Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 23rd, 2015
Linux Advisory Watch: March 20th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

A Couple Points on the "Open Source War" Print E-mail
User Rating:      How can I rate this item?
Source: Ed-Tech Insider - Posted by Pax Dickinson   
Host Security I hadn't actually noticed the Security Innovation study comparing the frequency of reported security problems in the Windows and open source web application server stacks. These kinds of surveys and tests are pretty easily manipulated. But since eSchool News has an article on the matter, I might as well weigh in.

If you're interested in this matter at all, you should go straight to the primary source material: the Red Hat and Microsoft security advisories. Your milage may vary, but my scans of the two lists shows a lot of Red Hat fixes that are mostly irrelevant to my simple web server, unless I've given lots of untrustworthy and industriously malicious people shell access to log in to the server. On the other hand, I see lots more references to "remote code execution" on the Microsoft site, which is what I'm really afraid of when I'm exposing a server to the internet.

That is, I don't want this to happen to me:

An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could install then programs; view, change, or delete data; or create new accounts with full user rights.
If you still feel safer with Microsoft after reading over the actual advisories, then God bless you.

Read this full article at Ed-Tech Insider

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Tech Companies, Privacy Advocates Call for NSA Reform
Google warns of unauthorized TLS certificates trusted by almost all OSes
How Kevin Mitnick hacked the audience at CeBIT 2015
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.