Heavy software

My recent complaints about WordPress elsewhere reminded me of something. The back cover of the OpenBSD 5.0 CD set had a funny blurb. (Bear in mind that there was a Spy vs Spy theme for the set.) Here it is.

Consider a typical progression of the past few years.

White: Sets up FTP server.

Black: Uses it to distribute all of the Internet's porn.

White: Gets usage bill, learns to turn off anonymous uploads.

Black: Changes password, disables unneeded accounts.

Black: Uses sendmail bug to break in, starts backdoor disguised as nfsd. Continues spamming.

White: Rebuilds machine. Sets up web server. Reads someone's mention of OpenBSD.

Black: Breaks in via telnet options negotiation bug. Kills syslogd, blows away /var/log, installs his own ssh key for root, and starts serving malware to XSS victims running Internet Explorer.

White: Rebuilds machine, enables firewall, disables unneeded services. Starts trolling security groups passing himself off as the product of hard-won experiences. Some of the people he argues with use OpenBSD.

Black: Breaks in using Apache chunked encoding bug 2 months after exploit is available. Installs latest patches. Installs full-blown root kid and botnet command and control daemon.

White: Discovers server is in multiple blacklists when ISP kills internet connection. Rebuilds server. While waiting for new network, decides to try OpenBSD and is pleased with it.

Black: Disappointed, goes elsewhere.

White: Decides to install PHP and a database.

Black: Happy once again...

Escape the MAD cycle of attack and defense!