Home Archive RSS/XML Subscribe Shop

Re: [ISN] "Is Linux a net security risk?"

From: Chris Brenton <cbrenton_at_sover.net>
Date: Thu 08 Jun 2000 - 18:38:44 CDT
kw wrote:
>
> Never in my life have I seen such a high degree of utter fucking bullshit
> in one single article.

I could not agree more, but I would probably state it differently. ;)

> By Helen Han
>
> SYDNEY, 7 June, 2000 - A SANS Institute of America report has named Linux
> and Unix operated sites as more vulnerable to internet attacks than
> Windows and Mac powered sites.

As someone who was involved with the top 10 list I would like to clearly
state that SANS, myself and everyone else involved in this project _did
not_ name or attempt to name any one operating systems as being
more/less secure than any other. The comments above are clearly those of
the writer and no one else.

The top 10 list is posted at:
http://www.sans.org/topten.htm

and it clearly states "Here is the experts’ list of the Ten Most Often
Exploited Internet Security Flaws along with the actions needed to rid
your systems of these vulnerabilities."

The list is exactly that, a tally of the top 10 exploits that those of
us involved in the project have seen in the wild the most. There is no
attempt to correlate this info as to whether an operating system is more
or less secure. In fact, nearly half the items (CGI, Export file shares,
password policy, SNMP community names) are completely platform
independent. They are an equal problem on any given networked platform.
No where in the posting does SANS name Linux or any other operating
system as a "security risk" as the title of this article implies.

I hate to say it, but this author has no idea what she's talking about.
I also find it interesting that out of all the people interviewed, none
of them where directly involved with the project. You would think that
at least one direct source would have been involved.

Regards,
Chris
--
**************************************
cbrenton@sover.net

* Mastering Cisco Routers
http://www.amazon.com/exec/obidos/ASIN/078212643X/
* Mastering Network Security
http://www.amazon.com/exec/obidos/ASIN/0782123430/

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV@SecurityFocus.com with a message body of
"SIGNOFF ISN".
Received on Thu Jun 8 19:56 CDT 2000
Google
 
Web www.infosecnews.org
© Copyright 2007 InfoSec News
Home Archive RSS/XML Subscribe Shop Privacy