| Forum Home | ||||
| PC World Chat | ||||
| Thread ID: 84142 | 2007-10-25 18:53:00 | Windows vs. Linux vs. Mac Security | somebody (208) | PC World Chat |
| Post ID | Timestamp | Content | User | ||
| 605400 | 2007-10-28 16:40:00 | You don't need a pasword, and it takes less than 30 seconds. Just pick up the machine and throw it out the window. Same thing works with Vista and is very beneficial. Hey winmacguy, did the update to Leopard all take place is normal multi-user mode? How many reboots? None still happily using Tiger. |
winmacguy (3367) | ||
| 605401 | 2007-10-28 18:12:00 | Local exploits are nothing to worry about when your machine can be tossed out the window so easily........or letting the wrong people use the machine, people who have to try anything that looks shiny and fun. All though our focus has shifted to looking at how easy it is for one malicious individual to take down one targeted machine for whatever reason, i think the majority of damage seen is far from that. It is users playing on a machine installing what they shouldn't. Tis ignorance not maliciousness that does the most damage me thinks.... Wouldn't it be an ideal test to open an internet café type experiment for a week offering 12 computers, with equal quantities of standard tiger, leopard, debian-etch, ubuntu, xp, and vista installs. I'll lay my bets what falls over first with 100s of Joe Blows being given free use of the machines. the fun part could be betting how many hours it would take before we are left with the survivors. Actually, done right, the betting could be quite a profitable exercise! :D -------personthingy considers the legal position of such a scheme regarding NZ gambling laws and so forth.:p |
personthingy (1670) | ||
| 605402 | 2007-10-29 06:10:00 | And it's entirely possibly to set the ssh server to run in single-user mode. And to set the next reboot to automatically be single-user. Do you see where I'm heading with this? You can also mess with the disk directly rather than at the filesystem level, I'm pretty sure chflags won't stop that - although I won't swear to it. If OSX uses the boot sequence as in FreeBSD (and I think it does), you really cannot set up a ssh server to start up automatically during single-user start-up. Init calls rc which calls other rc scripts (/usr/local/etc/rc.d/ usly), looks in /etc/rc.conf etc, and all custom start-up scripts therein. In single-user mode, init does not call rc. Dunno about Linux SysV start-ups, but that is the standard BSD start-up. |
vinref (6194) | ||
| 605403 | 2007-10-29 06:13:00 | If OSX uses the boot sequence as in FreeBSD (and I think it does), you really cannot set up a ssh server to start up automatically during single-user start-up. Init calls rc which calls other rc scripts (/usr/local/etc/rc.d/ usly), looks in /etc/rc.conf etc, and all custom start-up scripts therein. In single-user mode, init does not call rc. Dunno about Linux SysV start-ups, but that is the standard BSD start-up.Correct, but nothing is stopping you from passing a replacement init as a kernel argument - so my argument is still valid. | Erayd (23) | ||
| 605404 | 2007-10-30 01:05:00 | I simply don't trust MS when it comes to security. Earlier in the year there were security problems with a URL handler registered for Firefox in Windows. It was registered in exactly the manner advised by the MSDN documentation. Mozilla immediately prevented their handler from being exploited and fixed a whole other array of problems found in the process. It took MS months and dozens of related vulnerabilities to finally admit that the problem was their fault. Microsoft also seem to be completely incapable of designing secure protocols and systems. The standard Windows VPN software, using PPTP and MS-CHAP, is a perfect example. A full paper analysing the protocol from Bruce Schneier, a well renowned security expert, is available at www.schneier.com To put it simply, if I record your traffic then I have the following routes of attack open to me: If I ever discover your password I can decrypt all VPN sessions recorded while you had that password. It doesn't matter if it's changed since - you must guard your Windows passwords from work for as long as the material sent must remain secret. If you have a weak password then I could easily use a dictionary attack against the client response to deduce your password. If I can interfere with transmissions, for example on a wireless network, then I can force the system to use MSCHAPv1 instead of version 2, which has been trivially breakable for a long time. Using this I could directly deduce even a strong password using a space/time trade off (e.g. rainbow tables) and apply technique 1 to any other sessions I may have eavesdropped on. The encryption keys each way use a fixed prefix. Bruce Schneier notes that this prefix appears statistically to be suspiciously weak and no explanation has ever been given for its choice. While I don't usually follow conspiracy theories, the US government has been trying to get back doors in crypto technology for a long time. It seems at least plausible that they may be able to break the encryption using this weak prefix. Other VPN systems use techniques such as public-key encryption or Diffie-Hellman key exchange to establish session keys and avoid these issues. While the design of cryptographic algorithms is probably as hard as rocket science, applying these techniques to secure communications is incredibly simple and can be implemented in a practically bulletproof manner. Microsoft care too much about their reputation and too little about the customer. This attitude leads them to disclaim responsibility, avoid owning up to their mistakes and use their influence to push bad protocols, formats and software on people for reasons of maintaining their income and with little regard for how it might affect their customers in the future. Some would consider this position immoral but let's be honest - Microsoft is just big business. |
TGoddard (7263) | ||
| 1 2 3 4 5 6 7 8 | |||||