You have to take into account OpenBSD has privsep, stack protection, W^X memory, and a myriad of other security features not present in most other *nix systems.
Taken together, a large chunck of potential remote exploits become much less serious problems because the exploit isn't capable of root'ing an OpenBSD box. Sure, a DoS vulnerability is nothing to sneeze at, but it sure beats getting rooted. Same vulnerability will that will root a linux box, will often only annoy the living hell out of an Open box, and you'll still see a patch faster for OpenBSD.
Re:never-been-rooted claims getting sillier
on
OpenBSD 3.5 Released
·
· Score: 4, Insightful
1. They only count the remote ones in that exact statement, they fix all the bugs they find, and critical bugs have been few and far between. 2. The stock install comes with apache, an ftp server, X, and routing software. 3. No, every recent DoS attack that has effected obsd has been fixed. I would hardly call, same day patches as "ignoring".
I use windows exlusively as a toy, and as a consequence, my first ten, if I even get to ten, looks like this:
1. Starcraft 2. Broodwar 3. Unreal Tourney 4. Neverwinter Nights (wait, I just remembered this runs in linux very well, guess I'll go switch over.) 5. Sid Meijer's Planatary Pack(sadly, the linux version doesn't seem ot like newer version's of glibc, and I cannot play it over the network in linux anymore) the rest is whatever game I feel like playing at the time. The above are always installed.
On a unix machine for serious work, the universal constant's are: 1. vim 2. ettercap 3. nmap 4. bash2 5. curl 6. ntp 7. bzip2 anything the stock install didn't include: gmake, autoconf, etc.....
If I knew where you lived, I'd set a flaming bag of dogshit on your front porch, soup your screens, egg your siding, sugar your gastank, and get your isp to resolve all http requests to tubgirl.com.
I hope you like your money, I don't care how legit you think you are, bulk email sent to me and my customers eats my bandwidth and costs me money. You outta be paying me to mail them your crap. I don't wanna hear how opt in it is, because 99% of the time, the opt in check box is so well hidden, users have no idea they even signed up for it.
I think I speak for every legitimate email server admin when I say, "Eat a dick."
Yeah, except it still costs the recipient network money. Bandwidth is not cheap, and I am not happy about how much of my DS3 is saturated by spam that i do not want, nor do any of my customers want.
Yes, and I pay to see a movie in a theater. When you speak on your phone so that I can no longer hear the movie, you are robbing from me. I own a cell phone, I use it for business, however I do indeed hate it. And there are some situations where cell phones are just outright rude. Despite the fact that I can't use one all the time, the idea of a jammer I can employ in theaters and other situations where cell phones just should be turned off, or set to silent, and not answered, does appeal to me.
Don't even get me started on your free use of your paid for service in the car, then your robbing me of safety on the highway. I don't care what you say, you CAN'T drive and talk at the same bloody time. No matter how good you think you are at it.
Wow, I have just lost a lot of respect for Les Mis. I go to see a show such as les mis to expiriance the talent that goes into performing it, the stage performers, the musiciansa, hell, even the ingenious nature of the stage crew entertains me. I do not go to shows to hear a computer reguritate the same shit each time.
I guess I won't be seeing/hearing les mis anymore.
The rest of the list basically says, "We couldn't compete with IBM, Red Hat and SuSE in the Linux market, so it must suck, use our crap instead! (or we'll sue you!)"
I seem to remember something about a big pile of tomatoes at the last NANOG meeting in Chicago, where Verisign defended sitefinder to a very hostile crowd of network admins. Was to be a symbolic gesture of our disdain for the system. What part of, "We don't like sitefinder, it breaks DNS standards, we think it sucks, and you need to die, or at least spend several weeks in a bed with tubes sticking out of you," did they not understand?
Yeah, electronic textbooks are a good idea, so you have to buy an e-book, a pricy initial investment. You rent your textbooks for the semester, rather than buy them, a problem for those of us who a) hate renting things and b) actually find some of our former textbooks a useful addition to their home library. Have fun after the end of the semester that you catch mono and miss the last 3 weeks of class and are granted incompletes to finish up over christmas, but fuck you, your textbook has expired, and you must rent it again.
Oh, and don't get caught loaning your e-book to a friend, that's copyright infringement that leaves a digital trail.
Then there is my whole distate for books on a screen, I like the feel of a book, sue me. Searchable text may be handy for some, but its bad for college students who never read their books as is.
Fact of the matter, textbooks are overpriced, just like gas is, they can do so because they have a captive audience. Fuck them.
Quite honestly postal spam bothers me more than email, since I have to physically dispose of it all...
Yeah, but at least postal spam costs the sender money, email spam costs your ISP bandwidth, and despite what anyone will tell you, bandwidth is NOT cheap.
While I agree with your point, I shall add a few of my own personal problems.
Debian. Yeah, your right, stable is too old. If you crave super ridiculous reliability, many of the other distro's offer it as well, and they have up to date modern software. Mozilla 1.6 just arrived, so that means Debian stable has 1.1 in its tree now? Right? And remember, FreebSd runs modern software, and is rock solid, and its a dying OS! </sarcasm>
Slackware's biggest problem for me is that it doesn't have a great way to keep it up to date with security fixes and bug fixes and whatnot. Sure, managing one machine, or a handful of machines can be done, but it doesn't scale well to a room full of two hundred boxes that must have the latest and greatest security measures and patches installed. It just requires too much hand holding in that department. I love the control afforded by slackware, but OpenBSD gives me control, and is very easy to keep patched and up to date. But its in the design philosophy of obsd, guess the slack team doesn't care as much.
The value of gentoo hasn't ever been very clear to me. people who think that by recompiling their software fully, that they somehow unlock the "super secret spider climb" instruction (inside joke, sorry) are dreaming. The machines that could notice a tiny benifet are too slow to compile it in any real world enviroment, and the machines that are fast enough to compile it, "WHO THE HELL CARES?"
SuSE has a special place in my heart, the shotgun approach to distro's. We bundle every software package ever concieved on out new 8000 CD set! I could find and download most software off the net faster than it would be to find it on a SuSE CD set. Only distro I know of that now comes on a DVD, and of course, fills the entire DVD.
Mandrake, isn't this one French? Nuff said. But no seriously, I am a do it your selfer. Convienience yes, control yes, a distro that treats me like I am four, no. We have a distro that does that, its called Windows XP. Mandrake doesn't interest me in the slightest.
Except that I'd be more afraid of some Marine vets from WWII seeing the current NetBSD logo. Its not the devils that would bother most people, but the fact that the action of raising the flag in the manner depicted is reminiscent of the flag raising on Mount Surabachi(spell?) during the Battle of Iwo Jima. Not only was it one of the bloodiest battles of the war, but many marines consider that pose as the embodiment of the Corp's finest hour. From what I know of the USMC, devils or not, no logo in any form should take any inspiration, for any reason, from this now famous picture and statue. As far as any marine is concerned, this would be sacrilage. I should know, I grew up with one.
yeah, I noticed the name attached to the story after I posted this, and seriously started looking for an answer to my "wtf?" Not being an OSnews reader, I had no idea.
And seriously, my parents and I missed all those very important conversations.
Classically, its used to bust passwords on large multiuser systems or networks with poor defenses against this form of attack. But spammers have been known, as evidenced by my mail server's logs, to just try a bunch of a) common or b) likely names attached toany domain they can discover.
If you have webmaster, hostmaster, operator, or any other common name, it'll get spam eventually. also, domain@domain.com tends to get a lot fo spam too, and any variants of it will probably be guesed quickly as well.
And remember, its your bandwidth that they waste when they dictionary attack your mail server, you'll never see a dime from them, but its STILL FUCKING LEGAL to send spam.
1. If you need a pop up blocker, here's a very easy one, DON'T USE INTERNET EXPLORER. Aside from the fact that Mozilla/Firebird can already do this, you'll have lot fewer problems with exploits installing spyware and trojans. Besides, Firebird is simply put, a better browser.
2. Outlook will keep virus'es in check eh? How, by doing what every other email client does, and not auto opening attachments as a default mode of operation? Outlook is like IE as far as windows stock software is concerned, it should be replaced by ANYTHING else. You can keep virus's in check by simply not using Outlook. Use Eudora, or Thunderbird, or fuck, use pine for christ sake! Amazing how that works isn't it?
3. THIS IS NOT WHAT A FIREWALL DOES. If you think a firewall blocks spyware, then you are flat out wrong, and misinformed on the concept of a firewall. Again, we address the issue of spyware and virus's, which can easily be stopped by not using IE, or Outlook, and if your real serious about computer security. Take your computer, box it up, return it, and go buy one that doesn't come with MS windows on it. The only thing a firewall is going to protect an end user from is script kiddies hijacking their RPC server, which is probably the single most pathetic part of the windows platform. But wait, even the seriously pathetic firewall that comes with windows now can do some basic filtering on it.
Sorry if I came accross as rude, but uninformed people, or people who refuse to be informed because its too hard to make a switch, drive me nutty. Try out some software that didn't come pre-installed with your PC sometime, you might be very surprised how shitty computers DON'T have to be.
See my previous comment to another reply for more, if you care. But sorry, I was a bit vague in what I was complaining was legal. I was actually stating that I was surprised that despite my claims of spam being a theft of service by definition, and my accusation of spammers actively hijacking PC's for use as mail relays, that spam itself is still legal.
But yes, hijacking pc's is very illegal, but try pinning it on a spammer. Without restating myself too much, spammers can easily just say that they happened upon this so-called "open relay" and they thought it was available for public use. Who knew it was an infected windows xp box, its not like windows has the best logging facility ever, and they probably wiped any logs that did exist. You try proving that the spammer had any connection to the machine BEFORE it turned out to be an open relay, and prove that it is an open relay as a direct result of him.
Which is exactly why it still happens, try to pin it on a spammer, its rough. The act of hijacking a PC is not legal, I was bitching that spam itself is still legal. Maybe I should have clarified that, as I am a bit guilty of ambiguity. PC hijacking is certainely illegal, the fact that it is hard to pin on a spammer is the problem.
Plausable deniability is basically why it works still. Spammers are known to be guilty of scouring the net for open relays, they found these open relays, and used them, you try to prove that they.... sort of helped them along in becomming open relays. Its like a shipwreck salvager who starts finding it profitable to start creating shipwrecks himself, and them "salvaging them."
I still say, despite this, that spam itself is a theft of services on the victum's ISP and should be illegal because of that.
You are quiet correct, as a sysadmin, I know full well just how much money spam costs, and a big chunck of it is not paid for by the spammer. Its paid for by the network that has to pay for the bandwidth that is used to deliver the crap the spammer sends to me, intended for my customers that don't even want the f'ing shit. I have to pay so a spammer can choke my mail server full of crap that will just get deleted. I have to pay for the spammers that employ dictionary attacks to get spam through to any user they can find. Its my bandwidth that suffers so that they can bombard just a few dozen more people with their nonsense ads that no one wants to see. I didn't ask for it, nor did my customers, why the fuck should I have to pay for it then?
And if that is not enough, I can assure you, a great deal of spam is comming in from windows systems that have been infected with some exploit and turned into mail relays. Real Time Blacklists have been a lot less effective over the past few weeks due to spam comming from dsl and cable lines now with a new vigor. Its not just a couple comming from an owned pc, its a couple hundred.
And yet, its still fucking legal! Explain it to me God, explain it to me, I want it explained, Jesus!!!!!!
I'm a bit late to this discussion, but I don't see it, so its worth a mention. Absolute OpenBSD is an excellent read for beginers and intermediates to the system, and a handy reference to everyone. Not a super great read, but certainely worth looking at.
I came down with that nasty new flu that came out this year, ya know, the one that supposedly kills people, and makes my mother sick with worry. For christmas, I was under orders from my doc to drink plenty of fluids, take tons of pills, this groovy cough syrup, and get plenty of rest. Oh, and above all else, avoid other people like the plague. So, I missed the christmas party at work.....
So, given that I fucking hate christmas, today has rocked! I got my laptop, I'm high as a kite, and I am watching buffy the vampire slayer!
Slashdot Mirror
You have to take into account OpenBSD has privsep, stack protection, W^X memory, and a myriad of other security features not present in most other *nix systems.
Taken together, a large chunck of potential remote exploits become much less serious problems because the exploit isn't capable of root'ing an OpenBSD box. Sure, a DoS vulnerability is nothing to sneeze at, but it sure beats getting rooted. Same vulnerability will that will root a linux box, will often only annoy the living hell out of an Open box, and you'll still see a patch faster for OpenBSD.
1. They only count the remote ones in that exact statement, they fix all the bugs they find, and critical bugs have been few and far between.
2. The stock install comes with apache, an ftp server, X, and routing software.
3. No, every recent DoS attack that has effected obsd has been fixed. I would hardly call, same day patches as "ignoring".
I use windows exlusively as a toy, and as a consequence, my first ten, if I even get to ten, looks like this:
1. Starcraft
2. Broodwar
3. Unreal Tourney
4. Neverwinter Nights (wait, I just remembered this runs in linux very well, guess I'll go switch over.)
5. Sid Meijer's Planatary Pack(sadly, the linux version doesn't seem ot like newer version's of glibc, and I cannot play it over the network in linux anymore)
the rest is whatever game I feel like playing at the time. The above are always installed.
On a unix machine for serious work, the universal constant's are:
1. vim
2. ettercap
3. nmap
4. bash2
5. curl
6. ntp
7. bzip2
anything the stock install didn't include: gmake, autoconf, etc.....
I'm a commercial bulk emailer.
If I knew where you lived, I'd set a flaming bag of dogshit on your front porch, soup your screens, egg your siding, sugar your gastank, and get your isp to resolve all http requests to tubgirl.com.
I hope you like your money, I don't care how legit you think you are, bulk email sent to me and my customers eats my bandwidth and costs me money. You outta be paying me to mail them your crap. I don't wanna hear how opt in it is, because 99% of the time, the opt in check box is so well hidden, users have no idea they even signed up for it.
I think I speak for every legitimate email server admin when I say, "Eat a dick."
Yeah, except it still costs the recipient network money. Bandwidth is not cheap, and I am not happy about how much of my DS3 is saturated by spam that i do not want, nor do any of my customers want.
Selling stuff or not, its a theft of services.
Yes, and I pay to see a movie in a theater. When you speak on your phone so that I can no longer hear the movie, you are robbing from me. I own a cell phone, I use it for business, however I do indeed hate it. And there are some situations where cell phones are just outright rude. Despite the fact that I can't use one all the time, the idea of a jammer I can employ in theaters and other situations where cell phones just should be turned off, or set to silent, and not answered, does appeal to me.
Don't even get me started on your free use of your paid for service in the car, then your robbing me of safety on the highway. I don't care what you say, you CAN'T drive and talk at the same bloody time. No matter how good you think you are at it.
Wow, I have just lost a lot of respect for Les Mis. I go to see a show such as les mis to expiriance the talent that goes into performing it, the stage performers, the musiciansa, hell, even the ingenious nature of the stage crew entertains me. I do not go to shows to hear a computer reguritate the same shit each time.
I guess I won't be seeing/hearing les mis anymore.
I say this as a computer geek, and a drummer.
The rest of the list basically says, "We couldn't compete with IBM, Red Hat and SuSE in the Linux market, so it must suck, use our crap instead! (or we'll sue you!)"
I seem to remember something about a big pile of tomatoes at the last NANOG meeting in Chicago, where Verisign defended sitefinder to a very hostile crowd of network admins. Was to be a symbolic gesture of our disdain for the system. What part of, "We don't like sitefinder, it breaks DNS standards, we think it sucks, and you need to die, or at least spend several weeks in a bed with tubes sticking out of you," did they not understand?
Yeah, electronic textbooks are a good idea, so you have to buy an e-book, a pricy initial investment. You rent your textbooks for the semester, rather than buy them, a problem for those of us who a) hate renting things and b) actually find some of our former textbooks a useful addition to their home library. Have fun after the end of the semester that you catch mono and miss the last 3 weeks of class and are granted incompletes to finish up over christmas, but fuck you, your textbook has expired, and you must rent it again.
Oh, and don't get caught loaning your e-book to a friend, that's copyright infringement that leaves a digital trail.
Then there is my whole distate for books on a screen, I like the feel of a book, sue me. Searchable text may be handy for some, but its bad for college students who never read their books as is.
Fact of the matter, textbooks are overpriced, just like gas is, they can do so because they have a captive audience. Fuck them.
Yeah, but at least postal spam costs the sender money, email spam costs your ISP bandwidth, and despite what anyone will tell you, bandwidth is NOT cheap.
While I agree with your point, I shall add a few of my own personal problems.
Debian. Yeah, your right, stable is too old. If you crave super ridiculous reliability, many of the other distro's offer it as well, and they have up to date modern software. Mozilla 1.6 just arrived, so that means Debian stable has 1.1 in its tree now? Right? And remember, FreebSd runs modern software, and is rock solid, and its a dying OS! </sarcasm>
Slackware's biggest problem for me is that it doesn't have a great way to keep it up to date with security fixes and bug fixes and whatnot. Sure, managing one machine, or a handful of machines can be done, but it doesn't scale well to a room full of two hundred boxes that must have the latest and greatest security measures and patches installed. It just requires too much hand holding in that department. I love the control afforded by slackware, but OpenBSD gives me control, and is very easy to keep patched and up to date. But its in the design philosophy of obsd, guess the slack team doesn't care as much.
The value of gentoo hasn't ever been very clear to me. people who think that by recompiling their software fully, that they somehow unlock the "super secret spider climb" instruction (inside joke, sorry) are dreaming. The machines that could notice a tiny benifet are too slow to compile it in any real world enviroment, and the machines that are fast enough to compile it, "WHO THE HELL CARES?"
SuSE has a special place in my heart, the shotgun approach to distro's. We bundle every software package ever concieved on out new 8000 CD set! I could find and download most software off the net faster than it would be to find it on a SuSE CD set. Only distro I know of that now comes on a DVD, and of course, fills the entire DVD.
Mandrake, isn't this one French? Nuff said. But no seriously, I am a do it your selfer. Convienience yes, control yes, a distro that treats me like I am four, no. We have a distro that does that, its called Windows XP. Mandrake doesn't interest me in the slightest.
Except that I'd be more afraid of some Marine vets from WWII seeing the current NetBSD logo. Its not the devils that would bother most people, but the fact that the action of raising the flag in the manner depicted is reminiscent of the flag raising on Mount Surabachi(spell?) during the Battle of Iwo Jima. Not only was it one of the bloodiest battles of the war, but many marines consider that pose as the embodiment of the Corp's finest hour. From what I know of the USMC, devils or not, no logo in any form should take any inspiration, for any reason, from this now famous picture and statue. As far as any marine is concerned, this would be sacrilage. I should know, I grew up with one.
Time for dinner, no time for spell check!
yeah, I noticed the name attached to the story after I posted this, and seriously started looking for an answer to my "wtf?" Not being an OSnews reader, I had no idea.
And seriously, my parents and I missed all those very important conversations.
Well, LART on me good sir, I stand corrected.
Maybe I should read into this more, but who is Eugenia, and what does sending him/her love have to do with saving my files?
Ever heard of a dictionary attack?
Classically, its used to bust passwords on large multiuser systems or networks with poor defenses against this form of attack. But spammers have been known, as evidenced by my mail server's logs, to just try a bunch of a) common or b) likely names attached toany domain they can discover.
If you have webmaster, hostmaster, operator, or any other common name, it'll get spam eventually. also, domain@domain.com tends to get a lot fo spam too, and any variants of it will probably be guesed quickly as well.
And remember, its your bandwidth that they waste when they dictionary attack your mail server, you'll never see a dime from them, but its STILL FUCKING LEGAL to send spam.
1. If you need a pop up blocker, here's a very easy one, DON'T USE INTERNET EXPLORER. Aside from the fact that Mozilla/Firebird can already do this, you'll have lot fewer problems with exploits installing spyware and trojans. Besides, Firebird is simply put, a better browser.
2. Outlook will keep virus'es in check eh? How, by doing what every other email client does, and not auto opening attachments as a default mode of operation? Outlook is like IE as far as windows stock software is concerned, it should be replaced by ANYTHING else. You can keep virus's in check by simply not using Outlook. Use Eudora, or Thunderbird, or fuck, use pine for christ sake! Amazing how that works isn't it?
3. THIS IS NOT WHAT A FIREWALL DOES. If you think a firewall blocks spyware, then you are flat out wrong, and misinformed on the concept of a firewall. Again, we address the issue of spyware and virus's, which can easily be stopped by not using IE, or Outlook, and if your real serious about computer security. Take your computer, box it up, return it, and go buy one that doesn't come with MS windows on it. The only thing a firewall is going to protect an end user from is script kiddies hijacking their RPC server, which is probably the single most pathetic part of the windows platform. But wait, even the seriously pathetic firewall that comes with windows now can do some basic filtering on it.
Sorry if I came accross as rude, but uninformed people, or people who refuse to be informed because its too hard to make a switch, drive me nutty. Try out some software that didn't come pre-installed with your PC sometime, you might be very surprised how shitty computers DON'T have to be.
See my previous comment to another reply for more, if you care. But sorry, I was a bit vague in what I was complaining was legal. I was actually stating that I was surprised that despite my claims of spam being a theft of service by definition, and my accusation of spammers actively hijacking PC's for use as mail relays, that spam itself is still legal.
But yes, hijacking pc's is very illegal, but try pinning it on a spammer. Without restating myself too much, spammers can easily just say that they happened upon this so-called "open relay" and they thought it was available for public use. Who knew it was an infected windows xp box, its not like windows has the best logging facility ever, and they probably wiped any logs that did exist. You try proving that the spammer had any connection to the machine BEFORE it turned out to be an open relay, and prove that it is an open relay as a direct result of him.
Which is exactly why it still happens, try to pin it on a spammer, its rough. The act of hijacking a PC is not legal, I was bitching that spam itself is still legal. Maybe I should have clarified that, as I am a bit guilty of ambiguity. PC hijacking is certainely illegal, the fact that it is hard to pin on a spammer is the problem.
Plausable deniability is basically why it works still. Spammers are known to be guilty of scouring the net for open relays, they found these open relays, and used them, you try to prove that they.... sort of helped them along in becomming open relays. Its like a shipwreck salvager who starts finding it profitable to start creating shipwrecks himself, and them "salvaging them."
I still say, despite this, that spam itself is a theft of services on the victum's ISP and should be illegal because of that.
You are quiet correct, as a sysadmin, I know full well just how much money spam costs, and a big chunck of it is not paid for by the spammer. Its paid for by the network that has to pay for the bandwidth that is used to deliver the crap the spammer sends to me, intended for my customers that don't even want the f'ing shit. I have to pay so a spammer can choke my mail server full of crap that will just get deleted. I have to pay for the spammers that employ dictionary attacks to get spam through to any user they can find. Its my bandwidth that suffers so that they can bombard just a few dozen more people with their nonsense ads that no one wants to see. I didn't ask for it, nor did my customers, why the fuck should I have to pay for it then?
And if that is not enough, I can assure you, a great deal of spam is comming in from windows systems that have been infected with some exploit and turned into mail relays. Real Time Blacklists have been a lot less effective over the past few weeks due to spam comming from dsl and cable lines now with a new vigor. Its not just a couple comming from an owned pc, its a couple hundred.
And yet, its still fucking legal! Explain it to me God, explain it to me, I want it explained, Jesus!!!!!!
No, Windows is just another Typhoid Mary, may as well be a virus, with all the herpegonasyphylaids it spreads around.
reverse defenestration would be throwing something in through a window, I think maybe you want inverse defenestration.
I'm a bit late to this discussion, but I don't see it, so its worth a mention. Absolute OpenBSD is an excellent read for beginers and intermediates to the system, and a handy reference to everyone. Not a super great read, but certainely worth looking at.
I came down with that nasty new flu that came out this year, ya know, the one that supposedly kills people, and makes my mother sick with worry. For christmas, I was under orders from my doc to drink plenty of fluids, take tons of pills, this groovy cough syrup, and get plenty of rest. Oh, and above all else, avoid other people like the plague. So, I missed the christmas party at work.....
So, given that I fucking hate christmas, today has rocked! I got my laptop, I'm high as a kite, and I am watching buffy the vampire slayer!