Thread: hehe ^ 17
View Single Post
  #24 (permalink)  
Old June 7, 2010, 01:55 AM
m1dget's Avatar
m1dget m1dget is offline
Allstar
 
Join Date: Nov 2008
Location: Terrebonne, Qc
Posts: 707

My System Specs

Default

Quote:
Originally Posted by AkG View Post
that is locked in a vault and never used and has no programs installed on it (as they are another attack vector)
Well if I quote (from memory) a security book I read a while ago that had the best example of what I mean: You can install whatever you want on it, but as long as the server is hidden in a fortress guarded by an armed guard (and maybe a tank) and dug deep below the ground in a concrete box with 2 feet thick reeinforced concrete wall while not being plugged or connected to a network and having, your box can't be considered truly secure.

...but for the real world there is OpenBSD which is considered secure on many levels + that thing YouTube - The UK's most secure datacenter "The Bunker" Kent.


Quote:
Originally Posted by AkG View Post
NIX is a classic example of security through obscurity because there is no real monetary reward for crackers and hackers to break Linix.
Seriously man, I feel bad reading your definition of security through obscurity

Here's what you should have done the first time I quoted you on it Security through obscurity - Wikipedia, the free encyclopedia

(I find it funny to see further down that you were possibly a pentester and think that unix is security by obscurity )


Quote:
Originally Posted by AkG View Post
Why spend time and effort probing for a hole that will affect 2 or 3 people out of a hundred when you can do it for 90+. Once again no OS is secure. This is a fact. ANYTHING man made has flaws. There are plenty of ways to break nix systems just like any other OS. A lot of them just haven't been discovered because its not worth the time and effort to do so. If you think nix has no holes and thus needs no patching....LOL, not even going to go there as you seem bright enough to actually count above 10 w/out taking off your shoes ;)
Well sure there's less apparent effort on the part of linux/unix developper for virtually anything, but it's false. Though if you are a developper for -let say- KDE, well you won't even care about kernel level security or remote hole patching.

Quote:
Originally Posted by AkG View Post
I did intrusion detection for a living so unlike you I know what I am talking about when it comes to security. Im not a dilettante, or arm chair general. Im sure your OS gives you warm fuzzy wuzzies at night, but you are sadly mistaken if you think that its this uber perfect system that cant be hacked. Before windows, Unix was the only "real" OS out there for servers and yes they did get cracked. Just like Novel did and was hacked. If you were around back then you would know this. Obviously you werent. Obviously your ideas need a few more years of real world experience to temper your enthusiasm. Me I think all OS's and ALL users are royal pain in the arse (especially the "power user" who thinks he knows it all...they are the worst) and we'd be much better off with out them....just need to figure out how to invent sentient AI.
I just can't beleive I'm having this conversation with a (possible) pentester... seriously I wtf am I witnessing here

Sure UNIX is not perfect, nothing is, but still it's way better than about all the alternatives out there and has everything you can need to secure and make a machine completely secure. It's a bit of work but with custom tools and programs beleive me it can a be a fortress (from about all point of view).

As an example... for the almighty OpenBSD and remote holes. There are simply none. You might say again that nobody checked or tested the code, but that would be plain wrong. Go download all their source and read a bit of the code and you will see that a bunch of very qualified people went over it and audited it several time.

And to conclude... I have nothing to prove to you or anyone here (else than potential clients) but you really think I am just a lil undesirable and annoying "superuser" with a big mouth? Well let me just tell you that you are not the only one that works/worked in the computer security field. I have a small company (under NDA) in that domain and I am required to know in depth about all there is to know about either software, network and OS security (including audits like you did even if we are a software company and it's not our primary goal) because if not, well we are basically ****ed if I may use that term

I like to have conversation with you guys, but please don't treat me like an imbecile as I am not one. I think you should have had figured it out sooner than after nearly 500 posts on my part.
__________________
"NIX is a classic example of security through obscurity because there is no real monetary reward for crackers and hackers to break Linix" -AkG

Last edited by m1dget; June 7, 2010 at 02:00 AM.