Go Back   Hardware Canucks > SOFTWARE > O/S's, Drivers & General Software

    
Closed Thread
 
LinkBack Thread Tools Display Modes
  #31 (permalink)  
Old June 7, 2010, 05:11 PM
m1dget's Avatar
Allstar
 
Join Date: Nov 2008
Location: Terrebonne, Qc
Posts: 707

My System Specs

Default

Quote:
Originally Posted by ipaine View Post
Any system/software can be hacked. Some are harder than others but in the end everything can be hacked and cracked.
Sure, but the amount of time and effort it would take you to actually manage to break in a -hardened- OpenBSD system for example would be so great that you would get caught in such a quick time that you wouldn't virtually had any time to do anything to the server.

Though if you would have physical access to the box or unmonitored network access, well that would defeat the purpose of hacking/cracking the system wouldn't you agree?

So with a case like this, the system is truly secure.
__________________
"NIX is a classic example of security through obscurity because there is no real monetary reward for crackers and hackers to break Linix" -AkG
  #32 (permalink)  
Old June 7, 2010, 06:21 PM
AkG's Avatar
AkG AkG is offline
Hardware Canucks Reviewer
 
Join Date: Oct 2007
Posts: 4,305
Default

Your "optimism" m1dget reminds a LOT of what was said about Blu-ray "security" and hell sat tv. Arrogantly thinking anything could take too long to be undertaken once again underscores your lack of real knowledge. Anything man made can and will be hacked. If one attack vector doesnt work...they will try another one and another until one does work. Your security is only as strong as the weakest point and the defenders are ALWAYS behind the knowledge curve. You can harden to your hearts content and their will still be a unkown weak point. All that is lacking is the will to do so...which in the server world falls under the heading industrial / corporate / national espionage (depending on the data). Throw enough time money and talent at a "hardened" network and it will fail. The only way your hardened network couldnt be remotely compromised is if it had no outside connection. THEN and only then is actual physical access required to get sensitive data...and then you still have other problems to worry about via different attack vectors...buts that another ball o wax all together. ;)

If you dont think that is exactly what happens....sigh. I wish I was as naive as you.
__________________
"If you ever start taking things too seriously, just remember that we are talking monkeys on an organic spaceship flying through the universe." -JR

“if your opponent has a conscience, then follow Gandhi. But if you enemy has no conscience, like Hitler, then follow Bonhoeffer.” - Dr. MLK jr
  #33 (permalink)  
Old June 7, 2010, 10:30 PM
Polygon's Avatar
Allstar
F@H
 
Join Date: May 2009
Location: North Vancouver
Posts: 957

My System Specs

Default

Quote:
Originally Posted by AkG View Post
Your "optimism" m1dget reminds a LOT of what was said about Blu-ray "security" and hell sat tv. Arrogantly thinking anything could take too long to be undertaken once again underscores your lack of real knowledge. Anything man made can and will be hacked. If one attack vector doesnt work...they will try another one and another until one does work. Your security is only as strong as the weakest point and the defenders are ALWAYS behind the knowledge curve. You can harden to your hearts content and their will still be a unkown weak point. All that is lacking is the will to do so...which in the server world falls under the heading industrial / corporate / national espionage (depending on the data). Throw enough time money and talent at a "hardened" network and it will fail. The only way your hardened network couldnt be remotely compromised is if it had no outside connection. THEN and only then is actual physical access required to get sensitive data...and then you still have other problems to worry about via different attack vectors...buts that another ball o wax all together. ;)

If you dont think that is exactly what happens....sigh. I wish I was as naive as you.
Hey, don't make vast generalizations!

Maybe his computer is in a vault in a underground bunker in some sort of faraday cage.
__________________
'Do not wish for easier lives, wish to be stronger men'
  #34 (permalink)  
Old June 8, 2010, 02:51 AM
m1dget's Avatar
Allstar
 
Join Date: Nov 2008
Location: Terrebonne, Qc
Posts: 707

My System Specs

Default

Quote:
Originally Posted by AkG View Post
Your "optimism" m1dget reminds a LOT of what was said about Blu-ray "security" and hell sat tv. Arrogantly thinking anything could take too long to be undertaken once again underscores your lack of real knowledge.
Well man, if you still want to treat me like that I'm going to be arrogant towards you too. This is just annoying to read.

Quote:
Originally Posted by AkG View Post
Anything man made can and will be hacked. If one attack vector doesnt work...they will try another one and another until one does work.
In theory yes, in practise for certain case, no. Reread the OpenBSD example I wrote in my last post and critise this one instead of going over something we went through for the last 8 posts.

Quote:
Originally Posted by AkG View Post
Your security is only as strong as the weakest point and the defenders are ALWAYS behind the knowledge curve.
First part is obvious. The second one is partly false because you can be always one step in front of everybody if you know what you do. Reread again my hardened OpenBSD example from last post.

Quote:
Originally Posted by AkG View Post
You can harden to your hearts content and their will still be a unkown weak point. All that is lacking is the will to do so...which in the server world falls under the heading industrial / corporate / national espionage (depending on the data). Throw enough time money and talent at a "hardened" network and it will fail.
Well... wouldn't the "good" effort (as in intense security audit) in making it fail would just get it stronger and eventually secure? I think your point just got kicked in the nuts right here. ;)


Quote:
Originally Posted by AkG View Post
The only way your hardened network couldnt be remotely compromised is if it had no outside connection.
Well thank you there captain obvious (for crying out loud man haha...)

Quote:
Originally Posted by AkG View Post
If you dont think that is exactly what happens....sigh. I wish I was as naive as you.

Really nice man... appreciated


After that I have no remorse to immortalize you in my sig.


Quote:
Originally Posted by nickpolyz View Post
Hey, don't make vast generalizations!

Maybe his computer is in a vault in a underground bunker in some sort of faraday cage.
Actually my home network is not that secure. It was before but it started to step over the 'availability' of the resources so the overall security was decreased to meet my new standards for it.
__________________
"NIX is a classic example of security through obscurity because there is no real monetary reward for crackers and hackers to break Linix" -AkG
  #35 (permalink)  
Old June 8, 2010, 04:40 AM
AkG's Avatar
AkG AkG is offline
Hardware Canucks Reviewer
 
Join Date: Oct 2007
Posts: 4,305
Default

Oh noes. Dont take a snarky comment full of irony and use it as your sig of me. The horror. :)~

You really are a waste of breath m1dget and yes Im am treating you like an idiot because that is exactly what you are when it comes to security (hell Im so rusty that I dont consider myself an expert anymore). You are probably VERY intelligent when it comes to programming or even being a nix mod. You are not even a babe in the woods when it comes to security. Maybe its because Ive come across so many of you young idiots who dont understand that security has to be LAYERED to be effective. Maybe its just that Im old and grumpy and dont have time for fanboi's any more. In either case, I have a nice easy solution. Dont act like a fanboi and I wont treat you like you are a drooling idiot. I know it will be tough, but give it a try.

I truly hope the company you work for has better peeps then you because you have to be one of the worst salesmen for nix I have come across in a long damn time. The hackers are always one step ahead of the security. They are the ones who find those pesky unknown holes in your super hardened OS that make you look like a fool. Of course in your case you dont need anyone elses help doing that. You really are just regurgitating what others have told you and you have taken as gospel. There is always an unknown hole, there always is someone smarter then you who wants a peak inside your server's files.

Audits sound all sexy and shite, but in the end are just like anti virus scanners. They are great for looking for known threats (and NEED to be carried out)....but suck at finding UNKNOWN threats. Obviously you never been part of one as once again your comment just shows how little you actually know or even understand what they are for. Sounds to me like you are the one whose looking foolish over that.

And your right you are not naive, just stupid when it comes to security. The OS is ONE layer of defence not the be all and end all. You obviously cant see that. Enjoy your rose coloured glasses. Just stop talking out of both sides of your mouth. In one sentence you say that you not only need physical access to break unix but even then it would take to much time to be worth it and then and you say Im being cptn obvious for pointing out how stupid that sounds. If you believe in something at least have the moral fortitude to argue your points honestly. As it stands you really are the worst kind of fanboi.

Nix be it unix or linux flavoured it a good BASE. But then again ANY modern OS properly configured is a good BASE. In theory sure its perfect. In theory its more then good enough. In the real world you need to add in layers and layers AND have competent ID staff to monitor, find and fix and holes the hackers poke in your defences. Good security is like an onion. It has various layers and each one can cause you to cry when you peel it, BUT there is always another layer. It is NOT like an walnut with ONE hard layer before you reach the meat.

Maybe Im wrong. Maybe its not that you are a fanboi, rather you just have never been involved in defence or even worked in an enviro where hackers ACTIVELY try and breech your defences on a regular basis. Then again if you are a representative of your company...they probably already have, and realized that there is nothing worth takeing.
__________________
"If you ever start taking things too seriously, just remember that we are talking monkeys on an organic spaceship flying through the universe." -JR

“if your opponent has a conscience, then follow Gandhi. But if you enemy has no conscience, like Hitler, then follow Bonhoeffer.” - Dr. MLK jr

Last edited by AkG; June 8, 2010 at 05:02 AM.
  #36 (permalink)  
Old June 8, 2010, 05:31 AM
m1dget's Avatar
Allstar
 
Join Date: Nov 2008
Location: Terrebonne, Qc
Posts: 707

My System Specs

Default

Well this has been interesting until the few last posts so I will stop arguing with you as it's just argument recursion and nothing else. I understand your opinion, I think you understand mine and now repeating would be simply useless.
You have the right to think I'm retarded as you may not understand fully what I'm trying to explain or simply because you are stubborned, but that doesn't take any of my credibility away from me or any of my claims.

To conclude with you since this will be my last post on you arguments (until a fresh ones comes up), if we are going a step further and talk about computer security theory, I know quite well and fully understand all the 'layers' you are talking about.
If you think I'm wearing rose glasses for pointing out a real world example of a secure machine and can't rationalize on what I am talking about, well it's your problem, not mine.

And sure I've done professional network audit as I was never hired to do some and never wanted to do some as a job, but still what I lack in experience I compensate in theory. If you want to quote me on this saying that practice > theory, I already agree with you.
I'm may be still young compared to a few here (including you) but the extent of my theoretical knowledge in that field is a bit greater than what you think of it. That said add a good knowledge of a powerful programming language (C/C++ in this case) to the theory I know and well I think you can imagine that I can do whatever I want in the field of network security... from simple network scanning tools to advanced automated pentesting programs to packet shaping firewalls.

If you have trouble having a normal conversation and actually being able to point out in technical details of what you think is wrong about someone's claim and throw in a solution or hypothetical explanation to it, well there's maybe another reason why you are not in that field anymore else than stress, who knows...

On that, it's been fun talking with you, but this is going nowhere anymore. :)
__________________
"NIX is a classic example of security through obscurity because there is no real monetary reward for crackers and hackers to break Linix" -AkG
  #37 (permalink)  
Old June 8, 2010, 06:22 AM
AkG's Avatar
AkG AkG is offline
Hardware Canucks Reviewer
 
Join Date: Oct 2007
Posts: 4,305
Default

Sooo let me get this straight. You admit in one breath that you are at best a dilettante and then go on to say that you still think that because you have SOME of the theory down that you therefore are right on subjects that you have no expeirence on.

Your arguments boils down to "I once ran a reallly log way to school (under 1km) and when I got there i was out of breath so therefore I feel completly justifed in being able to discuss the merits of long distance running." IF you want to educate yourself, go look up the indicedts of hacking in the server world. Then realise that even just ONE of them is against unix is your argument on it being perfect is nullified. I dont think I need to do that as, I already said, nothing is perfect.

And nope there wont be next time as up until this conversation I thought you were just very passionate about the subject and not a fanobi. Fanboi's are beneath contempt. Thats why you wont see me using one of your snarky quotes in my sig. BUT by the same token you may want to hyper-link mine in yours. It may be an improvement over "death to Microsoft" but it still makes you look retarded. YMMV but you sir are a mental m1dget and not worth arguing with. You will never learn and you will never change.
__________________
"If you ever start taking things too seriously, just remember that we are talking monkeys on an organic spaceship flying through the universe." -JR

“if your opponent has a conscience, then follow Gandhi. But if you enemy has no conscience, like Hitler, then follow Bonhoeffer.” - Dr. MLK jr
  #38 (permalink)  
Old June 8, 2010, 06:51 AM
m1dget's Avatar
Allstar
 
Join Date: Nov 2008
Location: Terrebonne, Qc
Posts: 707

My System Specs

Default

I think that you are simply too fast and find -all the ways- possible at discrediting what you think I -don't- know, which is is simply stupid in a kind of conversation like this since it breaks all the conversations, but that seems the way you want it.

And btw, I'm letting that in my sig for a reason: It's the most -priceless- quote I have ever seen from a supposedly IT security pro.
__________________
"NIX is a classic example of security through obscurity because there is no real monetary reward for crackers and hackers to break Linix" -AkG
  #39 (permalink)  
Old June 8, 2010, 11:43 AM
AkG's Avatar
AkG AkG is offline
Hardware Canucks Reviewer
 
Join Date: Oct 2007
Posts: 4,305
Default

As this is going to be the last post I am going to respond to as Im simply going to add you to my ignore list for the sake of HWC....

Go for dude. Like I said, what a fanboi does....or doesn't do...doesn't bother me.

And for the record. Unix = server enviro. Linix = small office / home enviro. There aint any monetary reward for going after 1% of the market. If you think there is....well i dont care what you think at this point. You are beneath my contempt. Should I care what the "stuff" I scarped off my shoes thinks about me?

And also like I said earlier its less retarded then "death the Microsoft" so it is an improvement mental m1dget.

Im not too fast to find ways you are retarded, you simply love making grand sweeping statements (a common side effect of being young and inexperienced). And when called on your BS and called on the fact that is retarded to say that ANYTHING is hacker proof you get defensive and try and say "hey dont make it personal" then go about mocking me in a half arsed way. Whereas Im up front about my POV and make no attempt to hide it, or talk out of both sides of my mouth to "win" an argument. If you think Im an idiot for saying something or what have you...come out and say it directly. Dont be a coward. The difference here is you think Im an idiot for not agreeing with you, when I KNOW you are an idiot for saying half the shite you say AND let you know exactly what I think. For example instead of saying " well there's maybe another reason why you are not in that field anymore else than stress, who knows" why not say what you really mean. Of course then I could tell you that I did work for Government (while its inactive now...I do have my TS security clearance) and various Int'l corporations over the years. But hey why let MORE reality get in the way of your lil fantasy.

Hopefully one day you will grow up and realize that nothing is perfect, nothing is black and white and that ALL OS's and ALL hardware and ALL software for that matter have holes. Holes that peeps will find whether you want them to or not.

In conclusion you sir a fanboi and Im not wasting anymore time on a elist snob fanboi like you.
Ignored.
__________________
"If you ever start taking things too seriously, just remember that we are talking monkeys on an organic spaceship flying through the universe." -JR

“if your opponent has a conscience, then follow Gandhi. But if you enemy has no conscience, like Hitler, then follow Bonhoeffer.” - Dr. MLK jr

Last edited by AkG; June 8, 2010 at 11:49 AM.
  #40 (permalink)  
Old June 8, 2010, 12:01 PM
SugarJ's Avatar
Moderator
F@H
 
Join Date: Jan 2008
Location: Langley, BC
Posts: 6,070

My System Specs

Default

And this thread is now locked. I had hoped for better from both of you.
Closed Thread


Thread Tools
Display Modes

Similar Threads
Thread Thread Starter Forum Replies Last Post
Hehe... m1dget Mac 77 May 2, 2010 04:14 PM