Re: Which Router for VPN and Webhosting

From: David (davidwnh_at_adelphia.net)
Date: 09/20/03 

Date: Sat, 20 Sep 2003 16:31:30 GMT

It's hard to say. In either case it is simply a matter of whether the black
hats find the vulnerabilities before the white hats do. Even with MS's piss
poor reputation in regards to dealing with reported vulnerabilities, they do
seem to get most of their holes patched before the exploits hit the net.
There are several security outfits looking for windows vulnerabilities right
now because there is money to made in doing so.

On the other hand I have seen a lot of open source vulnerabilities that are
being discovered after the exploits show up. OpenSSH for example just fixed
two holes one right after the other which it looks like were only discovered
after several systems had reportedly been hacked. And this is not an obscure
open source project.

There is a lot of open source stuff out there that is not getting audited.
And there is a bunch of PHP and perl stuff for websites which is full of
exploitable code. Take a look at many of the open source web application
projects and you will probably find exploitable scripts and or SQL injection
vulnerabilities.

>
> This leads me to believe that _open source_ is in general more
> secure than _closed source_, and in particular: Small[3] open
> source products are more secure then big (bloated) closed source
> products.
>
>
> - Eirik
>
> 1. http://dir.salon.com/tech/review/2000/08/31/schneier/index.html
> (page two)
> 2. ISBN: 0-471-25311-1
> 3. As in, less bloat than "big"
> --
> New and exciting signature!
>

Relevant Pages

  • Re: M$ attack on Common Sense
    ... are flaws in the OS itself that enable the virus to work. ... doesn't have flaws and vulnerabilities. ... It's certainly NOT advocacy for Linux IMO..... ... if it's unfair to lump all open source software together for ...
    (comp.os.linux.misc)
  • Re: M$ attack on Common Sense
    ... are flaws in the OS itself that enable the virus to work. ... doesn't have flaws and vulnerabilities. ... It's certainly NOT advocacy for Linux IMO..... ... if it's unfair to lump all open source software together for ...
    (alt.computer.security)
  • Re: M$ attack on Common Sense
    ... are flaws in the OS itself that enable the virus to work. ... doesn't have flaws and vulnerabilities. ... It's certainly NOT advocacy for Linux IMO..... ... if it's unfair to lump all open source software together for ...
    (comp.os.ms-windows.nt.admin.security)
  • On vulnerabilities in open and closed source products
    ... >on Open Source platforms (or platforms for which the source code is so ... >are now hunting down obscure integer overflows, ... are reported in open vs. closed source advisories. ... "Top 10" vulnerabilities, and their relative ranking in open/closed ...
    (Bugtraq)
  • Re: Which Router for VPN and Webhosting
    ... hats find the vulnerabilities before the white hats do. ... On the other hand I have seen a lot of open source vulnerabilities that are ... > source products are more secure then big closed source ...
    (comp.security.firewalls)