Interesting but sad - OT

100,000 web sites were destroyed!
http://www.theregister.co.uk/2009/06/08/webhost_attack/

Guess what operating system HyperVM runs on?

Are you getting this Alias?


--

Richard Urban
Microsoft MVP
Windows Desktop Experience

From what I have read elsewhere there are no backups. The information is
gone!

When a person obtains root access on a Linux computer they can do whatever
they want. In this case they deleted the information.

--

Richard Urban
Microsoft MVP
Windows Desktop Experience


"Dalo Harkin" <> wrote in message
news...
>
> That'll take some time to recover
>
>
> --
> Dalo Harkin
> Posted via http://www.computerhelpforums.net
>

Richard Urban wrote:
> 100,000 web sites were destroyed!
> http://www.theregister.co.uk/2009/06/08/webhost_attack/
>
> Guess what operating system HyperVM runs on?

It ain't Ubuntu and which OS it's running on means nothing.

>
> Are you getting this Alias?

A weakness in a *program* is not a weakness in Linux.

Alias
>
>

Richard Urban wrote:
> From what I have read elsewhere there are no backups. The information
> is gone!
>
> When a person obtains root access on a Linux computer they can do
> whatever they want. In this case they deleted the information.
>

Obtaining root access on *any* machine ... That said, obtaining root
access on Linux is much more difficult than Windows.

Alias

that proves that Search, filecopy of numerous & large files, customization,
etc can be inferior in Vista versus WinXP just because it's securer.

Fix one issue that plagued Windows since 95 thru XP, but open a hos tof
others. This is not a justification.
Vista is securer, OK, fine.

Doesn't mean I will praise its deficciencies versus XP.
It's like saying America is the best country on Earth.
Yes we can buy material goods at higher volumes/capita than in other
countries. But our housing, healthcare/social protections, and racial
tensions are serious problems
SO by being the "best country on Earth" doesn't mean we shoudl relax and
praise it endlessly.

Same with Vista, I know it's secure. Just by the fact I can't accomplish
tasks effciently until disabling UAC, etc annboyances else it was asking me
if I want to move a mouse and whether it's safe to move a mouse or breath a
little air on the screen, I need a permit to shut down, etc nonsense. I
know this "nonsense" was with good intentions to secure the syste, except
that I am alone using it so I ha dto relax security, and maintain a remote
backup in case of an attack.

It's just tha tother issues now appearaed, solved security, added other
propblems.

On Tue, 9 Jun 2009 04:36:35 -0400, "Richard Urban"
<> wrote:

>From what I have read elsewhere there are no backups. The information is
>gone!

That would be an unrelated business issue with a hosting provider.

>When a person obtains root access on a Linux computer they can do whatever
>they want. In this case they deleted the information.

Something is missing from that story. SQL injection does not give you
root access. You can do lots of nasty things to data with SQL
injection but getting beyond the d/b environment would be unusual.

Regardless, this is a supplemental software specific attack. It has
nothing to do with desktop Linux. And, this still isn't as bad as
when it was discovered that Win 2000 / IIS server allowed unrestricted
access to any program on the root/C: drive simply by calling with http
to the server with a cgi command and a path that worked it's way up
with a couple "../" incorporations.

That bug was the result of MS ignoring the most basic rule of web
server design: an application running on the server should never be
able to access anything above the root of the server. It was there
because MS's basic security architecture is flawed and their solution
to "application integration" in their flawed environment was to allow
any web server application to access anything, anywhere, on the
server.

No OS is perfect; Linux on web servers is not perfect; MS on servers
is even worse.

Supplement software attack or not, it is fun to tweak the noses of those
Linsux schmucks (Alias & others) who insist on posting here.

If Linsux was as strong and bullet proof as those people say (switch to
Linsux and you won't have any security problems) this could not happen. I'm
lovin it!

--

Richard Urban
Microsoft MVP
Windows Desktop Experience


"+Bob+" <> wrote in message
news:...
> On Tue, 9 Jun 2009 04:36:35 -0400, "Richard Urban"
> <> wrote:
>
>>From what I have read elsewhere there are no backups. The information is
>>gone!
>
> That would be an unrelated business issue with a hosting provider.
>
>>When a person obtains root access on a Linux computer they can do whatever
>>they want. In this case they deleted the information.
>
> Something is missing from that story. SQL injection does not give you
> root access. You can do lots of nasty things to data with SQL
> injection but getting beyond the d/b environment would be unusual.
>
> Regardless, this is a supplemental software specific attack. It has
> nothing to do with desktop Linux. And, this still isn't as bad as
> when it was discovered that Win 2000 / IIS server allowed unrestricted
> access to any program on the root/C: drive simply by calling with http
> to the server with a cgi command and a path that worked it's way up
> with a couple "../" incorporations.
>
> That bug was the result of MS ignoring the most basic rule of web
> server design: an application running on the server should never be
> able to access anything above the root of the server. It was there
> because MS's basic security architecture is flawed and their solution
> to "application integration" in their flawed environment was to allow
> any web server application to access anything, anywhere, on the
> server.
>
> No OS is perfect; Linux on web servers is not perfect; MS on servers
> is even worse.

On Tue, 9 Jun 2009 15:30:09 -0400, "Richard Urban"
<> wrote:

>Supplement software attack or not, it is fun to tweak the noses of those
>Linsux schmucks (Alias & others) who insist on posting here.
>
>If Linsux was as strong and bullet proof as those people say (switch to
>Linsux and you won't have any security problems) this could not happen. I'm
>lovin it!
>


No OS is invulnerable to attack. Some are just more open than others.
What bothers me about MS is that they are still refusing to
acknowledge their underlying structural problems and instead give us
band-aids like UAC. The issue for them is that real change would
impact their business model and that's out of the question for them.
It's business before security, profit before customers.

No one is going to gain the equivalent of root privileges from the internet
when you are using Vista or Windows 7 with UAC enabled. Yet apparently it is
easy to do in Linsux.

--

Richard Urban
Microsoft MVP
Windows Desktop Experience


"+Bob+" <> wrote in message
news:...
> On Tue, 9 Jun 2009 15:30:09 -0400, "Richard Urban"
> <> wrote:
>
>>Supplement software attack or not, it is fun to tweak the noses of those
>>Linsux schmucks (Alias & others) who insist on posting here.
>>
>>If Linsux was as strong and bullet proof as those people say (switch to
>>Linsux and you won't have any security problems) this could not happen.
>>I'm
>>lovin it!
>>
>
>
> No OS is invulnerable to attack. Some are just more open than others.
> What bothers me about MS is that they are still refusing to
> acknowledge their underlying structural problems and instead give us
> band-aids like UAC. The issue for them is that real change would
> impact their business model and that's out of the question for them.
> It's business before security, profit before customers.
>

Richard Urban wrote:
> No one is going to gain the equivalent of root privileges from the
> internet when you are using Vista or Windows 7 with UAC enabled.

No need. There are at least 50,000 users A DAY who are allowing
Conficker to infect their Windows computers.

> Yet
> apparently it is easy to do in Linsux.

Not nearly as easy as it is with Windows.

Alias
>