Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 10 Dec 2009 11:53:19 -0600
From:      J Sisson <sisson.j@gmail.com>
To:        Anton Shterenlikht <mexas@bristol.ac.uk>, freebsd-questions@freebsd.org,  freebsd-current@freebsd.org
Subject:   Re: Root exploit for FreeBSD
Message-ID:  <4297a9020912100953w4da66c89w2af37b9872c271aa@mail.gmail.com>
In-Reply-To: <20091210162150.GA1135@mech-cluster241.men.bris.ac.uk>
References:  <20091210144141.GB834@mech-cluster241.men.bris.ac.uk> <20091210095122.a164bf95.wmoran@potentialtech.com> <20091210162150.GA1135@mech-cluster241.men.bris.ac.uk>

next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Dec 10, 2009 at 10:21 AM, Anton Shterenlikht <mexas@bristol.ac.uk>wrote:

> Perhaps I should start putting together
> some statistics to make my case more forcefully.
>

I fought the same battle at the Univ. I attended (as a student).  They were
an M$ shop as well and had issues with me running OpenBSD.  I stuck to it
and finally got a "straight" answer from the Dean of CS:  "I don't know
anything about OpenBSD...please just use Windows and be like everyone
else!".

Odd, I thought that one role of higher education is to teach critical
thinking, which by definition means disagreements will (and should!) occur.
Apparently I was wrong.

I later took a independent study at the same Univ.   I wanted to compare
security records for various OS's (FreeBSD and OpenBSD being listed in
there).  This was rejected in favor of me doing security research for
Windows...so I wrote a program to demonstrate why Admins shouldn't blindly
trust even system code (Windows Server 2003...stuff like netstat and task
manager) and demonstrated that to the graduate level network security class
(I was an undergrad at the time).  I completely gave up when the grad
students followed suit with the dean and tried arguing with me that my code
was "hacked together specifically to exhibit the behavior I was trying to
demonstrate"...as if it wasn't *real* and it couldn't be used to a malicious
user's advantage.

I guess it doesn't exist in the security world (according to the previously
mentioned grad students) if it's not "mainstream thinking"...I feel sorry
for the companies that depend on those idiots for security.

If they've bought into M$ FUD, no amount of statistics/code/demonstrations
will help.  I'd skip the statistics in favor of putting together a resume.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4297a9020912100953w4da66c89w2af37b9872c271aa>