Re: Mac Server Hacked In Less Than 6 Hours

<tomstdenis@xxxxxxxxx> wrote in message
news:1141813136.479130.146370@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
| Ed Weir (ComCast) wrote:
| > | It's not a fair comparison. The MacOS box had open ssh access. A
| > | typical IIS box wouldn't.
| >
| > Granted; The guy wanted to access the server remotely. So do MS admins.
| > Perhaps the comparison is fairer than you claim. I'll grant you half a
| > point here though because MS won't give out user shells.
|
| Yes, but not all MS boxes have remote shells (hell msft doesn't even
| have a shell).

Windows has RAS, and for it is built in since (at least) NT 3.1

| A typical IIS box and this Mac are not the same thing so the comparison
| is not really fair.

You got that right.

| > | But it hasn't. IIS has been subject to quite a few bugs and so have
| > | it's FTP and other network facilities.
| >
| > OK, software == bugs. Where is this different? Point persists that MS
has
| > not been hacked and defaced yet, though I am SURE there are thousands of
| > hackers who would love the prestige of having done so.
|
| How do you know it hasn't? Are you suggesting one IIS box serves all
| of microsoft.com?

Of course not. They have server farms like everyone else. They also have
Clustering, a parralell processing architecture. And RAS is built in to
that as well 8^D

| > | There are other flaws though with the MSFT way of things. First off,
| > | it's vendor locked in. Second it's all proprietary. Third it's
| > | costly. Fourth it's Microsoft and fifth it's not efficient.
| >
| > Their biggest flaw by far is that they have billions and billions of
dollars
| > in cold hard cash earned by their way of things.
|
| Their way of things just happens to be evil. And by evil I mean "not
| good for the industry".

Honestly, not good for you, anyway. The industry is thriving and bodacious.

| > 1.) Off Point. Locked or not, it's been secure.
|
| http://www.google.ca/search?hl=en&q=security+hole+in+IIS&btnG=Search&meta=
|
| No, it REALLY hasn't.

Dammit, Tom I was drinking hot coffee when I read that.

Sigh...
http://www.google.ca/search?hl=en&q=security+hole+in+unix&btnG=Search&meta=
http://www.google.ca/search?hl=en&q=security+hole+in+linux&btnG=Search&meta=
http://www.google.ca/search?hl=en&q=security+hole+in+bsd&btnG=Search&meta=
http://www.google.ca/search?hl=en&q=security+hole+in+mac+OS&btnG=Search&meta=

| What's more, being locked in means you have to follow their upgrade
| path. Don't like bugs in w2k? Just buy Vista for only 2000 dollars
| (or whatever). You can't get IIS separate of the OS despite the fact
| it's not a function of the OS.
|
| > 2.) Off Point. Security isn't a proprietary attribute.
|
| It makes securing it harder when some closed party can make up all the
| standards and implement them god knows how. Recall the recent WMF
| bugs? Would that have happend if they just used PS like they should
| have?
|
| > 3.) $o what? (I totally agree BTW) the security appears to be worth
it
| > however.
|
| You really need to do some searching with bugtraq or securityfocus. I
| think you're assumption that they've never been hacked is severely
| ignorant.


Sigh...
http://www.google.ca/search?hl=en&q=security+hole+in+unix&btnG=Search&meta=
http://www.google.ca/search?hl=en&q=security+hole+in+linux&btnG=Search&meta=
http://www.google.ca/search?hl=en&q=security+hole+in+bsd&btnG=Search&meta=
http://www.google.ca/search?hl=en&q=security+hole+in+mac+OS&btnG=Search&meta=

Goooooogle works just fine. Perhaps you should check your ignorance at the
door. The lady will help you...

| > 4.) Ah yes, the MS bash mantra... dismissed
|
| Sure why not.
|
| > 5.) It's obviously VERY efficient; ever seen the campus? This is the
| > gigaton gorrilla we're talking about. You can't find an office anywhere
in
| > the world that doesn't have a Windows box somewhere in it. Perhaps you
need
| > to reconsider your definition of 'efficient'. This is the most
efficient OS
| > the world has ever seen, when all the tradeoffs are calculated.
|
| Um no.
|
| First thing anyone does with windows is seek out (often purchase) third
| party tools from security tools (anti-virus, firewall, etc) to tools
| (shell, compiler, etc). A default install of windows is VERY useless
| aside from the browser/media player.
|
| Then you have to work around bugs in the OS. For instance, I use
| Exchange, it connects, disconnects, reconnects at will despite the fact
| my connection is up and stable. It can fail to launch twice in a row
| (some process is lingering).
|
| Then you have Word. Which isn't typeset, the file format is bloaty (it
| saves way too much revision data for single users) and also proprietary
| which means all YOUR documents belong to THEM.
|
| etc, etc, etc.
|
| The reason most offices have Windows is because MSFT abuses their
| position to ensure vendors only sell with it. Couple that with peoples
| growing atrophy of concern and they just "go with the flow". Worse
| yet, you have IT directors which set forth "standards" like "all
| documents must be in word format".
|
| I mean, Excel (for what I do) is no better than Gnumeric or OO.o but
| it's "just there". Word is pathetic compared to LaTeX but it's "just
| there".
|
| > But I digress... you have not yet reasoned why they cannot be cracked.
|
| You are not talking out of facts. I'm sure they HAVE been hacked
| before.
....and where are your facts on this?
| Just they can afford to bring up spare boxes quicker than
| anyone cares to notice.

Yes, they can. It's called clustering, and it's completely automated.
Spend thousands, save billions, make billions more. Self healing, like the
Borg.

| > Could it be that they have the best cryptographers and security people
in
| > the whole world there? What is it? This is the question I pose here
for
| > discussion.
|
| Well they do have Niels Fergusson there... hehehehe
|
| I think this thread is some latent form of poster-child for the lame
| trolling but I'm replying just because what you're suggest is so
| absurd.

Perhaps you should just stop replying, while you're still so far behind. So
far, your replies have been little more than ignorant spewage.


-- Ed.

To remove my email, just give me head.
-----------------------------------------------------

.

Relevant Pages

  • Re: been hit by hacker, servudaemon installed
    ... security patching on iis 4.0 ... security fixes into the new version. ... >install all service packs and patches from Microsoft, ... >>>Windows, Apache, you name it. ...
    (microsoft.public.inetserver.iis.security)
  • Re: been hit by hacker, servudaemon installed
    ... security patching on iis 4.0 ... security fixes into the new version. ... :>install all service packs and patches from Microsoft, ... :>>>Windows, Apache, you name it. ...
    (microsoft.public.inetserver.iis.security)
  • Re: OT: Myth # 13: Macs Are Safe From Malware Attacks
    ... I don't consider IE to be relevant to Windows' security model. ... You're confusing open source with UNIX. ... still not all bugs will be fixed. ... Especially IIS 6.0. ...
    (comp.security.misc)
  • RE: New User: IIS Missing
    ... | Content-Class: urn:content-classes:message ... | Subject: New User: IIS Missing ... | My pre-loaded Windows 2000 does not have it and I need it ... Please subscribe to the FREE Microsoft® Security Notification Service on ...
    (microsoft.public.win2000.new_user)
  • RE: bill gates claim about security vulnerabilities per LOC inUnix versus Windows
    ... That would really help mitigate the security problems ... > per LOC inUnix versus Windows ... > From my experience every piece of software has bugs, ... Linux Gets A Reality Check ...
    (SecProg)