[kwlug-disc] Security arguments
Andrew Kohlsmith (Mailing List Account)
aklists at mixdown.ca
Wed Sep 23 17:49:46 EDT 2009
On September 22, 2009 10:36:39 am Insurance Squared Inc. wrote:
> In other words - defacements = programming issues. Characterizing
> defacements (which are almost always mysql injections) as some sort of
> linux security breach is completely misleading.
That's an awfully thin line.
SQL injection can lead to db-user shell access. That in turn can lead to root
level access through privilege escalation.
The same applies for scripting. The fact that you haven't had more than a
defacement is luck, IMO, and little else.
I too believe Linux to be far more secure than Windows, but IMO if they can
deface, there's a potential vector for full root access.
> The fact is, linux is extremely secure. 10 years of throwing a base
> install of linux on the web with no firewall or real security measures
> and 0 real hacks. That's pretty secure IMO.
I have similar experiences with similar timeframes. Unfortunately the plural
form of anecdote is not proof.
More information about the kwlug-disc