[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] security issues -PLS READ!!
- Subject: Re: [cobalt-security] security issues -PLS READ!!
- From: "Rodolfo J. Paiz" <rpaiz@xxxxxxxxxxxxxx>
- Date: Wed, 25 Apr 2001 15:09:45 -0300
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
At 4/23/01 02:36 PM -0400, you wrote:
I recently posted a way to check your system so verify a hack attack. I
did forget to mention that MIPS processor systems are unaffected by
almost all hack attacks. They use a different type of processor and
therefore are not affected the same way.
Bullshit. Utter, complete, unadulterated bullshit.
The processor architecture is different and the processor code is
different; hence, programs need to be recompiled to run on those
processors. That is the extent of the difference.
The *consequence* of that difference, together with the fact that most
script kiddies are actually stupid and are only trying stuff they
downloaded (compiled for the x86 architecture) means that those rootkits
and worms *compiled* for x86 won't work. This is probably over 90% (maybe
99%) of hack attempts.
HOWEVER, this does not make you "safe" in any way. Bind, for example, is
subject to the same vulnerabilities on all platforms. So are most programs;
the only difference is that a stupid script kiddie will not then be able to
get his favorite rootkit to run. But a hacker with any education at all, or
a stupid script kiddie with a MIPS-compiled tool, will still rape you
quicker than you know...
...particularly if you subscribe to the bloody stupid myth that "MIPS
processors are unaffected by almost all hack attacks" and thus proceed to
develop a false sense of security or, even worse, instilling such a thing
in others.
Sorry for the confusion. All of you with MIPS can breathe a sigh of
relief. =)
More like "All of us with MIPS can thank God for small mercies, and worry
about false information."
I know you meant no ill, Bill, but the wording of your email can do a great
deal of damage to people adminning MIPS-based systems who then put their
feet up and smoke a cigar instead of being paranoid. The content of your
message is, indeed, bullshit, and dangerous bullshit which needs to be
refuted quickly and strongly; I hope it's clear that I'm not attacking you
personally. :)
--
Rodolfo J. Paiz
rpaiz@xxxxxxxxxxxxxx