[linux-security] Re: RedHat 5.X Security Book

[twiztah <twiztah ANARCHY MAXHO COM>]

On Sat, 11 Jul 1998, Kent Crispin wrote:

>On Fri, Jul 10, 1998 at 07:38:43AM -0300, Grant Taylor wrote:
>> 
>[...]
>> 
>> This is not what I said.  I merely point out that it is difficult or
>> perhaps impossible to make a "checklist" that will be complete enough
>> to result in a system that is actually secure.  Particularly so over
>> time.
>
>"Security" is relative.  "Actually secure" makes it a binary choice.  
>It aint so.
>
>[...]
>> > I have a car. I know how to drive it. I can change flat tires, add
>> > oil and gas. This covers about 99% of normal stuff. I take it to a
>> > car mechanic when it needs it. I am not going to stop on the side of
>> > the road, pull 200 pounds of tools out of the trunk and change all
>> > the gaskets in the engine.
>> 
>> Absolutely.  But network security is more complex than car
>> maintenance.  It also differs in that "99% secure" isn't significantly
>> better than "40% secure".
>
>?? No attacker knows every exploit, and no sysadmin knows every
>exploit.  The more holes you close the more likely you are to block up
>the ones that any particular attacker will know. 
>
>"99% secure" is an almost completely meaningless statement, in any
>case. 

There are fully functional systems which are 100% secure to the publically
_KNOWN_ bugs. Not every admin sits on his chair at work and eats donuts,
while little script monkeys are rooting his machine.

>
>> Anyone interested in breaking in has only
>> to try out a bag of tricks until he hits that forgotten 1%.
>

Most people that know about the 1%, don't waste their time hacking, they
are probably doing security for major corporations and/or govt.

>That assumes that the attackers bag of tricks includes that forgotten
>1%.  In fact, clue is not evenly distributed among the cracker
>community, either.  A very few are brilliant and knowledgable, most
>are not. 

I totally agree with you, _MOST_ but not all hackers are "script monkeys",
in other words, they use what someone else wrote, randomly root machines
vulnerable to remote exploits that they get off www.rootshell.com, etc.
Some are actually very knowledgeable and write their own exploits. In my
opinion, all exploits that hit BUGTRAQ/rootshell.com were found like one
year ago and server their purpose to the owner, so now they decide to
release them, and tell the rest of the world about the hole. Those are the
one in the 1%.

>
>-- 
>Kent Crispin, PAB Chair			"No reason to get excited",
>kent songbird com			the thief he kindly spoke...
>PGP fingerprint:   B1 8B 72 ED 55 21 5E 44  61 F4 58 0F 72 10 65 55
>http://songbird.com/kent/pgp_key.html
>
>-- 
>----------------------------------------------------------------------
>Please refer to the information about this list as well as general
>information about Linux security at http://www.aoy.com/Linux/Security.
>----------------------------------------------------------------------
>
>To unsubscribe:
>  mail -s unsubscribe linux-security-request redhat com < /dev/null
>

Sorry, I dont have a 10 line signature, but I think I am still cool?

[twiztah maxho com] [07/12/98 4:08AM]