just incase you missed it

George Toft plug-discuss@lists.PLUG.phoenix.az.us
Tue, 08 May 2001 09:03:11 -0700 

Hi Mike,

Michael J. Schweppe wrote:

> On Tue, 08 May 2001 02:04:48 -0700, George Toft
> <george@georgetoft.com> wrote:
> 
> 
>> In the interest of maintaining a professional list, and a professional
>> image, I would appreciate this type of posting not continue.  It has no
>> place here.  
> 
> 
> Would it have been equally as less professional to have shown a Linux
> exploit?
> 
> [...]
> 

Yes it would.  Read the weekly highlights from Security Portal and be aware 
that there are about 3-4 times as many Linux exploits each week
than Microsoft exploits.  Of course, this can be countered with
the fact that a Linux distribution provides 20x (WAG) more software
on the CD's than Microsoft does with Windows.



> 
>> Highlighting Microsoft's inability to
>> patch the same overflow from one IIS version to the next does not
>> favorably promote Linux at all - in fact, it continues the negative
>> "Hacker OS" image that so many are working to overcome.
> 
> 
> This line of reasoning makes no sense.  If MS has a quality issue we
> should not discuss it because others have taken advantage of the
> error/weakness and we thereby become guilty by some loose form of
> association?
> 

No - discussing it is fine.  Posting exploit code, ready to compile
makes us look very unprofessional.  It's one step removed from
posting the binary and a list of IIS targets.  If there is an exploit,
we should discuss it in the light of "how does it work, and
are we vulnerable?"  Knocking other products is Microsoft's FUD
game - building a technologically superior product is ours.  We
know we're better.  NT vs Linux is not a battle over the technical
merits of one product or the other - it's a public relations battle
and this type of posting (and this attitude) is not going to help.



> 
>> Perhaps I'm showing my age, but I don't see how making some underpaid[1]
>> NT admin's...
> 
> 
> Underpaid!  According to the link below,
> 
> "The average reported salary was $65,528, and the overall median was
> $63,000."
> 
> [...]
> 

Note 10 shows an $11K difference between NT and Unix admins.  As
an Engineer, I'm making $40-50K more than my NT counterparts here
in Phoenix with similar experience and age. When they say MCSE's are

a dime-a-dozen, they're not kidding. An MCSE friend of
mine in Seattle is changing jobs, and he was getting offers
in the $35K range (he has 4 years experience). He just
accepted a position as an MCSE trainer for $58K.

> 
>> References:
>> 1. SANS Salary Survey, 
>> http://www.sans.org/newlook/publications/salary2000.htm, note 10.
>> 2.  Security Portal, 
>> http://securityportal.com/articles/ntspseven20010507.html
>> 3.  Computer Fraud and Abuse Act, 18 U.S.C. § 1030
> 
> 
> 
> Mike
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
> 
> PLUG-discuss mailing list  -  PLUG-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss


-- 
"Fate, it seems, is not without a sense of irony" - Morpheus