[kwlug-disc] Security arguments

Andrew Kohlsmith (Mailing List Account) aklists at mixdown.ca
Wed Sep 23 17:49:46 EDT 2009


On September 22, 2009 10:36:39 am Insurance Squared Inc. wrote:
> In other words - defacements = programming issues.   Characterizing
> defacements (which are almost always mysql injections) as some sort of
> linux security breach is completely misleading.

That's an awfully thin line.

SQL injection can lead to db-user shell access. That in turn can lead to root 
level access through privilege escalation.

The same applies for scripting.  The fact that you haven't had more than a 
defacement is luck, IMO, and little else.

I too believe Linux to be far more secure than Windows, but IMO if they can 
deface, there's a potential vector for full root access.

> The fact is, linux is extremely secure.  10 years of throwing a base
> install of linux on the web with no firewall or real security measures
> and 0 real hacks.  That's pretty secure IMO.

I have similar experiences with similar timeframes.  Unfortunately the plural 
form of anecdote is not proof.

-A.




More information about the kwlug-disc_kwlug.org mailing list