Slashdot Mirror


Reflecting on Linux Security in 2003

LogError writes "Here's a look at some interesting happenings with Linux security in 2003 with comments by Bob Toxen (one of the 162 recognized developers of Berkeley UNIX and author of "Real World Linux Security") and Marcel Gagne (President of Salmar Consulting, Inc. and author of "Linux System Administration - A User's Guide" and "Moving to Linux")."

6 of 167 comments (clear)

  1. security by Anonymous Coward · · Score: -1, Troll

    Euros -

    In the spirit of the season, do us all a favour and leave. You don't like us, and we sure as fuck don't like you.

    Slashdot - by Americans, for Americans.

  2. Head, meet Sand by t0ny · · Score: -1, Troll
    From the looks of things, they still have a while to go. IMO, Linux people talking about security is like that saying about people who live in glass houses.

    Who was it at MS who basically made that statement that regarding security, they ALL suck? What Linux really needs is somebody to tell their community the same thing, instead of continuing to burry their heads in the sand.

    --

    Manipulate the moderator system! Mod someone as "overrated" today.

    1. Re:Head, meet Sand by divide+overflow · · Score: 1, Troll

      > Apparently you missed that story last month regarding the hack which exploited a Kernel bug. This effected ALL distros, since it was a kernel exploit.

      No, I *didn't* miss it. I'm on the BugTraq mailing list.

      >Also, the page for Windows doesnt just list OS components either. So, as far as security tracker goes, it IS apples to apples.

      Without a direct comparison of the number of exploits for code that comes with the OS for both systems your statement is speculative at best.

      >One can also argue that IIS is not really a Windows component, since it is an optional service.

      Baloney. IIS comes on every Windows CD-ROM and is used by lots of Microsoft apps. And there's plenty of bugs that cross boundaries thanks to Microsoft's blurring the distinction between OS and application...like that WebDAV bug in ntdll.dll that was exploitable via IIS.

      >But thats the way they organize their site. If you dont like it, talk to Security Tracker; Im sure they would be happy to hear from you!

      Don't blame Security Tracker for the deficiencies in your analysis!

  3. Here's a short abstract for those too lazy to RTFA by azaris · · Score: -1, Troll

    "Reflecting On Linux Security In 2003

    How about that unsecure Windows huh? What a piece of crap innit? I get virus-related spam all the time and I read in the newspaper that Windows-machines are really vulnerable so I can't imagine why anyone in their right mind would run one.

    I've never had a security incident so Linux must be 100% secure. I hear even MS themselves have gotten hacked, how's that for bad publicity? You'd never see that happen to people like the FSF, Debian or Gentoo. I say we should ban all MS software and move to using OSS on Linux. Then we could all stop patching our systems since they'd be secure forever. Think of all the money and effort we'd save!"

  4. And one for those too STUPID to accept the truth by Anonymous Coward · · Score: -1, Troll

    STFU!

  5. Re:Nice idea (?) by Anonymous Coward · · Score: 0, Troll

    > Mmm, your close. More correct would be:

    Once again:

    Your == possessive form of 'you'
    You're == YOU ARE

    You STUPID, fucking, illiterate American. :p