Cleaning up a minor security argument

I saw a slashdot article this morning about Apple releasing more vuln fixes. In the comment section, discussion broke into the usual “why do people think Macs are safer then Windows” arguements. The two major points of “it has less of a market” and “it’s just more secure” went back and forth. I happen to think both are an oversimplification of the subject.

Vuln finding is a function people of going after whatever is currently easiest. Many attackers have broaden their horizons to other platforms once Windows became significantly more secure and harden against attack. Oracle was the next major target and Apple might be the one after. I admit that I love the irony of the switch after both companies choose to market on how they must be more secure since people weren’t finding vulns in them.

Exploits on the other hand is based on the business case these days. The vulns are available but Windows didn’t have the magnitude of the problem it did until there was a profit motive to create bot networks.

So to put it together, vulns found help you tell about the security of an area, exploiting tells you about how profitable a particular OS is to attack. The corollary of this rule is that as a random host you are as profitable as the OS, as a specific host with specific data or rights you are as valuable to attack as that data or rights. The result being that if your data is valuable is doesn’t matter that there are few exploits for your box when there are plenty of vulns.


7 Hills of Kirkland

Today I did the 7 11 Hills of Kirkland, which involves 4,600 ft of climbing over 58 miles. Since I got another broken spoke 25 miles into the Saturday CTS training series ride and had gotten new wheels to fix it the same day, this was a bit of a make up session. Aside from mileage I was glad to see that the climbing was close to what the RAMROD training series ride did this weekend. Previously I’ve never ridden Seminary Hill had not gone up Winery Hill, so it was nice to get some exposure to both of those forms of torture. Favorite Hill was Norway Hill, least favorite was Novelty Hill (long, busy street and I had to go to the bathroom bad). Second least favorite was Old Redmond Road Hill, where I was getting passed a bit. I’m still getting some thigh cramps at different points, but nothing near as bad as one of the last rides I did. One guy was on the ground and in pain at the bottom of Winery road from painful thighs. I had a twinge going up the steep part, but no real need for compensation till the last climb of education hill, and I did allot better then the previous RAMROD training series ride that I had to abort by climbing the Snoqualmie parkway hill.

Popfly looks damn cool

Go watch the screencast about Microsoft Popfly. It’s a mashup builder using Silverlight. It looks awsome and the screencast includes using World of Warcraft data to build a Mashup Site.

Back in the rides

Last night I finally got back into the tues/thursday rides with Per’s Eastside Tours. While Thompson hill kicked my butt and caused me to drag a good chunk of the rest of the way, it was a fun ride. It’s always a great feeling to power the way back up East Lake Sammamish to finish up the ride. This time I was able to maintain a 20 mph pace following someone, but others who had been training longer were up to 24 mph. I have also been reasonable good at getting to the cascade training series rides too. While the CTS ride this weekend is one of my favorites heading down from Renton to the Tacoma Tidal Flats, I’m planning on the more challenging RAMROD training series ride. I might be up for a hike or shorter hide on Sunday, but I imagine that most people will be involved with family.