[clug-talk] Bashing Windows out of ignorance
gjm at hotmail.com
Wed May 5 12:09:10 PDT 2010
Have to admit.... these past emails have spiced up CLUG Talk.... makes for
interesting reading and a diversion from more mundane stuff of the day....
kind of like the Enquirer.... (for enquiring minds) ..... hehe
My 2 cents..... I have been a windows user for years and a Linux user for
the past 5 or so.... I use both linux and windows machines and really don't
have a love hate relationship with either.... they do the job intended....
don't usually have problems with either.... like the driver issue for the
printer..... window 7 machine took 4 tries to get the one that worked.... oh
well.... try getting flash to work on linux..... its technology.... get over
From: clug-talk-bounces at clug.ca [mailto:clug-talk-bounces at clug.ca] On Behalf
Of gustin at echostar.ca
Sent: May 5, 2010 12:14 PM
To: CLUG General
Subject: Re: [clug-talk] Bashing Windows out of ignorance
Nice and mature, thanks for making my point for me.
I won't bother logging in, since the Internet will take care of this for
me. Install some crappy php based web software, apache, and disable php
safe mode (which is usually required by said crappy php code), and start a
timer. You should only need a few seconds to get a worm.
As I said it really comes down to configuration. I have both Windows and
Linux machines with services that are naked to the Internet. It
almost always comes down to configuration these days.
Also, Ubuntu 8.04 is really equivalent to Windows Vista on the Desktop,
both of which are still getting security updates (8.04 is my goto release
for servers until the next LTS stabalizes). Other than the root login via
ssh, what you have deployed is reasonably safe (the default on Ubuntu is
to not enable root logins btw). If you want to be ballsy, do the same
thing with Debian sarge or woody. The first time I was hacked was when I
was running Red Hat 5.2, I am sure it is still vunerable.
I am a little curious about the windows lover moniker you have given to
me. I am nothing of the sort. You did provide some laughter at one of my
clients today (a mixed environment btw) where my nickname is "Windows
poison". Thanks for that.
Now back to work. Today I get to integrate Apache with Active
Directory for a single sign on thingy, of course to make it interesting
Apache is running on Linux. Should be a fun afternoon messing with
Kerberos, Samba, and Apache.
More information about the clug-talk