Date: Thu, 10 Dec 2009 11:53:19 -0600 From: J Sisson <sisson.j@gmail.com> To: Anton Shterenlikht <mexas@bristol.ac.uk>, freebsd-questions@freebsd.org, freebsd-current@freebsd.org Subject: Re: Root exploit for FreeBSD Message-ID: <4297a9020912100953w4da66c89w2af37b9872c271aa@mail.gmail.com> In-Reply-To: <20091210162150.GA1135@mech-cluster241.men.bris.ac.uk> References: <20091210144141.GB834@mech-cluster241.men.bris.ac.uk> <20091210095122.a164bf95.wmoran@potentialtech.com> <20091210162150.GA1135@mech-cluster241.men.bris.ac.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Dec 10, 2009 at 10:21 AM, Anton Shterenlikht <mexas@bristol.ac.uk>wrote: > Perhaps I should start putting together > some statistics to make my case more forcefully. > I fought the same battle at the Univ. I attended (as a student). They were an M$ shop as well and had issues with me running OpenBSD. I stuck to it and finally got a "straight" answer from the Dean of CS: "I don't know anything about OpenBSD...please just use Windows and be like everyone else!". Odd, I thought that one role of higher education is to teach critical thinking, which by definition means disagreements will (and should!) occur. Apparently I was wrong. I later took a independent study at the same Univ. I wanted to compare security records for various OS's (FreeBSD and OpenBSD being listed in there). This was rejected in favor of me doing security research for Windows...so I wrote a program to demonstrate why Admins shouldn't blindly trust even system code (Windows Server 2003...stuff like netstat and task manager) and demonstrated that to the graduate level network security class (I was an undergrad at the time). I completely gave up when the grad students followed suit with the dean and tried arguing with me that my code was "hacked together specifically to exhibit the behavior I was trying to demonstrate"...as if it wasn't *real* and it couldn't be used to a malicious user's advantage. I guess it doesn't exist in the security world (according to the previously mentioned grad students) if it's not "mainstream thinking"...I feel sorry for the companies that depend on those idiots for security. If they've bought into M$ FUD, no amount of statistics/code/demonstrations will help. I'd skip the statistics in favor of putting together a resume.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4297a9020912100953w4da66c89w2af37b9872c271aa>