Hi Mike, Michael J. Schweppe wrote: > On Tue, 08 May 2001 02:04:48 -0700, George Toft > wrote: > > >> In the interest of maintaining a professional list, and a professional >> image, I would appreciate this type of posting not continue. It has no >> place here. > > > Would it have been equally as less professional to have shown a Linux > exploit? > > [...] > Yes it would. Read the weekly highlights from Security Portal and be aware that there are about 3-4 times as many Linux exploits each week than Microsoft exploits. Of course, this can be countered with the fact that a Linux distribution provides 20x (WAG) more software on the CD's than Microsoft does with Windows. > >> Highlighting Microsoft's inability to >> patch the same overflow from one IIS version to the next does not >> favorably promote Linux at all - in fact, it continues the negative >> "Hacker OS" image that so many are working to overcome. > > > This line of reasoning makes no sense. If MS has a quality issue we > should not discuss it because others have taken advantage of the > error/weakness and we thereby become guilty by some loose form of > association? > No - discussing it is fine. Posting exploit code, ready to compile makes us look very unprofessional. It's one step removed from posting the binary and a list of IIS targets. If there is an exploit, we should discuss it in the light of "how does it work, and are we vulnerable?" Knocking other products is Microsoft's FUD game - building a technologically superior product is ours. We know we're better. NT vs Linux is not a battle over the technical merits of one product or the other - it's a public relations battle and this type of posting (and this attitude) is not going to help. > >> Perhaps I'm showing my age, but I don't see how making some underpaid[1] >> NT admin's... > > > Underpaid! According to the link below, > > "The average reported salary was $65,528, and the overall median was > $63,000." > > [...] > Note 10 shows an $11K difference between NT and Unix admins. As an Engineer, I'm making $40-50K more than my NT counterparts here in Phoenix with similar experience and age. When they say MCSE's are a dime-a-dozen, they're not kidding. An MCSE friend of mine in Seattle is changing jobs, and he was getting offers in the $35K range (he has 4 years experience). He just accepted a position as an MCSE trainer for $58K. > >> References: >> 1. SANS Salary Survey, >> http://www.sans.org/newlook/publications/salary2000.htm, note 10. >> 2. Security Portal, >> http://securityportal.com/articles/ntspseven20010507.html >> 3. Computer Fraud and Abuse Act, 18 U.S.C. § 1030 > > > > Mike > ________________________________________________ > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail. > > PLUG-discuss mailing list - PLUG-discuss@lists.PLUG.phoenix.az.us > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss -- "Fate, it seems, is not without a sense of irony" - Morpheus