On Tue, 18 Aug 1998 [EMAIL PROTECTED] wrote: > I was having a discussion with my ISP about Linux. He said he uses > Windows NT because it is much more secure than Linux. He stated that > since the source code was available that it was very unsecure. He
This is known as 'security through obscurity' NT is more secure because some smart person can't look at the source code and find a bug. Trouble is there is a 50/50 chance of a smart person looking at linux's source code and: 1 - Exploiting the bug 2 - Reporting the bug So it all manages to work out :> With NT the people looking for bugs generally do so with an intent to exploit. > mentioned something about attaining root access by downloading > /etc/passwd and de-crypting the passwords. He bases this on a source > called cicia.org. He said it reflected several cases of insecurity This is cute :> No, you can't decrypt unix passwords, they use a hashing technique, the best you can do is guess. NT uses an IDENTICAL system of password management, save for the fact that they use MD4 hashes. If you donwload the windows registry from an NT machine you can subject it to the same attack. > regarding Linux. I would like to know from a more qualified source as > to how to respond to this. I have been using Debian for a few months There is a site someplace with security holes in NT, it's quite the impressive list and is esially comparable to the unix list (which includes alot more software) I don't have the url unfortunately. Jason
