[Full-disclosure] What is wrong with schools these days?
bill.stout at greenborder.com
Tue Apr 25 20:00:22 BST 2006
You know, having made a few NTexploit lists in the past, I wanted to
make the point the M$ was less secure. Unfortunately the facts were
Two IIS 6.0 vulnerabilities reported from 2003-2006
Twenty-eight Apache 2.0 vulnerabilities reported from 2003-2006
Paul is right.
I would never suggest a Windows admin use UNIX, or visa-versa. A
product is only as secure as it's configured.
From: full-disclosure-bounces at lists.grok.org.uk
[mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf Of Paul
Sent: Tuesday, April 25, 2006 10:27 AM
To: full-disclosure at lists.grok.org.uk
Subject: Re: [Full-disclosure] What is wrong with schools these days?
CrYpTiC MauleR wrote:
> All you had to say was Microsoft =oP
That's hilarious. The number one defaced website OS is Linux. (See
Zone-H.org if you don't believe me.)
The number one problem I have here is unix boxes. You know why?
Because a lot of open-source bozos run around claiming unix is more
secure than Windows. So a lot of clueless people think that, if they
just set up a RedHat box, they won't have anything to worry about.
Ask them what that little red ball with the X in it is - you know - the
one flashing up there in the taskbar- and they'll say I dunno.
No OS is secure by default. No OS can remain secure if it's not
properly configured and maintained. Look at your box right now. How
many of you have inetd or xinetd running? Why? What services does it
provide that you need? Do you even know what chargen or rpc.statd is?
If not, why are they running (if they are)? How many of you have a
workstation running with more than just ssh enabled and *no* firewall
You name the OS, and I can tell you of at least one incident of hacking.
We haven't had a Windows box hacked in a long time. The last five
were two Macs and three RedHat boxes. Does that mean Macs and RedHat
are insecure? NO! It means, until the general public understands the
problem and knows what the solution is, hacking will continue apace with
no sign of letting up.
The real problem is ignorance.
Paul Schmehl (pauls at utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
Full-Disclosure is hosted and sponsored by Secunia.