Date: Fri, 15 Nov 2002 16:25:53 -0800 From: Terry Lambert <tlambert2@mindspring.com> To: Dru <dlavigne6@cogeco.ca> Cc: advocacy@freebsd.org Subject: Re: PR opportunity? Message-ID: <3DD59091.61B01AF0@mindspring.com> References: <20021115121330.S209-100000@dhcp-17-14.kico2.on.cogeco.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
Dru wrote: > I've been approached by a journalist from a security print magazine/daily > security newswire. I've been asked to comment on the tcpdump trojan and > the pattern of increased attacks against open source software FTP sites. > > My first instinct is to reply with a simple "no comment". However, I > wonder if this is a possible PR opportunity for a very carefully worded > response from the FreeBSD community. > > Comments, suggestions? It's the next escalation in the computer security arms race, and we've been expecting it. Unfortunately, security is a journey, not a destination. This really isn't purely a "FreeBSD thing" or an "Open Source thing": Microsoft is facing the same attacks, if Windows ever becomes harder to attack directly. As more and more companies are switching from Microsoft operating systems to FreeBSD and other Open Source alternatives, hackers are finding it more and more difficult to attack them directly. Once you can't attack an operating system like FreeBSD directly, you have to attack it indirectly; this is most easily done by attacking the applications it runs, instead. If Microsoft Windows wasn't so easy to break into, you would see the same thing happening to Windows applications. Keep in mind that what they have really compromised in not FreeBSD, or even the Open Source application -- in this case tcpdump -- but the servers and software that delivers the application to the users. This is a classic "man in the middle" attack. Now that Microsoft has moved to a subscription service, where you pay for the same software over and over, and give Microsoft total access to your computer to update or modify the data on it, they are vulnerable to these kinds of attacks, as well as attacks on the middleman they use to access your computer. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-advocacy" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3DD59091.61B01AF0>