The Register - Major SMB crack

[Alan Olsen]

On Thu, 19 Apr 2001, Phillip H. Zakas wrote:

> the only open source operating system i've used (and continue to use) is
> openBSD. linux is awful from a security standpointl.  the only downside is
> the security profile of openbsd: if it's even kind of risky, it won't be
> allowed to run.  www.openbsd.org

The SMB problem is not a "Linux only" issue. Samba runs under all sorts of
things, including BSD.

Interestingly enough, the bug slipped through a number of third party
security audits.  It was introduced sometime in the 1.9.x code and was not
found until very reciently.

As for "Linux being horribly insecure", that depends on the distribution.

There are some very secure versions of Linux. (Immunix is one.
http://www.immunix.org/) Just running apps you think are secure is not
enough.  Does OpenBSD deal with format bugs? Temp races? Stack overflows?
That only deals with the majority of problems, not all of them. It does
not deal with mistakes in the protocol (as happened here) or mistakes in
coding.

OpenBSD does some good things, but it is not all that is out there.

> > -----Original Message-----
> > From: owner-cypherpunks at Algebra.COM
> > [mailto:owner-cypherpunks at Algebra.COM]On Behalf Of Jim Choate
> > Sent: Thursday, April 19, 2001 3:11 PM
> > To: cypherpunks at einstein.ssz.com
> > Subject: The Register - Major SMB crack
> >
> >
> >
> >
> > Open Source software is more secure?...
> >
> > http://www.theregister.co.uk/content/8/18370.html
> >
> > --
> >    Adapt, Adopt, Improvise! - Anonymous
> >
> >    Venimus, Vidimus, Delevimus - 1st Linux Motto, Anonymous
> >
> >    Tivoli Certification Group, OSCT
> >    James Choate                           jchoate at tivoli.com
> >    Senior Engineer                        512-436-1062
> >
> >
> 
> 

alan at ctrl-alt-del.com | Note to AOL users: for a quick shortcut to reply
Alan Olsen            | to my mail, just hit the ctrl, alt and del keys.
    "In the future, everything will have its 15 minutes of blame."