Network Security: Detailed info on RE: [Full-disclosure] What is wrong with schools these days?

Subject:	RE: [Full-disclosure] What is wrong with schools these days?
Date:	Tue, 25 Apr 2006 12:00:22 -0700

Subject:

RE: [Full-disclosure] What is wrong with schools these days?

Date:

Tue, 25 Apr 2006 12:00:22 -0700


You know, having made a few NTexploit lists in the past, I wanted to
make the point the M$ was less secure.  Unfortunately the facts were
against me.

Two IIS 6.0 vulnerabilities reported from 2003-2006 
http://secunia.com/product/1438/ 
Twenty-eight Apache 2.0 vulnerabilities reported from 2003-2006
http://secunia.com/product/73/

Paul is right.

I would never suggest a Windows admin use UNIX, or visa-versa.  A
product is only as secure as it's configured.

Bill Stout
www.greenborder.com


-----Original Message-----
From: full-disclosure-bounces@lists.grok.org.uk
[mailto:full-disclosure-bounces@lists.grok.org.uk] On Behalf Of Paul
Schmehl
Sent: Tuesday, April 25, 2006 10:27 AM
To: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] What is wrong with schools these days?

CrYpTiC MauleR wrote:

All you had to say was Microsoft =oP

That's hilarious.  The number one defaced website OS is Linux.  (See 
Zone-H.org if you don't believe me.)

The number one problem I have here is unix boxes.  You know why? 
Because a lot of open-source bozos run around claiming unix is more 
secure than Windows.  So a lot of clueless people think that, if they 
just set up a RedHat box, they won't have anything to worry about.

Ask them what that little red ball with the X in it is - you know - the 
one flashing up there in the taskbar- and they'll say I dunno.

No OS is secure by default.  No OS can remain secure if it's not 
properly configured and maintained.  Look at your box right now.  How 
many of you have inetd or xinetd running?  Why?  What services does it 
provide that you need?  Do you even know what chargen or rpc.statd is? 
If not, why are they running (if they are)?  How many of you have a 
workstation running with more than just ssh enabled and *no* firewall 
running?

You name the OS, and I can tell you of at least one incident of hacking.

  We haven't had a Windows box hacked in a long time.  The last five 
were two Macs and three RedHat boxes.  Does that mean Macs and RedHat 
are insecure?  NO!  It means, until the general public understands the 
problem and knows what the solution is, hacking will continue apace with

no sign of letting up.

The real problem is ignorance.

-- 
Paul Schmehl (pauls@utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [Full-disclosure] What is wrong with schools these days?, (continued) Re: [Full-disclosure] What is wrong with schools these days?, Paul Schmehl Re: [Full-disclosure] What is wrong with schools these days?, zap zoid Re: [Full-disclosure] What is wrong with schools these days?, Peter Besenbruch Re: [Full-disclosure] What is wrong with schools these days?, Valdis . Kletnieks Re: [Full-disclosure] What is wrong with schools these days?, CrYpTiC MauleR Re: [Full-disclosure] What is wrong with schools these days?, Dave Alanis Re: [Full-disclosure] What is wrong with schools these days?, ipatches Re: [Full-disclosure] What is wrong with schools these days?, CrYpTiC MauleR Re: [Full-disclosure] What is wrong with schools these days?, bart.lansing Re: [Full-disclosure] What is wrong with schools these days?, Bipin Gautam RE: [Full-disclosure] What is wrong with schools these days?, Bill Stout <= Re: [Full-disclosure] What is wrong with schools these days?, Michael Holstein Re: [Full-disclosure] What is wrong with schools these days?, Valdis . Kletnieks Re: [Full-disclosure] What is wrong with schools these days?, Paul Schmehl Re: [Full-disclosure] What is wrong with schools these days?, Valdis . Kletnieks Re: [Full-disclosure] What is wrong with schools these days?, bkfsec RE: [Full-disclosure] What is wrong with schools these days?, Bill Stout Re: [Full-disclosure] What is wrong with schools these days?, Dave Alanis Re: [Full-disclosure] What is wrong with schools these days?, CrYpTiC MauleR Re: [Full-disclosure] What is wrong with schools these days?, CrYpTiC MauleR

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	Re: [Full-disclosure] What is wrong with schools these days?, bart.lansing
Next by Date:	Re: [Full-disclosure] What is wrong with schools these days?, Bipin Gautam
Previous by Thread:	Re: [Full-disclosure] What is wrong with schools these days?, Bipin Gautam
Next by Thread:	Re: [Full-disclosure] What is wrong with schools these days?, Michael Holstein
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

Re: [Full-disclosure] What is wrong with schools these days?, bart.lansing

Next by Date:

Re: [Full-disclosure] What is wrong with schools these days?, Bipin Gautam

Previous by Thread:

Re: [Full-disclosure] What is wrong with schools these days?, Bipin Gautam

Next by Thread:

Re: [Full-disclosure] What is wrong with schools these days?, Michael Holstein

Indexes:

[Date] [Thread] [Top] [All Lists]