Cleaning up a minor security argument

I saw a slashdot article this morning about Apple releasing more vuln fixes. In the comment section, discussion broke into the usual “why do people think Macs are safer then Windows” arguements. The two major points of “it has less of a market” and “it’s just more secure” went back and forth. I happen to think both are an oversimplification of the subject.

Vuln finding is a function people of going after whatever is currently easiest. Many attackers have broaden their horizons to other platforms once Windows became significantly more secure and harden against attack. Oracle was the next major target and Apple might be the one after. I admit that I love the irony of the switch after both companies choose to market on how they must be more secure since people weren’t finding vulns in them.

Exploits on the other hand is based on the business case these days. The vulns are available but Windows didn’t have the magnitude of the problem it did until there was a profit motive to create bot networks.

So to put it together, vulns found help you tell about the security of an area, exploiting tells you about how profitable a particular OS is to attack. The corollary of this rule is that as a random host you are as profitable as the OS, as a specific host with specific data or rights you are as valuable to attack as that data or rights. The result being that if your data is valuable is doesn’t matter that there are few exploits for your box when there are plenty of vulns.


7 Hills of Kirkland

Today I did the 7 11 Hills of Kirkland, which involves 4,600 ft of climbing over 58 miles. Since I got another broken spoke 25 miles into the Saturday CTS training series ride and had gotten new wheels to fix it the same day, this was a bit of a make up session. Aside from mileage I was glad to see that the climbing was close to what the RAMROD training series ride did this weekend. Previously I’ve never ridden Seminary Hill had not gone up Winery Hill, so it was nice to get some exposure to both of those forms of torture. Favorite Hill was Norway Hill, least favorite was Novelty Hill (long, busy street and I had to go to the bathroom bad). Second least favorite was Old Redmond Road Hill, where I was getting passed a bit. I’m still getting some thigh cramps at different points, but nothing near as bad as one of the last rides I did. One guy was on the ground and in pain at the bottom of Winery road from painful thighs. I had a twinge going up the steep part, but no real need for compensation till the last climb of education hill, and I did allot better then the previous RAMROD training series ride that I had to abort by climbing the Snoqualmie parkway hill.