Pages:
Author

Topic: About Mt. Gox flaw from a security expert - page 13. (Read 34182 times)

member
Activity: 140
Merit: 10

As "serious" is not defined and subjective

check better Smiley

Quote

and the number of running systems is not known/hard to estimate (Linux gets used in embedded environments too, where it will never show up in "server statistics")

Also BSD is implemented in EE. Anyhow since we're speaking of webservers, we have good estimators for this quantity.


Quote
I can only say with 0.99 confidence level, that you are far off topic by now. Roll Eyes


Lol (L)
legendary
Activity: 2618
Merit: 1007
Given that parameter Psi  = [ ( # of serious security flaws - 1 ) / ( #  of running systems )^2 ] remapped in [0, 1]

Do you agree that, with a confidence level of 0.99,  the correlation between the parameter Psi and Linux is stronger than with FreeBSD?

As "serious" is not defined and subjective and the number of running systems is not known/hard to estimate (Linux gets used in embedded environments too, where it will never show up in "server statistics") I can only say with 0.99 confidence level, that you are far off topic by now. Roll Eyes
member
Activity: 140
Merit: 10
Maybe my sources were biased?
Except for the sales piece made by a FreeBSD fan they probably weren't, but the way you use them is.

Ok. Let's rephrase my previous sentence:

Given that a Serious security flaw is a flaw that permits privilege escalation, or leakage of database.

Given that parameter Psi  = [ ( # of serious security flaws - 1 ) / ( #  of running systems )^2 ] remapped in [0, 1]

Do you agree that, with a confidence level of 0.99,  the correlation between the parameter Psi and Linux is stronger than with FreeBSD?


legendary
Activity: 1284
Merit: 1001
Maybe my sources were biased?
Except for the sales piece made by a FreeBSD fan they probably weren't, but the way you use them is.
member
Activity: 140
Merit: 10

So your cherry picking of data points is objective, but pointing out the obvious fact that you're cherry picking is subjective?

Also, I have never said anywhere that Linux is more secure than *BSD.


I'm not sure what we are discussing about.


Quoting a reliability chart is cherry picking?

Quoting a vulnerability chart is cherry picking?

Maybe my sources were biased?

Are you suggesting that there is no significant statistical difference between Linux/FreeBSD reliability/security?


My opinion is that this is just free polemic. Maybe I'm wrong.
legendary
Activity: 1284
Merit: 1001
I'm not going to start a flamewar. Please respect my objective opinion. I will respect your personal belief.
So your cherry picking of data points is objective, but pointing out the obvious fact that you're cherry picking is subjective?

Also, I have never said anywhere that Linux is more secure than *BSD.
member
Activity: 140
Merit: 10


 even though being freebsd smaller, this is a biased comparison.



I totally agree with you on this metric. Obviously, it follows with what I, a bona-fide security expert grade III red belt level with tactical upgrades and laser vision (tm), have always said: The most reliable, least vulnerable way to serve webpages is through a modified vintage 1995 Nintendo Virtual Boy.


[more flamewar]


Maybe you should read more carefully my posts.
full member
Activity: 140
Merit: 100

As an expert you should be aware that security and reliability is not the same thing. Also, if you look at the full table, the bottom two providers with a lot higher outage than everybody else run FreeBSD. If you calculate an average, FreeBSD will be much worse than the other solutions. Basically you can pretty much get any result you want from this list.

Reliability in strongly connected to Security. If you need to patch, reboot, or manage an intrusion then your reliability goes down. It also means that there is less security maintenance (even though freebsd update process is more obscure).

The table show us that if you want to be the most reliable, you need to choose unix.


Or you can count privilege escalation: 61 bugs in the last 7 years for linux, 3 for freebsd.

Or you can count vulnerabilities, even thought being freebsd smaller, this is a biased comparison.

Or you can do very rough estimation:

Google "Hacked by"+ linux: 2.3 millions results

Google "Hacked by"+ Freebsd: 230.000 results (one fold less!!!)


Anyhow let's put this way: My opinion is that FreeBSD is the most secure,  reliable and scalable OS. You think that Linux is more secure than FreeBSD.


I totally agree with you on this metric. Obviously, it follows with what I, a bona-fide security expert grade III red belt level with tactical upgrades and laser vision (tm), have always said: The most reliable, least vulnerable way to serve webpages is through a modified vintage 1995 Nintendo Virtual Boy.

Google agrees with me, as "Hacked by"+"virtual boy" has a mere 61,300 results.

Prove me wrong. I dare you, because I just bought a pair of x-pert system II zookas and a nintendo power glove. It's hooked to my keytar, with a wii wammy bar and a silicon 3d aggregator nanostruts mashup through UG ajax immersion portals.

Obviously, this is all coded in COBOL. It's the safest language.
member
Activity: 140
Merit: 10

http://en.wikipedia.org/wiki/Correlation_does_not_imply_causation

Especially when you're picking data as selectively as you do.

I'm not going to start a flamewar. Please respect my objective opinion. I will respect your personal belief.

http://people.freebsd.org/~murray/bsd_flier.html

http://www.cvedetails.com/vendor/6/Freebsd.html

http://www.cvedetails.com/vendor/33/Linux.html

Not only freebsd has less vulnerabilities, but they are also less serious (check exploit or data execution)
legendary
Activity: 1284
Merit: 1001
The table show us that if you want to be the most reliable, you need to choose unix.
http://en.wikipedia.org/wiki/Correlation_does_not_imply_causation

Especially when you're picking data as selectively as you do.
member
Activity: 140
Merit: 10

As an expert you should be aware that security and reliability is not the same thing. Also, if you look at the full table, the bottom two providers with a lot higher outage than everybody else run FreeBSD. If you calculate an average, FreeBSD will be much worse than the other solutions. Basically you can pretty much get any result you want from this list.

Reliability in strongly connected to Security. If you need to patch, reboot, or manage an intrusion then your reliability goes down. It also means that there is less security maintenance (even though freebsd update process is more obscure).

The table show us that if you want to be the most reliable, you need to choose unix.


Or you can count privilege escalation: 61 bugs in the last 7 years for linux, 3 for freebsd.

Or you can count vulnerabilities, even thought being freebsd smaller, this is a biased comparison.

Or you can do very rough estimation:

Google "Hacked by"+ linux: 2.3 millions results

Google "Hacked by"+ Freebsd: 230.000 results (one fold less!!!)


Anyhow let's put this way: My opinion is that FreeBSD is the most secure,  reliable and scalable OS. You think that Linux is more secure than FreeBSD.
legendary
Activity: 1284
Merit: 1001
Here's a list of the most reliable hosting solutions.

The first 3 spots, are linux or unix?
As an expert you should be aware that security and reliability is not the same thing. Also, if you look at the full table, the bottom two providers with a lot higher outage than everybody else run FreeBSD. If you calculate an average, FreeBSD will be much worse than the other solutions. Basically you can pretty much get any result you want from this list.
member
Activity: 140
Merit: 10

Ummm... I will humbly step down from my position now.   Cheesy

My first reply to you was:
Yes, security is important. & then I quoted and linked to a message on the MtGox site. I am not the owner of the exchange, but welcome to the forum muad_dib.

Sorry I thought you were the owner of the exchange Smiley

member
Activity: 140
Merit: 10
@muad_dib

At first you post seemed wise, but

1) Use the right software. IIS is a big no-no Smiley Also Linux should frowned upon. Unix is the way to go.

I stopped reading right here.

I don't know who you are, but you know nothing about security.

I will not start a flamewar here, I just want to make you a quick question:

Here's a list of the most reliable hosting solutions.


The first 3 spots, are linux or unix?
legendary
Activity: 2114
Merit: 1040
A Great Time to Start Something!
(K)

Please just be safe, remember you are the most eminent member of the bitcoin community. Remember you are not playing against simple hackers, you are playing against the top level security like the intelligence or the PRC army.

I am the most eminent member of the bitcoin community?
Ummm... I will humbly step down from my position now.   Cheesy

My first reply to you was:
Yes, security is important. & then I quoted and linked to a message on the MtGox site. I am not the owner of the exchange, but welcome to the forum muad_dib.
legendary
Activity: 1470
Merit: 1006
Bringing Legendary Har® to you since 1952
@muad_dib

At first your post seemed wise, but

1) Use the right software. IIS is a big no-no Smiley Also Linux should frowned upon. Unix is the way to go.

I stopped reading right here.

I don't know who you are, but you know nothing about security.
member
Activity: 140
Merit: 10


The problem with this community is it's full of people trying to make money.


trust me: if I were in the bitcoin business for the money, I would have stolen the bitcoin from the mtgox accounts I violated.


With the actual design of most of the Bitcoin exchanges password can be spoofed anytime you connect via a wireless network.


Bitcoin exchanges needs to take further steps to secure their customers, and need not to copy other people design, as it could propagate flaws in the market.
newbie
Activity: 56
Merit: 0


No thanks, I can find it myself.   Cheesy

(K)

Please just be safe, remember you are the most eminent member of the bitcoin community. Remember you are not playing against simple hackers, you are playing against the top level security like the intelligence or the PRC army.


Listen to this man. He has hit this right on the nose. It should also tip you on to the perceived potential value of bitcoins.
newbie
Activity: 29
Merit: 0
If you own an exchange and would like to be safer, for a small fee (in the 5 figures)...

for a small fee, and the promise of not being persecuted...

The problem with this community is it's full of people trying to make money.
member
Activity: 140
Merit: 10


No thanks, I can find it myself.   Cheesy

(K)

Please just be safe, remember you are the most eminent member of the bitcoin community. Remember you are not playing against simple hackers, you are playing against the top level security like the intelligence or the PRC army.
Pages:
Jump to: