Isuzu Suzuki
  5. Serendipitous advertisement by LearningWell · · Score: 2, Funny

    When I read the original article at newsforge, they served up an ad encouraging me to "Move to Apache 2.0" because "The More You Wait, The More You Lose". screenshot

  6. The guy with the C64 webserver was right by caveman · · Score: 2, Funny

    Just try and load your root-kit onto this machine. Whaddya mean ?OUT OF MEMORY AT LINE 10.
    Previously discussed on slashdot back here

  7. My new filing technique is unstoppable! by Junior+J.+Junior+III · · Score: 4, Funny

    No one can steal my data!

    I have no network. My backups are stored on 5 1/4" floppies.

    Not only can no one read these things, they'd need a truck convoy to haul them away. No way in hell they're sneaking past security with a motherfucking semi truck!

    --
    You see? You see? Your stupid minds! Stupid! Stupid!
  8. Re:Fort Knox; aka MS-DOS by NewtonsLaw · · Score: 5, Funny

    I remember researching firewall products and stumbled across one that ran on MS-DOS. According to the marketing hype, MS-DOS was the OS of choice

    Cool... just what everyone needs... a single-user, single-tasking firewall.

    Why not call it a brick-wall? :-)

  9. Re:What do you think you're doing? by Anonymous Coward · · Score: 1, Funny

    dcav and c3po, what the heck kind of a lame-ass flame war was that? I spend my valuable time following the thread of conversation, hoping for eloquent bashing of each other's lineage and what part of your anatomies were waved at the other's grannies, and that's the best you guys can do?!?!!?

    It's apparent from each of your posts that neither of you really grok the nitty gritty of what comprises an exploitable buffer overrun bug. It's failing to guarantee that a mechanism, usually a memory-copying loop, that writes to memory will stop before exceeding the bounds of the destination memory area. The bug is exploited by using it to tweak values of memory beyond what the code expects. If the destination memory happens to be locally allocated (variables of local scope rather than malloced, so they're on the stack) and conditions are just right, it may be possible to write arbitrary code into memory and tweak a return address to cause a return to jump into that code. It's got nothing to do with allocating too much memory, and having to code in tight spaces doesn't necessarily make a programmer less susceptable to making that mistake. In some cases, the only mistake that a programmer made was to have trusted a C library call.

    That's beside the point though. The real issue here was that there are a number of people - well, okay, maybe I'm the only one, but still - that spent their valuable time following this thread desperately hoping for a litany of lobster-faced steam-out-the-ear expletives, and you two were disappointingly mature. Next time, please slug down about five beers each before posting. You'll have more fun and I'll have more fun, and isn't that really what life is all about? :)