On Feb 13, 11:13 am, Roy Schestowitz <newsgro...@xxxxxxxxxxxxxxx>
wrote:
> Microsoft Windows: Insecure by Design
> http://www.washingtonpost.com/ac2/wp-dyn/A34978-2003Aug23?language=pr...
My favorite quote from this article:
<quote>
In its default setup, Windows XP on the Internet amounts to a car
parked in a bad part of town, with the doors unlocked, the key in the
ignition and a Post-It note on the dashboard saying, "Please don't
steal this."
</quote>
While Linux amounts to a car, parked in a guarded garage, that has
video cameras at every entrance and at every row in the garage, the
car doors are locked, the driver has both the keys and the electronic
fob required to start the car, and if the car is hotwired, the lojack
alert is triggered automatically. The car thief knowns that if he
even tries to mess with this car, he will get about 2 miles down the
road before the police office pulls him over, with the search warrant
and the arrest warrant already approved. Even a little joy ride could
result in charges of grand theft auto, and with a plea bargain, he
might be able to get out of prison in 2-3 years.
Why do you think that hackers don't want to mess with Linux? Because
they don't think releasing a "killroy was here" virus into a few
thousand well armored Linux machine is worth 20-life (possibility of
forced to serve consecutive sentences for each machine corrupted or
trespassed).
Computer trespassing is a crime. And when hackers attempt to trespass
into UNIX systems, such as those used to control railroads, telephone
circuits, financial transactions, government records or military
operations - it is very aggressively enforced. Furthermore, it's a
federal crime in the United States which means that if convicted, the
judge has almost no latitude in sentencing and there is no parole or
"time off for good behavior". When someone hacks into a UNIX system
(or a Linux system), the lawyers generally encourage their clients to
accept a plea bargain in which they are charged with only one count.
Let's face it. In the scenario above, the thief enters the Garage
with 2 friends, where he is video taped walking to the entrance, in
the elevator, getting off at the car's floor, the video cameras catch
him walking through the isles to the target car, the cameras record
him using his Slim Jim to get the door open, record the honking of the
horn as the ignition alarm is bypassed (by now the guard has seen the
action and has called the police). At this point, the thieves leave
the garage, not realizing that the police are waiting and tracking the
Lojack, and once they get about 2 miles away, they can be arrested for
the highest possible crime without recorse to "we was just playin'".
The defense attorney will see the tape, and realize that he doesn't
have a prayer of winning the case, and encourage is clients to plead
guilty to a lesser charge of joyriding which has a lower maximum
sentence.
If the client is stupid enough to try to fight the case, he could also
be found guilty of trespassing, vandalism, and if the tape caught any
other illegal activities, all of those other activities as well (under-
age smoking, under-age drinking, drug dealing), and of course, grand-
theft auto. The secondary offenses by themselves are petty
misdimeanors, but when added to the grand-theft, assure that a much
stiffer sentence will be imposed.
This is why so many Linux and Unix systems have honeypots. You crack
your way in, ignore the "no trespassing" sign, and try to log in as
root, after several attempts you appear to break in, think you are
doing cute things to the server, maybe even stealing some credit card
numbers, and you even read some private e-mails and delete some
files. What you didn't realize was that the honeypot was a faked
system and every action you have attempted to do, has been recorded as
your connection information was being relayed to the FBI, who traced
your connection and have called the local police to pick you up. By
the time the doorbell rings, and the plain-clothes cop shows up, he
already has the search warrant, and you are so busted that you could
spend the next 14 years in jail just for the one act.
Most of the victims of these crimes don't like a lot of publicity.
This is why the prosecutors are willing to accept the plea bargain.
But ask Kevin Mitnick about how nasty they can get when you don't
cooperate.
|
|
