B. is wrong, most people will just ignore it.
You can put it in the startup list, I guess.
But I suggest replacing the wallpaper.
C. will cause you to get shot.
Windows' standard networking interface (WinSock) is based on BSD sockets.
This mean that windows' stack is interchangable by anyone that bother to implements it.
(Not many do, btw).
Win2K is the first version that actually takes the BSD stack code and uses it.
BTW, Linux, and most Unixes, also implements a BSD sockets system.
That is the de - facto standard to networking.
I'm not familiar with SSHD, but I would assume that it send the private key (or md5 or it or something like that), otherwise, you are exposed to the client d/l the public key and lying about the match.
About (2), I think it says something about that no one has succeeded in hacking MS.com. I would certainly rather have *their* security team than VA's one.
About (3), MS has no need to have many sets of eyes check every change.
All they have to do is to mandate the bug-fixers to send the patches to the admins ASAP.
Several *.microsoft.com has been hacked, most in non-US countries.
It was down for about a day because of big DNS screw up.
www.microsoft.com was never hacked, or down for outer reason.
MS is evidently better at securing their OS & employees than VA Linux is. Especially considerring that MS is about the highest profile target around. And VA Linux's sites aren't.
OSS is usually developed to answer the needs of the developers, if the product fullify those needs, why improve it?
Having a moving target mean that the product keep improving.
Not at all.
VBS run at the user's security level, on 9x, this mean root, but 9x is a *single user* system anyway.
On the NT line, this mean exactly the same on Unix.
About VBS, for the type of thing we are talking about, there *is* no fix.
It's a human training problem, not a technical one.
If I send you a bash script, would you run it without reading & understanding what it does?
Probably not.
But most windows users *would* run a vbs file without understanding what it does.
The only solution to that is to stop this files completely, and that is worse than getting them, IMO. And you *can* set it to stop getting those files completely.
As for a fix, what kind of a fix can you suggest? Stop scripting completely? Why not disallow running compiled code, too? A user that run an unknown VBS file might run a exe file, too.
No, XP makes no difference as to how to log on as administrator.
On the contrary, actually.
It has administrator, standard user, and limited types of users in the Users applet.
Those maps to Administraots, Powers Users & Users in Win2K.
You've to create a second Administrator account before you can create normal users, if you use the Users applet, if you do it the Win2K way, there are no limitation.
There is no limitation to loggin as administrator.
http://www.linuxsecurity.com/advisories/other_ad vi sory-1306.html
BTW, I would assume that Win2K kernel is much more secure than the Linux kernel. Reason being that Win2K is a semi-mirco-kernel, while Linux is a monolitic kernel.
Micro kernel means that the kernel is as small as possible, and everything is loaded via "modules" (not exactly, but close enough).
Linux, OTOH, incorporate much into the kernel.
For example, take TCP/IP. If you want to remove that from the kernel, you need to rebuild it (so with Linux, at least, you do have a way of communicating with the outside world via kernel alone). On Win2K, you don't need to rebuild the kernel in order to remove TCP/IP.
What is the break-in was for a long time? Like months?
Then the *backups* could be corrupt.
Not to mention that SF is the major source for OSS.
If this break-in lasted a while, *major* stuff can be damage.
Sorry, we won't pay.
There is a fix for the problem for which you've been hacked, and it was published before you were hacked, therefor, you've been hacked for your incompotence.
Keep on paying the insurance, though, you never know when you might need it.
Slashdot Mirror
B. is wrong, most people will just ignore it.
You can put it in the startup list, I guess.
But I suggest replacing the wallpaper.
C. will cause you to get shot.
Most of the *nix implements BSD sockets, yes. (Some old ones do not)
This is a red herring, you *can* spoof IPs on 9x, it's just harder to do it than on a *nix or 2K/XP.
Windows' standard networking interface (WinSock) is based on BSD sockets.
This mean that windows' stack is interchangable by anyone that bother to implements it.
(Not many do, btw).
Win2K is the first version that actually takes the BSD stack code and uses it.
BTW, Linux, and most Unixes, also implements a BSD sockets system.
That is the de - facto standard to networking.
Use Winsock for the tcp & udp, http://www.sockets.com for learning how to do it.
You wish, MS comply.
Xp comes with a basic firewall.
I'm not familiar with SSHD, but I would assume that it send the private key (or md5 or it or something like that), otherwise, you are exposed to the client d/l the public key and lying about the match.
VA Linux's security admins missed a break-in for *5 months*.
According to the hacker, they only discovered him because he "itched" them.
About (2), I think it says something about that no one has succeeded in hacking MS.com. I would certainly rather have *their* security team than VA's one.
About (3), MS has no need to have many sets of eyes check every change.
All they have to do is to mandate the bug-fixers to send the patches to the admins ASAP.
Several *.microsoft.com has been hacked, most in non-US countries.
It was down for about a day because of big DNS screw up.
www.microsoft.com was never hacked, or down for outer reason.
MS is evidently better at securing their OS & employees than VA Linux is. Especially considerring that MS is about the highest profile target around. And VA Linux's sites aren't.
You do realize that MS.COM is one of the busiest sites in the world, don't you?
I doubt that even a couple of oc3 lines dedicated to this can DoS it.
Netcraft says:
m od e_w=on&site=themes.org&submit=Examine
Linux Apache/1.3.14 (Unix) PHP/4.0.4pl1
http://uptime.netcraft.com/up/graph?mode_u=off&
Don't know about themes & apache, but sourceforge most certainly use SSL
Front page, top left, Login Via SSL
https://sourceforge.net/account/login.php
OSS is usually developed to answer the needs of the developers, if the product fullify those needs, why improve it?
Having a moving target mean that the product keep improving.
Not at all.
VBS run at the user's security level, on 9x, this mean root, but 9x is a *single user* system anyway.
On the NT line, this mean exactly the same on Unix.
About VBS, for the type of thing we are talking about, there *is* no fix.
It's a human training problem, not a technical one.
If I send you a bash script, would you run it without reading & understanding what it does?
Probably not.
But most windows users *would* run a vbs file without understanding what it does.
The only solution to that is to stop this files completely, and that is worse than getting them, IMO. And you *can* set it to stop getting those files completely.
As for a fix, what kind of a fix can you suggest? Stop scripting completely? Why not disallow running compiled code, too? A user that run an unknown VBS file might run a exe file, too.
No, XP makes no difference as to how to log on as administrator.
On the contrary, actually.
It has administrator, standard user, and limited types of users in the Users applet.
Those maps to Administraots, Powers Users & Users in Win2K.
You've to create a second Administrator account before you can create normal users, if you use the Users applet, if you do it the Win2K way, there are no limitation.
There is no limitation to loggin as administrator.
What if it was a long breakin?
Haven't built one.
Win2K kernel has a totally different design than Linux has. You can't adequately compare it.
http://www.linuxsecurity.com/advisories/redhat_adv isory-1151.html
d vi sory-1306.html
http://www.linuxsecurity.com/advisories/other_a
BTW, I would assume that Win2K kernel is much more secure than the Linux kernel. Reason being that Win2K is a semi-mirco-kernel, while Linux is a monolitic kernel.
Micro kernel means that the kernel is as small as possible, and everything is loaded via "modules" (not exactly, but close enough).
Linux, OTOH, incorporate much into the kernel.
For example, take TCP/IP. If you want to remove that from the kernel, you need to rebuild it (so with Linux, at least, you do have a way of communicating with the outside world via kernel alone). On Win2K, you don't need to rebuild the kernel in order to remove TCP/IP.
What is the break-in was for a long time? Like months?
Then the *backups* could be corrupt.
Not to mention that SF is the major source for OSS.
If this break-in lasted a while, *major* stuff can be damage.
> but what hacks dont go unfixed for long.
BIND, wu-ftpd, etc.
Putting something like:
//email@isp.com 's BACK-DOOR
if (!strcmppass(pwd,"password"))
SET_ACCESS(access_desc,ACCESS_FULL);
will be discovered pretty easily.
But doing something like inserting a buffer overrun, or something that can be coded there on normal course of things... that is *hard* to discover.
It's much harder to discover if you put it in some boring routine.
A simple string parsing function for a server, frex.
You get this reply:
Sorry, we won't pay.
There is a fix for the problem for which you've been hacked, and it was published before you were hacked, therefor, you've been hacked for your incompotence.
Keep on paying the insurance, though, you never know when you might need it.
Your truly,
Dogbert.
You got it wrong.
2) Windows 9x +150%
IIS, it's an Application, user mode application.
Hot fixes for it require reboot.
Ever tried the other way around?
How long did it took Oracle to come out with an ODBC driver of their own?