On Sun, 30 Mar 2008, Chris wrote:
Manuel Aróstegui wrote:El sáb, 29-03-2008 a las 12:24 -0400, Jim escribió:Read articleThat's cool, but it's far to be the real scenario we face everyday. I guess that Linux box was secure but the truth here, as far as I've been able to see is that either Windows or Linux (I have no mac experience) are both pretty insecure if they're been running by a dumb administrator. It is clear that a Linux, out of the box, has less chances to be hacked than a windows in the same situation. But for me, this hacking contest does not represent a real scenario. Anyways, I'm glad Linux survived, do not take me wrong :-) ManuelLet's also not forget the most important part of the article - it mentioned something about Java allowing MS security to be circumvented.That leads me to think that if Java was not installed on that box, would it have been hacked?
If you don't want to install Java you need to tell us what alternative is going to provide better security. Many developers use Java because the work needed to implement the functionality (including the attention to security issues) would be prohibitive.
MS was chosen for this attack because the person who knew the Java exploit also happened to be familiar with MS. Such attacks often proceed in stages: 1. get user-level access via a browser, java, etc. 2. elevate to "admin/root" privileges, which is where knowledge of the specific OS comes in. Often the 1st step works on multiple platforms.
Perhaps not. So, I think the article is very misleading. To me, I could care either way. as pointed out else where in this thread, a properly patched and managed box (under any OS) can be very difficult to hack.
Or not, if you happen to know of an unpatched vulnerability.
I wonder why (at least in this article) OpenBSD was not mentioned. Perhaps it was just a session that was betwix Linux & MS.
OS X was the first to fall (via safari), so the BSD camp didn't fare very well.
-- George N. White III <aa056 chebucto ns ca>