Re: One for the Security Guru's

Rogier Wolff (R.E.Wolff@BitWizard.nl)
Sun, 27 Oct 2002 11:17:51 +0100


On Sat, Oct 26, 2002 at 10:43:29AM +0000, Henning P. Schmiedehausen wrote:
> But my point is, that these beasts normally don't run a general
> purpose operating system and that they're much less prone to buffer
> overflow or similar attacks, simply because they don't use popular
> software with known bugs (e.g. OpenSSL) or these functions (like
> doing crypto) are in hardware.

The script kiddies simply haven't bothered to attack these boxes yet.
When they are done with the bugs in the common oses, they will move on
to other targets...

And you say that a "root shell" on the box doesn't give you root on
the application server? It might be too hard for a "worm" but it will
be easy for a human.

Roger.

-- 
** R.E.Wolff@BitWizard.nl ** http://www.BitWizard.nl/ ** +31-15-2600998 **
*-- BitWizard writes Linux device drivers for any device you may have! --*
* The Worlds Ecosystem is a stable system. Stable systems may experience *
* excursions from the stable situation. We are currently in such an      * 
* excursion: The stable situation does not include humans. ***************
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/