[ale] oh... please (slight rant)

Matt Kubilus mattkubilus at gmail.com
Wed Feb 7 17:18:08 EST 2007 

It boils down to a complete misunderstanding of how encryption and
security works.  I've had someone argue a eerily similar point a while
back.  Simply knowing the algorithm.  Simply knowing the algorithm for
blowfish enryption does not mean you have the recipe to intercept
every message using blowfish encryption.  I'm sure that's exactly what
that person thinks too.

One of my favorite old sayings "Ignorance simplifies any problem."

-Matt

On 2/7/07, Jeff Lightner <jlightner at water.com> wrote:
> He's not "probably right" because he said he could hack "because it's
> open source".   As others have pointed out that has nothing to do with
> it.   Based on that bogus assumption then my HP-UX servers would be safe
> because they're not open source.   If so he'll have to explain to me why
> I had to do a Bastille bastion host setup AND run HP's
> security_patch_check to insure they were safe for the internet.
> Moreover he'd have to explain why the Bastille software I used on the
> proprietary OS was made mostly of open source components.
>
> -----Original Message-----
> From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of Lane
> Oden
> Sent: Wednesday, February 07, 2007 1:20 PM
> To: Atlanta Linux Enthusiasts
> Subject: Re: [ale] oh... please (slight rant)
>
>
>
> -----Original Message-----
> From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of
> Preston Boyington
> Sent: Wednesday, February 07, 2007 11:50 AM
> To: Atlanta Linux Enthusiasts
> Subject: [ale] oh... please (slight rant)
>
> while talking with a friend of a friend last night the conversation
> started to turn into a pissing contest.  the gist of it is he is very
> entrenched in M$ land and Linux is nothing more than a hobbyist's
> plaything.  (hmm... possibly some residual anger there...)
>
> i actually was rendered speechless (not an easy feat mind you, i run my
> trap A LOT) when he proclaimed that he could hack any Linux machine in a
> few minutes because it was open-source.  i sat there for a few seconds
> and then looked at my friend and asked, "he's not doing anything mission
> critical for you, is he?"
>
> i readily admit that i am not a Linux guru, database wizard, or web
> tzar, but i have enough intelligence to determine that "many eyes are
> better than a few"!
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>
> Security is not simply a matter of what OS you're running. Security is a
> matter of always following best practices and documenting properly so
> you manage to spot anomalies. The most secure and stable platform is
> always going to the the one that the responsible Administrator (or team)
> is most familiar with. For some organizations, that platform will be
> Linux/Free UNIX. For others, Windows. And for some, it's still
> mainframes and commercial UNIX. For LOTS of companies, it's a
> combination of some of the above...
>
> Honestly, the friend of a friend is probably right. There are a good
> number of lazy admins (Windows and Linux) out there who miss out on
> something little that turns into a major security issue later.
>
> "A lot of good work goes to waste simply because someone wasn't willing
> to do a little more."
>
> Linux vulnerabilities exist everywhere from the kernel to the
> applications/services. Just like Windows. And remember... while remote
> access (whether it's LAN or across the Internet) is powerful, physical
> access is guaranteed. Put someone technically apt and so inclined in
> front of any box and they own the data. No matter what measures you take
> to protect it.
>
> Real security involves knowing where your vulnerabilities exist and
> taking steps to mitigate them. Not eliminate them. Sometimes mitigation
> means acceptance.
>
> Regards,
>
> Lane Oden
> Information Security Analyst
>
> ?
>
>
> The information transmitted is the property of NCP Solutions and is
> intended only for the person or entity to which it is addressed and may
> contain confidential,
> proprietary and/or privileged material. Any review, retransmission,
> dissemination, or other use of, or taking of any action in reliance upon
> this information by
> persons or entities, other than the intended recipient, is prohibited.
> If you receive this in error, please contact the sender and delete the
> material from all computers.
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>


-- 
Don't be a pioneeer.  A pioneer is the guy with the arrow through his
chest.  -- John J. Rakos

More information about the Ale mailing list