news.com— In a matter of minutes, e-crime experts hack into a Windows XP computer that is unprotected and connected to an unsecured wireless network.
Nov 13, 2007View in Crawl 4
...compare this to OpenBSD (*sigh*, yes, I guess that means I'm a 'nix fanboy, CaptainMonkey, sorry), which has had exactly *two* known exploits in the default install in the past *ten years*. Just how many "can be rooted" exploits exist for default Windows installs over the years in its assorted variants? Granted, one is enough, but I suspect the SP1 "hackers" in this case had a giant *pile* of attacks they could have used to compromise the system. Five years ago on OpenBSD? Nope. The first root exploit was caused (if memory serves) by a goof in the specific version of SSH it shipped with; before that release shipped, the exploit wouldn't have worked then either.Call names if you like, but this still demonstrates something horribly dangerous. Which is more likely? Mom & dad install XP on their machine with whatever CD they have, not knowing it's SP1, and leave it running overnight to download the *hundreds of megabytes* of patches it needs just so it can be patched to SP2, or are they going to stick an old OpenBSD on it without just grabbing a new (freely downloadable) version of it with both known exploits already patched?XP SP1 is still out there, like it or not, and it is hilariously insecure and easily rooted. Once the botnet is on the machine, I suppose it doesn't matter *what* patches you stick on it, right?
It's not the responsibility of the operating system creators to provide a firewall. Not even Linux does that. It's the responsibility of whoever puts out the distribution to include a firewall. For example, if you buy a Dell computer, they should provide a firewall. There's free ones out there that work perfectly fine. And if you build your own PC, you should be smart enough to install one yourself.
daverave999Nov 13, 2007
'Frightening'? That's an unfortunate word to be using about your employer's products security flaws...
sirlolalotNov 14, 2007
This account has been closed by the user
willfeNov 14, 2007
...compare this to OpenBSD (*sigh*, yes, I guess that means I'm a 'nix fanboy, CaptainMonkey, sorry), which has had exactly *two* known exploits in the default install in the past *ten years*. Just how many "can be rooted" exploits exist for default Windows installs over the years in its assorted variants? Granted, one is enough, but I suspect the SP1 "hackers" in this case had a giant *pile* of attacks they could have used to compromise the system. Five years ago on OpenBSD? Nope. The first root exploit was caused (if memory serves) by a goof in the specific version of SSH it shipped with; before that release shipped, the exploit wouldn't have worked then either.Call names if you like, but this still demonstrates something horribly dangerous. Which is more likely? Mom & dad install XP on their machine with whatever CD they have, not knowing it's SP1, and leave it running overnight to download the *hundreds of megabytes* of patches it needs just so it can be patched to SP2, or are they going to stick an old OpenBSD on it without just grabbing a new (freely downloadable) version of it with both known exploits already patched?XP SP1 is still out there, like it or not, and it is hilariously insecure and easily rooted. Once the botnet is on the machine, I suppose it doesn't matter *what* patches you stick on it, right?
merwinNov 14, 2007
It's not the responsibility of the operating system creators to provide a firewall. Not even Linux does that. It's the responsibility of whoever puts out the distribution to include a firewall. For example, if you buy a Dell computer, they should provide a firewall. There's free ones out there that work perfectly fine. And if you build your own PC, you should be smart enough to install one yourself.
willfeNov 14, 2007
Translation: "Windows is TOTALLY a crappy unsecured OS, use Linux/BSD for free! It's da bomb!"Fixed that for you :)
darph_boboNov 14, 2007
SP1? May as well been Windows 95.
Closed AccountNov 17, 2007
I meant who doesn't know this that uses digg.