-
November 15th, 2003, 10:30 PM
#1
Member
Question about hackers...
Have any of you ever heard someone say that hacking into windows machines is at times harder than hacking into a linux machine?
From all that I have heard and read, the opposite is true. Can someone clear this up for me?
/Armed
-
November 15th, 2003, 10:34 PM
#2
Senior Member
It all depends on the person who has set up the machine. If someone has a password then it doesn't matter what system they are on. It all depends on techniques, but there are certain things about windows that makes it less secure in general. Like there coding, that is why there are so many buffer overflows. Also windows goes out of its way to make everything easier. This also can lend to some of this, it helps a less experienced administrator set up a network and communicate with other hosts.
-
November 15th, 2003, 10:47 PM
#3
To protect the innocent, I shall not name names, but I know several guys who hang around AO who would set up an MS environment that was difficult..........OK they would probably use Unix on their servers?
If you will accept an old fart's joke................ yeah I have windows 2.03 on an HP Vectra VS 12..........anyone fancy hacking it?...................I actually have that machine, but the Windows is so old that attacks do not see it?
Cheers
-
November 15th, 2003, 11:00 PM
#4
Member
If you will accept an old fart's joke................
fart:
1. To expel intestinal gas through the anus; break wind.
2. To fool around; fritter time away.
n.
1. An often audible discharge of intestinal gas.
2. An annoying or foolish person.
__
Come on nihil, that doesn't sound like you too much.....
I like to joke as well.... Hahah...
/Armed
-
November 15th, 2003, 11:05 PM
#5
Senior Member
There are lots of computer old farts. I am glad that I am not one of them. Lol
-
November 16th, 2003, 12:19 AM
#6
Junior Member
windows 9x has no real multi user capabilities, unless you install sub7 on it. so to an extent it is fairly secure from a few standpoints. but then again it has **** for physical security.
-
November 16th, 2003, 03:09 AM
#7
Originally posted here by sysmin770
There are lots of computer old farts. I am glad that I am not one of them. Lol
Well atleast not yet haha
PeacE
-BoB
#!/usr/local/bin/perl -s-- -export-a-crypto-system-sig -RSA-in-3-lines-PERL
($k,$n)=@ARGV;$m=unpack(H.$w,$m.\"\\0\"x$w),$_=`echo \"16do$w 2+4Oi0$d*-^1[d2%
Sa2/d0<X+d*La1=z\\U$n%0]SX$k\"[$m*]\\EszlXx++p|dc`,s/^.|\\W//g,print pack(\'H*\'
,$_)while read(STDIN,$m,($w=2*$d-1+length($n||die\"$0 [-d] k n\\n\")&~1)/2)
-
November 16th, 2003, 03:48 AM
#8
Armed
Have any of you ever heard someone say that hacking into windows machines is at times harder than hacking into a linux machine
I guess it depends on how Uber you are and if the conditions are right.
-
November 16th, 2003, 04:19 AM
#9
Member
In my opinion... A linux system is only as strong as its admin... Correct me if I'm wrong... But Linux is open source, therefore there are no-auto-updates... The sys admins need to take matters into their own hands by getting patches for exploits or, by coding them themselves... Windows on the other hand has frequent updates for security bugs... Not that this is a good thing... I have only used linux for a lil while, and I have used windows for a longer time... So,my opinion is bias But all in all, I believe that linux is only as good as the admin running it... But I believe that windows is only as good as the person remembering to set up the firewall and run the updates... I guess its a tie...
-
November 16th, 2003, 11:23 AM
#10
All personal bias aside, yes a default load of any NT based product just might be more difficult to break into
than a default load of any Unix with the exception of OpenBSD, and (Trusted)Solaris[1].
There are a few things that make this true.
1) Most black-hat's run a Unix, hence exploits and technique's for compromising Unix-based systems
are in great supply due to tinkering on one's own machine and developing it into a proof-of-concept,
and it later becomming a widely used exploit. This is how almost all exploits get started.
2) Gaining root on a Unix-based system is much more useful than SYSTEM on an NT-based host. Modern
Unix OS's are a networking operating from the ground up and lend themselves to many more ways of
doing new and nasty (as well as good) things on a network. Hence they are attractive targets. I know
of quite a few black/grey/white-hat's that don't really know or care much about Windows™.
3) Unix OS's are likely to have ftp, telnet, ssh, smtp, rsh, rexec, finger, http, identd, nis/yp, X11, rpc, and a host
of other network daemons running after an install. A default install of Solaris 9 for example has _A_TON_ of
daemons active and listening. Since these are the only way a Unix box can be remotely exploited
turning these off is critical
4) Default accounts. A problem that has plagued many Unix OS's, but most notably Tru-64 UNIX, HP-UX,
and IRIX. IRIX for example used to allow remote login of the user lp (printer daemon) with _no_ password!
5) Unix systems tend to be the important ones on the network, such as mail, http, finanical/HR, backups,
super-dooper-secrets, SQL, and security hosts (firewalls, nids, proxy, etc.). This is not always true of course,
but at most companies I am aware of that run a mixed Unix/NT environment, the above is how it works out.
6) Unix is _much_ older than Windows™. The art of cracking system security was born in the Unix
world, not DOS/Windows™. Don't believe me? Read Phrack Magazine from the first issue on, DOS/Windows
didn't start showing up until 1993 and doesn't start showing up frequently until 1996.
There are of course some misconceptions about Unix security which should be pointed out.
1) Unix is Open Source: This is absolutely _NOT_TRUE_. Linux, FreeBSD, OpenBSD, and NetBSD are
Open Source, that is true. Solaris, AIX, IRIX, HP-UX, Tru-64, BSDi, SCO, and the rest of the commercial
UNIX® OS's are in many ways more closed source than Windows™. While an intern at a certain
UNIX vendor, I read and signed an 18 page Non Disclosure Agreement just to work on a very small part
of the driver code for the printer daemon (under stringent supervision I might add).
2) Unix is very insecure by default: False. A vulnerability in the daemon, or some other horrific oversight
in default configuration has to render a service vulnerable before it can be attacked. Having 30 listening
daemons doesn't necessarily mean any of them are exploitable.
3) Frequent security patches indicate an insecure OS: Would you rather have a patch for that bug this
week, or next quarter? It is silly to suggest that releasing one large patch 3 times a year means the
respective OS is more secure than one with multiple updates issued every month as they come up.
Sorry for being such a nerd with my reply. This topic hits close to my checking account, and as you can
tell I have some opinions about it.
-- spurious
[1] NSA SE Linux (included in 2.6 series kernels) and TrustedBSD not mentioned as they are not yet
what could be considered a default install.
Get OpenSolaris http://www.opensolaris.org/
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|