Programming | What programming language should I start with?

Post Reply New Topic

Ah, the gift that just keeps on giving...

There's so much more and I'd normally suggest someone stops digging - but in your case:
[img][200:200]http://kovaya.com/img/shovel.jpg[/img]

What's funny is that Linux fanboys actually resort to ridicule rather than to counter any arguments. I've yet to see a fanboy give me one good reason to switch to a desktop version of Linux. Malicious code has been injected in both picture files and PDFs in Linux.

What's funny is the assertion that OS security is related to a filename.

No, you can't.



NTLM is both a hashing algorithm and an authentication mechanism. NTLM as used in authentication was phased out in favor of Kerberos for AD systems (developed at MIT for, you guessed it, unix systems) but the hash stored in SAM is still NTLM. And the NTLM hash is conveniently also used as the Kerberos encryption key. Pass-the-hash attacks are *still* possible with Windows.

You don't want to go toe-to-toe with me on AAA systems - it's a big part of my area of expertise.

If you use an open source distro which you haven't modified, then I can. If you have modified it, then of course it's a whole different matter.



Attacks are possible on any system, regardless of how secure it is; if enough intruders want to break into something, at least one will succeed. The fact that reverse engineering the security systems on Windows and publishing your findings is a felony, does a lot to prevent intruders, though. NTLM is depreceated, and isn't used in any Server version of Windows anymore.

Last edited by Kurgan on 24 Mar 2014, 9:00 pm, edited 2 times in total.

I didn't say that it was directly related to a filename. Since you trick someone into installing a virus on Linux the same way as you do in Windows, you can put malignant code in PDF files and images, though, and not just .EXE files and archives. For this to be possible on Windows, you need to find a security hole or an exploit in the application that will load the file.

Well, have fun telling yourself that and playing with FUD and generalities.
"since Linux doesn't care about file extensions, you can put malicious code in anything"

Ever heard of SELinux? Obviously not...



Rather than point out all the things that are wrong in those statements, it's going to be faster and easier for me to point out what's right. The first part of the first sentence is true. The rest is complete hogwash.

Most people (the vast majority of computer users, who have no use whatsoever for a system where they can add modules or alter the kernel themselves) have no idea how to configure it. It also needs to be installed separatly, and thus, isn't present in most Linux desktops. Moreover, Operation Windigo has proven that SELinux can also be attacked.

Saying that Linux is safe because you CAN install SELinux, is like saying that any car is burstproof because you can buy an immobilizer for it.



Apparently, you're not familiar with the laws the prohibit the disassembly of copyrighted, proprietary software. As far as NTLM goes: http://msdn.microsoft.com/en-us/library/cc236715.aspx.

Wrong *again*. Not only does every major linux distribution include SElinux, RHEL/CentOS/Fedora turn it on *by default* with a permissive configuration, and locking it down is as simple as installing a different configuration that the distributions also provide.

But you conveniently also changed the parameters of the initial inquiry. I told you that I could give you the root credentials for my linux box, and you wouldn't be able to execute any commands or access any file. Then you started going off at the mouth about how you could. Rule number 1: You never open your mouth 'till you know what the shot is.



I am *intimately* familiar with copyright law. The thing about copyright is that it contains a little something called "fair use". I suggest you look it up. The jist of it is this: reverse engineering something is not the illegal part - the illegal part is making money off it.



Like I already tried to explain to you once, NTLM is not just an authentication protocol. It is *also* a hash. So, while the NTLM protocol is no longer used for authentication, the hashes that are stores in the account database on your computer are NTLM. The thing is, I know a little something about security systems. I know what I'm talking about, and I'm not desperately trying to google stuff to back up the blubber coming out of my mouth. This link (http://www.microsoft.com/security/sir/s ... ord_hashes) contains a nice table of the hash mechanisms in use by all Windows systems. I suggest you choke on it.

Don't forget the other options like Python and Ruby, which are easier to start off with because C or C++ might be a bit intimidating for a beginner, but Java is okay I suppose ...

The OP should check out Pygame if he has the chance It's python for creating games with everything you need, plus documentation on writing games

The law is also affected by this little thing called jurisdiction. There are plenty of people who aren't remotely concerned about it being a felony to disassemble Windows, because they don't live in the U.S.

Fedora, CentOS and RHEL, I have no experience with. Nevertheless, they all have less than 10% of the Linux desktop share combined. It wasn't present in neither Ubuntu or Slackware back when I was using it--and thus, simply knowing the root password gave me full power of a computer. Because of this, making malware was basically a DYI activity.



Technically, with your root password, I could disable SELinux, but I don't think it's easy to make a virus or a worm that does it for you. My initial inquiry was that anyone with the root password could do pretty much anything inside Linux; implementing a keylogger is no big deal if you pass it as on as a workaround for SecuROM, a codek, an experimental driver, and so on (something you'd also have to do in Windows)--and you can also get the password by decrypting etc/shadow.



Fair use grants you the right to disassembly it for educational purposes, not to use it yourself in open-source code, publish it on the internet, pass it on to a large group of people, sell it, etc.



I'm not googling stuff to back up my claims. If you know the basics of C/C++, making malware is a DYI activity. A virus is put in place the exact same way in Linux as in Windows (i.e. the admin makes a careless mistake). The problem with Linux is what a virus could potentially do; in Windows, it's limited to terminating user-space processes without my consent or encrypting files that have copies on GitHub.

The link you posted just explained how the hashes worked; it didn't show any C/C++ code on how they were implemented.

*Grabs a bag of popcorn* This is entertaining

I know right... They keep on going back and forth

Why are we limiting ourselves to the "desktop" market. From a security perspective, there is 0 difference between a machine that is a desktop and a machine that is a server. They're all boxes on the network running services for users. It doesn't make any difference whether the system has a GUI or not. And, if you're going to limit the discussion to desktops, take back everything you said about Windows Server.



In other words, you don't know enough about Linux security to comment about it. Got it.

1) No, you can't - unless you have physical access or remote KVM. 2) You could say the exact same thing about UAC. 3) If you have physical access to a system, you have total access. Period.



The entirety of the user's computing experience is in the user land - so this is an entirely moot point. The only thing kernel access gets you is the ability to read whatever is in memory from whatever application. Not useful in the vast majority of cases.



Right, because it's not like you can't do a google search for "NTLM hash generator" and see if anyone has been able to write software to generate NTLM hashes. Oh, wait... http://lmgtfy.com/?q=NTLM+hash+generator

Hey, on the first page there's even a project that does *exactly* that. C/C++ code that implements the NTLM hash mechanism: http://www.codeproject.com/Articles/328 ... -Generator