[ubuntu-my] Gempar dari Awal Mart!!

Yusof Khalid - FreeBSD / OpenBSD fryshadow at gmail.com
Thu Jun 25 14:07:33 BST 2009 

I think this topic can be close.

On Thu, Jun 25, 2009 at 6:07 PM, Chow Loong Jin <hyperair at gmail.com> wrote:

> On Thursday 25,June,2009 04:15 PM, zarul shahrin wrote:
> >
> >     Yes and no. The thing about Windows is that it can be infected
> without
> >     you even touching a single web page. Just connect to the Internet
> >     without a firewall, and leave it connected for some minutes without
> >     doing anything. The sasser worm hit me that way once.
> >
> >
> >   Sasser spread by exploiting unpatched system that is vulnerable to
> > LSASS security hole. If you study the case, most of the infected
> > machines were not patched even though the patch was being avaiable weeks
> > earlier.  Nobody can save you if you're not willing to patch your
> > machine. Just like in the case of conficker, the most vulnerable users
> > were users who didn't patch their system. The hits were worst in certain
> > countries where many of the users were using pirated version of windows
> > thus were not able to get the windows update working. Talking about
> > "being remotely exploited" compare to Linux OS, I guess windows has far
> > lesser remotely exploitable vulnerabilities. Please google for the
> > statistics, if you have been into linux long enough, you should know how
> > pretty much every webserver running apache running openssl were being
> > rooted couple of years back and many machine machines were still
> > vulnerable even after 1 year.
> Sasser hit me on a freshly installed machine, just as I was downloading
> Windows Updates. So yes, you are right that it exploits unpatched
> machines, but you are wrong about it affecting only those who are not
> willing to install software patches for their systems.
>
> >     Then there are
> >     some which can infect you via some vulnerabilities in Internet
> Explorer.
> >   Weird, because we are seeing malware exploiting web browsers like
> > Firefox and Safari all the time in the lab :-P
> Haven't seen any so far ;-) But either way, I'd imagine that an
> exploitation of a vulnerability Internet Explorer could go much further
> than an one in Firefox or Safari, due to how integrated it is with the
> system.
>
> >     Such vulnerabilities are generally not present in *nix OSes.
> >   This is a common argument for people who don't work in the security
> > industry..
> Sure it is. And your argument is a pretty common argument too, for many
> who don't use a *nix. But it does hold some truth, though. Chances are,
> however, that *nix users are more educated, since it does have a
> slightly geekier outlook than Windows does.
>
> This is a good read, by the way:
> http://librenix.com/?inode=21
>
> --
> Regards,
> Chow Loong Jin
>
>
> --
> Ubuntu-my mailing list
> Ubuntu-my at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-my
>
>


-- 
OSS'ers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/ubuntu-my/attachments/20090625/336b6322/attachment-0001.htm

More information about the Ubuntu-my mailing list