Open BSD has to be the weakest secure system evAr...

[complacent]

I mean, come on people!! This is what, like the [/b]SECOND[/b] security patch released in the past 10 years?!?!

Rank amateurs I tells ya.

[chicken n waffles]

[Cereb Daithi]

It takes them a while

[schvin]

dude... when i saw the subject...

i KNOW you're just trying to get a rise out of somebody

[complacent]

dude... when i saw the subject...

i KNOW you're just trying to get a rise out of somebody

It was too funneh to pass up. There isn't anoth operating system in the entire world that is as secure as OpenBSD. Nothing even comes remotely close.

Can you imagine *ANY* other OS being that secure?!? We'd all be jobless... Especially you!

[Sabre]

lol, when I saw the title, I figure it was a ruse... You KNOW you'd get a rise out of me for that one

<goes back to installing FreeBSD on a server.... no, I'm not kidding...>

[schvin]

dude... when i saw the subject...

i KNOW you're just trying to get a rise out of somebody

It was too funneh to pass up. There isn't anoth operating system in the entire world that is as secure as OpenBSD. Nothing even comes remotely close.

Can you imagine *ANY* other OS being that secure?!? We'd all be jobless... Especially you!

truth

[avriette]

I mean, come on people!! This is what, like the [/b]SECOND[/b] security patch released in the past 10 years?!?!

You know, I've actually been lecturing on this all week. I've been really surprised at how much faith people put in "secure systems." OpenBSD is phenomenally secure. They have more or less the right idea for how to create a secure system (DISA tends to recommend that you "turn off things you don't need." The correct approach for securing systems is to only turn on things you need, leaving everything off. OpenBSD calls this 'secure by default', and it is the right approach).

However, even today (this is the last day of the class, they're getting the exam tomorrow), I had to give like a half hour lecture on why the very secure isn't. They looked at me in amazement when I explained:

"So let's imagine the world's most secure system. You have a network and applications that are absolutely impenetrable. You're storing all your fancy mission data on it, knowing that your targeting data and intelligence data are absolutely safe on the system.

At the end of the day, you leave the office, comforted by the fact your data is safe.

When you get home, you say hello to the wife and kids, and fire up your email client and answer an e-mail from your mother asking how you're doing and what you've been up to, by voicing your frustrations with the way the war is going, including mission data."

I thought this kind of thing was glaringly obvious.

So, sure, OpenBSD is secure. But, human elements make it only as secure as the least secure part of it. Pricks like Theo screaming from the hilltops about how secure it is (making it a huge target; I'm sure we remember the *GOBBLES* days – these were aimed squarely at Theo, not just the OS), and idiot sysadmins who install it thinking that by running the world's most secure operating system, there is no way their data can be compromised.

See also: SELinux. Trusted Solaris.

[schvin]

yeah. welcome to life. good point though.

[schvin]

yeah. welcome to life. good point though.

that came off a bit harsher than intended. pls disregard. long day.

[complacent]

yeah. welcome to life. good point though.

that came off a bit harsher than intended. pls disregard. long day.

I see no fault in that statement man. Ppls r being not smart. Everyday. "We" are always the weakest link in ANY network....

Did anyone read that vulnerability study done at a (I think) swiss bank? The infosec team placed like 50 usb flashdrives in the parking lot of the bank, each drive containing various scripts and malware... By noon the same day ALL 50 drives had reported back to their server, containing various passwords, documents, etc. Like I said, ppls r being dumb.


(Poor Theo, always getting picked on! ) hahaha

[WRXWagon2112]

But, human elements make it only as secure as the least secure part of it.

I can't remember where I heard/read/saw it but apparently the most often used means to hack into a system is the use of social engineering - not actual computer skillz.

You're absolutely right - a secure system is only as secure as the people who use it.

--Alan

[schvin]

yeah, that swiss thing was hilarious! good stuff

[Libra Monkee]

a secure system is only as secure as the people who use it.

--Alan

Didn't Kevin Mitnik say that in "The Art of Deception"?