JB Hi-Fi website served malware (News Article)

David Fawcett omniwoof at gmail.com
Wed Dec 2 14:53:46 GMT 2009

No OS is free from hacking.

But some are more secure than others. Is linux more secure than windows?
It's really hard to say until it is the most popular and is really tested.

However I think that it's not an unreasonable argument to say that linux is
more agile than windows because it is open source.

Open source means it's peer reviewed before it even goes live. Sure one
person might see an exploit and not report it because they want to use it,
but chances are a dozen others will see the same exploit and point it out.
Then it gets fixed before it ever goes live.

Exploits that slip through the cracks will more than likely get jumped on
much more quickly because the code is available to anyone who wants to take
a crack at fixing it.

Windows doesn't have any of that. When code is written for windows it's only
written by MS. They don't have as many eyes review it and when exploits are
discovered by hackers it's only MS employees who are able to patch it
because only they have access to the source code.

Evidence to back this up? I don't know of any until linux really gets
tested. But I think the theory is fairly sound.

You could confidently knock the 'security through obscurity' argument on the
head though. Linux is open, Windows is not. From a hacking point of view
Windows is the obscure system because the source is not publicly available -
it's first line of defense for MS is assuming hackers don't have access to
the source code.

Which of course they do by now.

What was it I read ages ago about cryptography? Something along the lines
of, 'If you want to know if your cypher is secure then you have to assume
that the person cracking it knows exactly how your cypher works, every line
of code, every formula, how it was put together and it was done it that way.
Then you try to crack it and see if it holds up.'

On Thu, Dec 3, 2009 at 1:29 AM, IKT <noname420 at gmail.com> wrote:

> Hello all,
> Some nice comments on linux:
> http://www.theage.com.au/technology/security/jb-hifi-website-served-malware-20091201-k2p3.html?comments=23#comments
> "Visitors to jbhifi.com.au reported being automatically redirected to
> Chinese websites carrying malware. Similar issues affected JB Hi-Fi's New
> Zealand website, which is hosted on the same server.
> Those with anti-virus software and fully patched internet browsers would
> have been alerted to the security issue upon visiting the page but people
> without up-to-date protection could be infected without even knowing.
> Separately, one of the most popular Australian online communities for
> computer enthusiasts, Overclockers Australia, has been offline for several
> days due to technical issues. The site last week asked users to change their
> passwords due to a security scare.
> Users of the Australian broadband discussion forum Whirlpool, and users of
> the OzBargain.com.au website, reported<http://forums.whirlpool.net.au/forum-replies-archive.cfm/1330564.html>that, before the site was taken offline, visitors to
> overclockers.com.au were being redirected to the same malicious page<http://forums.whirlpool.net.au/forum-replies.cfm?t=1330492>as those who visited
> jbhifi.com.au.
> But it is not yet clear if the attacks are related.
> Whirlpool itself had a security scare last week and, like Overclockers,
> advised users to change their online passwords as some user data could have
> been compromised."
> The first response happened to be a boost for linux:
> Nina: "One simple solution to this, from a user's point of view, is to stop
> using Windows. I use a free Linux operating system called Ubuntu and don't
> even need virus protection software as it's built properly (unlike Windows).
> I also find it easier to use than Windows. These hackers would go out of
> business if people just stopped using Windows."
> Some responses to this:
> "Where as Linux, being free and all does not carry every piece of software
> people need."
> "@Nina: Security through obscurity? Really? Are you serious?
> No UNIX distro is immune from cyber attacks. Not as long as they have a
> root account with a password."
> "Nina, if people stopped using Windows then malicious software would be
> developed for Mac OS and Linux OS's."
> "Windows isn't the problem it is just a great/Popular OS for the hackers to
> target."
> "@Linux supporters
> Get a grip. Linux websites and online communities are so littered with
> technical jargon that even seasoned IT professionals struggle to comprehend
> how to use the software.
> Additional to this, linux community members have a habbit of slamming
> "noobs" when they look for help and pointing them in the direction of the
> wiki which usually contains even more technical mumbo jumbo and meaningless
> tripe."
> "@Those who blame windows for these problems:
> You are completely uneducated on this topic. Windows is here to stay and
> telling people to move away from it is like telling motorists to stop
> driving cars in order to avoid traffic or accidents."
> Is nina wrong or are we justified in saying that "These hackers would go
> out of business if people just stopped using Windows." ?
> In similar news OCAU has been down for nearly a week now,
> http://afknews.com/phpbb/viewtopic.php?f=3&t=93
> I am a sad panda :(
> --
> ubuntu-au mailing list
> ubuntu-au at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-au
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/ubuntu-au/attachments/20091203/e02236b8/attachment.htm 

More information about the ubuntu-au mailing list