- Jan 17, 2006
- 375
- 0
- 0
Ok....Originally posted by: Nothinman
I never said I was l33t. However, you have no proof that windows users don't deny their problems. In fact, you had to result to bashing me because you couldn't find enough information to support your original claim.
Oh please, your entire first post (not counting the pasted crap from your "sources") is misinformation and Windows user "bashing".
You really need to read the stuff you're using in your defense.
One of the Developer accounts were compromised. The system was not. If the hacker has access to the server by legit means (valid username and password), then the security of the OS goes right out the window since the server assumes the person logging in is legit. That is exactly what happened last year. It had nothing to do with a remote vulnerability that the Windows XP of last year (and Vista now) was plagued with.
No, it's you who needs to read and comprehend. Yes, they found a weak password to get access to a shell account but that doesn't mean the they automatically own the box. From there they used a Linux kernel exploit to take over the box. It's on par with the .ani exploit because in both cases they have to find some way to get onto the system to attack it, in the Debian case it was a weak password and in the .ani case it's getting you to visit a malicious webpage or read a malicious email. Neither is 100% automatic.
No, it's you who needs to read and comprehend. The hacker used a local vulnerability. He wouldn't have been able to do that if he didn't first have access to the server. The ani exploit is a REMOTE VULNERABILITY. This means the hacker doesn't need remote access to the machine to gain local access. Remote vulnerabilities are far far more serious than local vulnerabilities. You should know that more than anybody here.
How many home users are running IIS and SQL Servers? Exactly my point.Looks like Microsoft even admitted that this vulnerability is on the rise as more hackers are deciding to use it.
That means absolutely nothing, there's a ton of "hackers" out there that still run bots using years old IIS and SQL Server exploits.
This is simply not true and has been proved a thousand times before. Don't make me pull the IIS vs. Apache example out.
But can you come up with another example? And have you looked at IIS lately? IIS 6.x only has 3 exploits listed on Secunia and all are patched but Apache 2.2 has 3 with 1 remotely exploitable one not patched yet. And Apache 2.0 has 33 with 3 not patched vs IIS 5.x only having 14 total with 2 unpatched.
First of all, IIS 6.x hasn't been out for as long as Apache 2.2. It's obvious that you'd find more vulnerabilities as more time passes by. The same goes for the previous versions you have listed. Why would they patch Apache 2.0 when a newer version of Apache already has the fixes? They only support one version at a time. Just encase you didn't know that.
If Ubuntu Linux was as widely used as Windows, I doubt it would be plagued with viruses and vulnerabilities as bad as Windows is.
Be careful what you wish for, especially since it's obvious that you have no real understand about what you're talking.
Same with you, friend.