RE: Linux (in)security

["Schmehl, Paul L" <pauls () utdallas edu>]

> -----Original Message-----
> From: Peter Busser [mailto:peter () adamantix org] 
> Sent: Wednesday, October 22, 2003 3:10 AM
> To: full-disclosure () lists netsys com
> Subject: Linux (in)security (Was: Re: [Full-disclosure] Re: 
> No Subject)
>
> In general people seem to believe that Linux is either secure 
> or can be made secure by removing packages and unused 
> services. This believe that Linus is already secure makes 
> people uninterested in security. Why improve something that 
> is already sufficient? Besides that, it is more rewarding to 
> write a new window manager providing more and faster flashy 
> eye candy than to fix potential memory allocation problems 
> that noone ever notices. Well, until it becomes a problem that is.

Is it any wonder?  With thousands of rabid slash dotters cajoling their
friends into switching to Linux because "it's secure out of the box" and
"it can't be infected like Windows", what would anyone expect?  The same
idiots that can't keep a Windows box from being owned are now using
Linux.  And the result is the same.

Now, lest you get your hopes up and think it's possible to change the
world, read this:

http://www.ukauthority.com/articles/story898.asp

After reading this, I had a good cry and then took some aspirin.  :-(

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/ 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html