I'm sorry Janice you are sadly mistaken.

The hacking days will end when the human element is taken out of computing administration. I have compromised BSD systems, yes using several "low hanging fruit", point is it can and will always be done.

Whatever the reason that systems will be compromised, it is like the author said a fantasy world to believe any software is "secure", it is only as good as the programmers forethought into that security.

With the breakneck pace companies are setting these days to release software on time, and under budget, I think things will likely get worse before they get better. There will always be some unforeseen input or logic the programmer didn't acount for that will render his code vulnerable. I was taught that figuring out what you want your program to do is the easy part, writing it is a little more challenging, but writing it to take into account every miniscule way a user may use it is impossible.

The only thing we can do, is educate ourselves and the users we admin to as to the risks that are out there. A more pro-active stance on security as opposed to reactive.

It's easy to say your system is invulnerable, and yes if your holding the patch cable and never hook it up, never let anyone touch any interfaces then it is, but the moment it goes live it's exposed to whatever, or whomever is out there.

Please don't take this the wrong way, I am am avid Linux user myself and I love the core OS, I love what the Open Source community is about.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/313/31344#31344