Visit the Ironworks Gaming Website Email the Webmaster Graphics Library Rules and Regulations Help Support Ironworks Forum with a Donation to Keep us Online - We rely totally on Donations from members Donation goal Meter

Ironworks Gaming Radio

Ironworks Gaming Forum

Go Back   Ironworks Gaming Forum > Ironworks Gaming Forums > General Discussion > General Conversation Archives (11/2000 - 01/2005)

 
 
Thread Tools Search this Thread
Old 01-09-2005, 05:25 PM   #11
dplax
Jack Burton
 

Join Date: July 19, 2003
Location: an expat living in France
Age: 38
Posts: 5,577
Quote:
Originally posted by LennonCook:
One worm. Three years ago. Nothing prior, nothing since. Compare to... how many for Windows?
I'm sure if Linux were the most used OS and Windows was only second there would be much more Linux exploits than Windows ones.
__________________

dplax is offline  
Old 01-09-2005, 05:31 PM   #12
Sigmar
Unicorn
 

Join Date: May 17, 2001
Location: N/a
Posts: 4,222
ROFLMAO

Lennon, your threads crack me up! [img]graemlins/biggrin.gif[/img]

I'm sure I'd appriciate them a lot more if I knew what the hell was going on inside them. Your crusade against Microsoft is always good reading.

But Longhorn, sp2, wha?

Forgive my ignorance, and let this humble yokel laugh at all them funny words.
Sigmar is offline  
Old 01-09-2005, 05:35 PM   #13
LennonCook
Jack Burton
 

Join Date: November 10, 2001
Location: Bathurst & Orange, in constant flux
Age: 37
Posts: 5,452
Dplax: Not so. The Slapper worm was to do with Apache more than Linux (although it only affected Apache on Linux, not Apache on Win32 AFAIK). It is the only major worm Apache has had in it's lifetime, compare to MS IIS which has had many.
Now, which is more popular? On major commerical servers, Apache has around 70% and rising. In other words, Apache is far more popular than IIS, and yet it has had far fewer exploits.

Security comes with secure programs, not with smaller user bases.

[ 01-09-2005, 05:38 PM: Message edited by: LennonCook ]
LennonCook is offline  
Old 01-09-2005, 05:40 PM   #14
andrewas
Harper
 

Join Date: October 2, 2001
Location: Aberdeen, Scotland
Age: 42
Posts: 4,774
Quote:
Originally posted by LennonCook:


quote:
If you can explain why any software that is going to bind to a port 1-1024 needs to be started as root then I might start to belive in some of the mythical security that Linux has.
If that were true, you would need to start a web browser as root since they bind to port 80. FTP clients, mail clients, GAIM and its kin. They all connect to ports, inbound and outbound, and yet they can be started by anyone who can access the executable. I run aMSN, Thunderbird, Firefox, xChat, ncFTP, and GAIM regularly as me. Check your facts.
[/QUOTE]Actualy, Seraph is right about this. You need root priviledges to bind to a port &lt1024. Run a ps -A with apache running and you should see the parent process is running as root, with a bunch of non-root children (assuming you actualy had some traffic other than your own testing, which you dont). Which neatly explains why this isn't a problem with apache - the processes doing all the work don't have root priviledge. Other programs get round this by dropping root priviledge after binding to the port.

I would have reservations about running anything that kept root priviledges on a process which was listening to a port, since an author that didnt think to work around that probably didn't secure the rest of it properly. But, this is it. Its up to the author to write a secure program, and the admin to choose a secure program. Linux dosent generaly make mistakes for you, and it won't do things like exposing file and print sharing to the internet by default. Or running a messenger service on every machine by default regardless of whether its needed. Or basing a large portion of its local infrastructure on a protocol intended for remote execution of code.
__________________
[img]\"http://www.sighost.us/members/Zvijer/andrewas.gif\" alt=\" - \" />
andrewas is offline  
Old 01-09-2005, 05:41 PM   #15
Bozos of Bones
Apophis
 

Join Date: July 29, 2003
Location: The Underdark cavern of Zagreb
Age: 37
Posts: 4,679
Longhorn -The next sequel in the best-selling point-and-click adventure, the Windows franchise.
SP2 - an expansion pack for Windows XP. New missions, new levels, new enemies!
Debian - a Linux distribution(version)
Root - the very top of the hierarchy
Buffer overrun - a way to fool a security system into a continual loop. Like you mention the number thirteen to someone who can count up to ten.
Any more? [img]tongue.gif[/img]
__________________
MAKE LOVE, NOT SPAM!
Bozos of Bones is offline  
Old 01-09-2005, 05:43 PM   #16
LennonCook
Jack Burton
 

Join Date: November 10, 2001
Location: Bathurst & Orange, in constant flux
Age: 37
Posts: 5,452
Quote:
Originally posted by Sigmar:
But Longhorn, sp2, wha?
SP2 = Windows XP Service Pack 2. A download of... somewhere around 700 MB I think, which MS say makes Windows more secure. The article I posted analyses just how it does this, and how well it works. And it turns out that that almost GIG of downloading is little more than fake smoke and mirrors that hardly reflect.

Longhorn = the next generation of Windows. It was originally going to debut this year (maybe last?), but MS have delayed it. Last I checked, it was going to be atleat 2007 before we even see a glimpse of BETAs. It has alot of security updates (supposedly), and some stuff about digital rights management. That is, preventing you from using CDs or play MPEGs unless you pay the author money and they pay MS money.
LennonCook is offline  
Old 01-09-2005, 05:48 PM   #17
Bozos of Bones
Apophis
 

Join Date: July 29, 2003
Location: The Underdark cavern of Zagreb
Age: 37
Posts: 4,679
You think wrong. It's 120 MB, 200 if you want the LAN professional edition for installation to other machines. And it actually does do something usefull, if you set it right.
__________________
MAKE LOVE, NOT SPAM!
Bozos of Bones is offline  
Old 01-09-2005, 05:57 PM   #18
LennonCook
Jack Burton
 

Join Date: November 10, 2001
Location: Bathurst & Orange, in constant flux
Age: 37
Posts: 5,452
Quote:
Originally posted by Bozos of Bones:
You think wrong. It's 120 MB, 200 if you want the LAN professional edition for installation to other machines.
Ok, I was a little off... but 200 MB is still quite big for something that doesn't do a good job out of the box without fiddling. Moreso if you consider that alot of the world is still on dialup, and that would take close to a day to get...
LennonCook is offline  
Old 01-09-2005, 05:57 PM   #19
dplax
Jack Burton
 

Join Date: July 19, 2003
Location: an expat living in France
Age: 38
Posts: 5,577
Quote:
Originally posted by LennonCook:
Dplax: Not so. The Slapper worm was to do with Apache more than Linux (although it only affected Apache on Linux, not Apache on Win32 AFAIK). It is the only major worm Apache has had in it's lifetime, compare to MS IIS which has had many
My point is that too few people use Linux for it to be a good hacker target. If more people were using it then more info could be stolen and it would be more worthwile for hackers to target Linux.
__________________

dplax is offline  
Old 01-09-2005, 05:59 PM   #20
dplax
Jack Burton
 

Join Date: July 19, 2003
Location: an expat living in France
Age: 38
Posts: 5,577
Quote:
Originally posted by LennonCook:
quote:
Originally posted by Bozos of Bones:
You think wrong. It's 120 MB, 200 if you want the LAN professional edition for installation to other machines.
Ok, I was a little off... but 200 MB is still quite big for something that doesn't do a good job out of the box without fiddling. Moreso if you consider that alot of the world is still on dialup, and that would take close to a day to get... [/QUOTE]Windows Update downloads work in a way that they download slowly over time in the background and once downloaded install. That means that if you log on an hour each day only SP2 shall download only those times and can resume itself. You can do other work while doing all this. Then when it has finished downloading you can install.
__________________

dplax is offline  
 


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
An Interesting Article... Arvon General Conversation Archives (11/2000 - 01/2005) 4 10-27-2004 12:19 AM
Here's an interesting article... Arvon General Conversation Archives (11/2000 - 01/2005) 5 07-02-2004 04:43 AM
An interesting science article! Sir Kenyth General Conversation Archives (11/2000 - 01/2005) 5 04-04-2003 03:58 AM
Interesting Article Azred General Conversation Archives (11/2000 - 01/2005) 1 03-12-2002 02:31 PM
Another interesting article Sir Kenyth General Conversation Archives (11/2000 - 01/2005) 8 03-04-2002 12:23 PM


All times are GMT -4. The time now is 01:03 PM.


Powered by vBulletin® Version 3.8.3
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
©2024 Ironworks Gaming & ©2024 The Great Escape Studios TM - All Rights Reserved