Joachim Schipper wrote:
On Mon, Jan 15, 2007 at 11:20:27AM -0700, Darren Spruell wrote:
On 1/15/07, Alexander Bochmann <[EMAIL PROTECTED]> wrote:
...on Thu, Jan 11, 2007 at 08:42:35AM +0100, Marc Balmer wrote:
hmm, why are people so proud of their uptimes when it only show they
don't care for their systems?
Bah, uptimes (is it that time of the year again?)...
Last login: Sun Jan 7 19:22:19 2007 from xxxxxxx
OpenBSD 2.3 (LOCAL) #0: Wed Jul 31 12:51:38 CEST 2002
Welcome to OpenBSD: The proactively secure Unix-like operating system.
{104} ls -al /etc/localtime
lrwxr-xr-x 1 root wheel 33 Jun 12 1998 /etc/localtime ->
/usr/share/zoneinfo/Europe/Berlin
That's an Internet-connected system, running mail, web, DNS.
Do you sleep well at night exposing that system to the Internet? One
would question the amount of effort to ensure patch application (if at
all possible) on a system so far out of date...
If you are careful, and know what you do, and know what software to run,
you can get away with a very small number of patches.
Still, I do try to upgrade at least once a year.
Joachim
and behind a good firewall, even old systems like RH6 with a million
holes are never going to get exploited as long as you take proper care.
in a high volume, public facing infrastructure. there are too many
cpanel and IIS servers around to hack, trying to bust into an OBSD box
would mean you have to be a real hacker, like U4EA or DFENS or Radikahl
or Sidewinder or Tkiller or Datarape or.... One's looking for a car
with the doors unlocked, engine running, keys in the ignition, owner
nowhere in sight.
Can you show me some 3.6 exploits Alexander? It's hard to doubt someone
cares about their system when they hang out on the list. Perhaps
really, they actually know what they are doing eh?
Where would I get an exploit for 3.6?, which exploit would I choose?
Remote? How many hundreds of those are lying about for ready download?
Can you or anyone else we know on the list give a nice howto on this?
Just how easy is it compared to the old days when you could run nuke.c
on IRC chats and literally shut down someone's Mac Plus on them
mid-sentence? Now that was fun. Wasn't even a web back then, just
BITNET, majordomo, FTPlists, BB's, archie, WAIS, even encrypted chat
/dcc_chat /dcc_send (where'd that go?)
I have a 3.6 system right here, unpatched behind a firewall, and one not
behind a firewall. -i'd like to see some skills from the
fear-uncertainty-doubt 5th column since everyone's so absolutely sure
you'll get hacked if you turn on a computer at all and try to make it do
anything useful whatsoever.
uptime 412 days on #drgori he's running an ancient os because informix
hasn't altogether disappeared from the base of code run by our v1 app
made what, 6 years ago? boy if that one customer who needs it would
just scram. -practical need vs. non-useful-perfectionism. the ugly
flower never gets picked. I hayyyyte informix, but #drgori never goes
down, does it's job, and even though people try, -they just can't get
through the defenses in front of him.
Just curious Alexander. Just curious.
booya. biff y
-krb
