[coyotos-dev] Thoughts on (non)persistence

Jonathan S. Shapiro shap at eros-os.org
Thu Jan 27 07:01:07 EST 2005


On Thu, 2005-01-27 at 02:12 +0000, David Hopwood wrote:
> Most security flaws in existing systems are in code that is outside the 
> kernels of those systems, but that is nevertheless relied on by users.

David:

I would say rather that most of the exploits to date have exploited
flaws of this sort. In fact, there is evidence that certain very
professional attackers have launched attacks on the OS code itself in
attempting to penetrate. Further, my sense is that the attackers are
still going after low hanging fruit. They haven't noticed the OS mainly
because other things are easier targets.

Heck. Why bother reading the XP code when IIS is an open door?

shap



More information about the coyotos-dev mailing list