Re: [linux-security] Re: Checking remote servers

[ArthaXerxes <xerxes-axx altern org>]

At 17:10 26/05/98 -0600, you wrote:
>> Publically avaliable source does however mean that it is a lot easier
>> for people to find security flaws in the OS, if the source code is
>> sealed behind closed doors then the security flaws that are there may
>> never be found then again when they are found they will take a long
>> time to be patched and may never be patched!
>
>Most, if not all of the Unix based operating system vendors HAVE licensed
>their source code to companies willing to pay.  This in turn has caused it
>to get out on the internet, if you have the proper connections, it is not
>hard to get your hands on.

It is true I have seen many more security holes on Linux (generally
speaking) than on AIX or HPUX.
I think it's because :

 - you can install Linux at home and play with it for free. It implies many
more people know Linux. It also allows hackers to do tests at home.
 - Linux is more used than AIX (for example), so there are more chances one
will find a hole.
 - Also, commercial Unix are generally runned by big companies (I said
"generally"), so they also "generally" try to hire skilled people,
(Especially Banks, Banks just love AIX) but I have seen some exceptions. On
the other hand, a lot of people just run Linux with only the help of a book
and good willing people.
 - The fact commercial Unix are used by big companies also affraid a bit the
average hacker. Protect your system and replace "Linux 2.0.34" by "AIX -
bouh !" :-) You can not imagine how much the way your server look can
prevent lamers from doing attacks. Really, when they see the linux prompt
they think that they have the same system at home... Psychology is essential
in security. (cf Social Engineering)

[mod: And -=I=- think it is because you don't -=SEE=- as many AIX/HPUX
bugs as you see about Linux. Many of the bugs are present in all
versions, even AIX/HPUX. Currently some of the Linux alerts go out,
deliberately not mentioning that AIX/Solaris/HPUX are vulnerable too.
Because those (poor :-) guys didn't have a fix yet. -- REW]

Of course the l33t fellow will just hack you and change your motd,
reducing your honour to nothing before the very eyes of your users.

Considering bugs, well except BIG bugs, if your system is well
administred, it does not cause much problems. (Well administrated does
not imply Nazi Security. :-)

Furthermore, I think it is more clever to concentrate on classic
security flaws since advanced security flaws will only be exploited by
skilled hackers, and you will not face them often.

And after all, the only security hole is the human.

(do not flame me because I have said "AIX" and "HPUX". It exists you know :-)

---

ArthaXerxes - network hacker/hunter
Evaluation of your security for free and without any prior request.

ArthaXerxes' Archive > http://altern.org/xerxes/
        SMI FAQ bêta > http://altern.org/xerxes/smi/