Smelly Pooh wrote:
> They do indeed, but as others have already mentioned, security through
> obscurity. It is only the assembly code used in a buffer overflow that is
> hardware specific, the buffer overflow exists in all platforms compiling the
> same source. What's worse is that this assembly code is generally identical
> for all buffer overflows on the same platform, just assembly code to get stack
yes, but script kiddies - by far the biggest generator of attacks - know
intel assembly if they know any at all. going with other platforms
makes their job harder, which gives an admin more time. and while
proactive security is better, time is an important thing to have if
you're reacting.
as an aside, i don't think "alternative" platforms are secure. i just
think of it as taking advantage of a statistical reality - most root
kits get built for i386/sparc. think of it like an airbag: used with a
seat belt and safe driving it might save your life; ram a tree at 80 w/o
a seatbelt and it might help kill you.
kevin
--
kevin at suberic.net "we were goin' for breakfast. in canada. we
fork()'ed on 37058400 made a deal: if she'd stop hookin', i'd stop
meatspace place: home shootin' people. maybe we were aiming high."
--porter, "payback"
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
