Slashdot Mirror

This kind of reminds me of an essay I read many years ago, about UNIX people, literature, and the command-line. Here's a link if you're interested:

The Elements Of Style: UNIX As Literature
by Thomas Scoville
http://www.insecure.org/stf/scoville_unix_as_liter ature.txt

> I have the Terminal Services service running on the WinXP system on a non-default port where I can shut it down if I want to (using tsshutdn).

Security through obscurity - the golden path to heaven

you might want to go read these pages

particularly this one

your non-default port is worth 0 points

> I have the Terminal Services service running on the WinXP system on a non-default port where I can shut it down if I want to (using tsshutdn).

Security through obscurity - the golden path to heaven

you might want to go read these pages

particularly this one

your non-default port is worth 0 points

Yes, Linux servers are not perfect. Accept this, patch, fix, and move on. Microsoft did, and they haven't had a break-in since October of 2000. According to a recent article, they're attacked 2500 to 3000 times daily.

Ah, but 99% of those 'attacks' were actually ICMP echo requests. Microsoft counts these probes as attacks because their operating systems have a history of crashing when pinged.

For admins that'd like a way to check for rootkits I'd recommend looking at chkrootkit. While it's not a 100% reliable method (and there may be restrictions: for instance, compiling it on a compromised remote box from uploaded source isn't secure*), it's good as a quick 'n' dirty check. Worth a look at the links at the bottom of the above site too for more info on rootkits, there're some excellent articles listed.

Also of interest would be Nessus - a vulnerability scanner which uses NMAP and other tools that may identify potential points of ingress on a suspect box.

*In this case you'd be best off running pre-compiled trusted binaries off a read-only source such as a CD, or mounting the suspect drive on another machine - though this depends on whether you can get physical access to the box to do either, or if you have truly awesome datacenter techs that can help!

Port80 Survey header check
Microsoft OLE DB Provider for ODBC Drivers error '80040e57'
[Microsoft][ODBC SQL Server Driver][SQL Server]String or binary data would be truncated. /surveys/top1000webservers/headercheck.asp, line 121

A suggestion for their servermask product: COVER UP ERRORS THAT GIVE AWAY INFORMATION. Seriously, if they think that headers are going to give away a lot of info, then forced errors will, too. But, there is boatload of other techniques (including passive techniques) that get around their security-throught-obscurity program.

We had a similar problem when the Nachi worm got loose on our network... After scurrying about and patching all of our desktops and servers, we still had Nachi hiding out on our network. Every time I built a new computer with an unpatched image, it got infected. In the end, the culprit was an Iomega NAS device (for those who are unfamiliar with it, this is a network storage appliance... think RAID array with a NIC.) We have two on our network. The older one, running FreeBSD kernel, had no problems, but the newer "Windows Powered" unit needed patching. For anyone dealing with this problem, nmap will be your savior. Scan your network and look for machines with TCP port 707 open running an "unknown" service. Those are your infected computers.

Then I came to my senses and decided to work on more practical and less controversial projects such as Nmap Version Detection. But the subversive in me still hasn't given up entirely on Nmapster :).

-Fyodor

Then I came to my senses and decided to work on more practical and less controversial projects such as Nmap Version Detection. But the subversive in me still hasn't given up entirely on Nmapster :).

-Fyodor

Absolutely not! That would be totally unprecedented!

I wouldn't put anything past Microsoft, but this article doesn't provide any strong evidence that MS is really behind this particular cash infusion. And who needs a conspiracy theory about MS sneaking indirect funding to SCO when MS has been blatantly shoveling money to SCO all year? MS gave SCO 8 million in the first quarter, then 5 million in the second. The just-released SCO 8K states that Microsoft just paid them Another 8 million dollars! That is a grand total of $21 million MS has paid this year for vague "expanded licensing rights with respect to SCO's UNIX source code."

Whether this alleged BayStar/Microsoft link is true or not, it is already crystal clear that Microsoft has been directly paying SCO to conduct this underhanded attack on Linux! Sun certainly appears to be doing the same thing.

-Fyodor
Concerned about your network security? Try the free Nmap Security Scanner

Conectiva routinely releases patches that are months late.

Take, for instance, the most recent, CLA-2003:762, released October 14 for a glibc bug from August 14.

My all-time favorite, however, is CLA-2003:628, released in April 2003 for a vulnerability in vixie cron announced in March 2001!

So, if you count Conectiva, Gates is probably right about it taking a couple of weeks on average, even if everyone else does it in 24 hours.

760 days for Conectiva + 1 day each for 50 other distributions is about 16 days, on average.

Conectiva routinely releases patches that are months late.

Take, for instance, the most recent, CLA-2003:762, released October 14 for a glibc bug from August 14.

My all-time favorite, however, is CLA-2003:628, released in April 2003 for a vulnerability in vixie cron announced in March 2001!

So, if you count Conectiva, Gates is probably right about it taking a couple of weeks on average, even if everyone else does it in 24 hours.

760 days for Conectiva + 1 day each for 50 other distributions is about 16 days, on average.

... I spent the better part of three years developing Speak Freely ... a free (public domain) Internet telephone with military-grade encryption

Then I searched Speak Freely on the Google, and found lots of "military-grade" remote and local vulnerabilities

After this I stopped reading the article.

is tantamount to wishful thinking.

Looking back at the number and severity of vulnerabilities exposed in the past 18 months or so (across many platforms) I am becoming increasingly pessimistic about the effectiveness of preventative measures. The rate at which I need to be patching/updating software to plug the holes has become simply unmanageable. Meanwhile, crackers have access to increasingly effective tools like the new Nmap with version detection.

I'm beginning to question whether the amount of time I spend on prevention would be better spent simply preparing for rapid recovery/response in the event of getting hit. I'm leaning toward reliance on packet filtering at the network edge (ingress AND egress) while treating the internal machines hard drives as disposable devices. How about some information on tools for imaging entire system drives? Rapid recovery methods? Forensics? What works well? What doesn't?

I want more than just a user's guide. I want a repair manual for when things don't go as planned.

See here.

Networked games are full of security holes: their users don't think about it, they crash often enough on their own, they tend to be written in C, and their programmers are graphics hackers, not security experts. You have a prescription for disaster.

Whether anybody actively uses those holes to drain money out of bank accounts, I don't know. But if you run anything buggy on the same machine as Quicken or Money, your finances are wide-open.

Oh, you mean monkeys can use nmap?

Umm ... guys ... I know it is late but you need to reparse the sentence. Mountain View is the California city in which Verisign is based. The litigant is Popular Enterprises, LLC.

--
Concerned about your network security? Try the free Nmap Security Scanner

*sigh* weird spaces got added to those links:

The spaces are STILL there in the link captions, but not in the links themselves... I think slash is doing something weird...

http://lists.insecure.org/lists/nmap-hackers/2000/ Apr-Jun/0076.html
http://lists.insecure.org/lists/nmap-dev/2003/Jul- Sep/0104.html
http://lists.insecure.org/lists/nmap-dev/2003/Jul- Sep/0117.html

*sigh* weird spaces got added to those links:

The spaces are STILL there in the link captions, but not in the links themselves... I think slash is doing something weird...

http://lists.insecure.org/lists/nmap-hackers/2000/ Apr-Jun/0076.html
http://lists.insecure.org/lists/nmap-dev/2003/Jul- Sep/0104.html
http://lists.insecure.org/lists/nmap-dev/2003/Jul- Sep/0117.html

*sigh* weird spaces got added to those links:

The spaces are STILL there in the link captions, but not in the links themselves... I think slash is doing something weird...

http://lists.insecure.org/lists/nmap-hackers/2000/ Apr-Jun/0076.html
http://lists.insecure.org/lists/nmap-dev/2003/Jul- Sep/0104.html
http://lists.insecure.org/lists/nmap-dev/2003/Jul- Sep/0117.html

They aren't. "Filtered" means the packet sent to that port simply disappeared, without even a error packet coming back to indicate the failure. In other words, indistinguishable from "There is no machine at all receiving the packet". Here's how to use nmap, see the third paragraph.

The server is only running smtp and http, and theoretically it could be running services on the tens of thousands of other ports you didn't scan, but it almost certainly isn't.

Those filtered ports are why the nmap scan took 24.611 seconds; system without filtered ports will go faster then that under normal circumstances.

Darl bashing is even more fun now that we know he actually reads Slashdot! The Linuxworld piece links to a Computer World Interview with McBride. In the last question, Darl admits that he reads our rants on Slashdot and it hurts his feelings:

Q: How do you feel about apparently being reviled in the open-source community due to SCO's legal fight? Does it bother you?
A:It does and it doesn't. We're at the center of a hurricane. Clearly, in this case we have one set of forces here that are pro-SCO, and I've characterized them as the silent majority. Then there's the other side that is anything but silent, and they're some of the most boisterous enemies or antagonists that one could ever hope for. You think pro sports stars have got it bad as they're driving home after the game when they've gone 1 for 10 and missed five three-pointers. They think their lives are bad from the sound bites on sports radio. They need to come over here and read Slashdot. That part of it is not the most exciting part of your life.

So Darl, if you are reading this: fuck you! We know your evidence is bogus, we are on to your stock scams (e.g. the Vultus "acquisition"), and we laugh at your suggestions that we cooperate to "monetize Linux". Give it up now, before we finally convince the SEC to launch an official investigation.

-Fyodor
Concerned about your network security? Try the free Nmap Security Scanner

here

Ok, Am I the only one whom happens to know about the story where IBM lost 80GB of customer data "Senesitive Data" like a whole database of "The Co-operators" insurance company which held all that sensitve informatation required for Identity theft? here

If you feel like running some other scans, get a friend to give you a good probing with nmap or nessus(which performs an nmap scan as well).

FYI, Fyodor of nmap fame endorsed this book in his earlier (and quite thorough) slashdot interview.

If it's good enough for him, it's good enough for me. That spurred me to read it, and I've found it to be quite an interesting read. It also has a good history section, detailing the "family-tree" of all the unices.

FYI, Fyodor of nmap fame endorsed this book in his earlier (and quite thorough) slashdot interview.

If it's good enough for him, it's good enough for me. That spurred me to read it, and I've found it to be quite an interesting read. It also has a good history section, detailing the "family-tree" of all the unices.

>>Use a Unix/Linux machine, make sure it has only the access level needed from the outside (maybe sshd running, maybe)

Hmmm don't you remember what happened in The Matrix2? SSH is hackable. Just ask Trinity :)

Actually they can. Section 4 of the GNU GPL states that violations of the GPL automatically terminates distribution rights for GPL'd programs. The GPL also states that you must agree with the GPL or you don't have any distribution rights. SCO/Caldera has publicly announced their refusal to comply. I plan to exercise section 4 to revoke their right to redistribute Nmap. I just started on the wording and haven't yet run it by a lawyer (I will). But the announcement will probably be something like:

SCO Corporation of Lindon, Utah (formerly Caldera) has lately taken to an extortion campaign of demanding license fees from Linux users for code that they themselves knowingly distributed under the terms of the GNU GPL. They have also refused to accept the GPL, claiming that some preposterous theory of theirs makes it invalid. In response to these blatant violations, and in accordance with section 4 of the GPL, we hereby terminate SCO's rights to redistribute any versions of Nmap in any of their products, including (without limitation) OpenLinux, OpenServer, and UNIXWare.

-Fyodor
Concerned about your network security? Try the free Nmap Security Scanner
PS:I just posted a similar comment to an older SCO article, but it is more relevant here. Also I don't know if OpenLinux or any of their other products include Nmap. Most Linux distributions do, but Caldera wasn't exactly at the forefront of technology.

Actually they can. Section 4 of the GNU GPL states that violations of the GPL automatically terminates distribution rights for GPL'd programs. The GPL also states that you must agree with the GPL or you don't have any distribution rights. SCO/Caldera has publicly announced their refusal to comply. I plan to exercise section 4 to revoke their right to redistribute Nmap. I just started on the wording and haven't yet run it by a lawyer (I will). But the announcement will probably be something like:

SCO Corporation of Lindon, Utah (formerly Caldera) has lately taken to an extortion campaign of demanding license fees from Linux users for code that they themselves knowingly distributed under the terms of the GNU GPL. They have also refused to accept the GPL, claiming that some preposterous theory of theirs makes it invalid. In response to these blatant violations, and in accordance with section 4 of the GPL, we hereby terminate SCO's rights to redistribute any versions of Nmap in any of their products, including (without limitation) OpenLinux, OpenServer, and UNIXWare.

-Fyodor
Concerned about your network security? Try the free Nmap Security Scanner
PS:I just posted a similar comment to an older SCO article, but it is more relevant here. Also I don't know if OpenLinux or any of their other products include Nmap. Most Linux distributions do, but Caldera wasn't exactly at the forefront of technology.

Yes, the GPL does have that handy section 4 whch allows for the termination of redistribution rights of any company that violates the GPL. I plan to exercise this (actually it happens automatically) to revoke their right to redistribute Nmap. I just started on the wording and haven't run it by a lawyer yet (I will). But the announcement will probably be something like:

SCO Corporation of Lindon, Utah (formerly Caldera) has lately taken to an extortion campaign of demanding license fees from Linux users for code that they themselves knowingly distributed under the terms of the GNU GPL. They have also refused to accept the GPL, claiming that some preposterous theory of theirs makes it invalid. In response to these blatant violations, and in accordance with section 4 of the GPL, we hereby terminate SCO's rights to redistribute any versions of Nmap in any of their products, including (without limitation) OpenLinux, OpenServer, and UNIXWare.

-Fyodor
Concerned about your network security? Try the free Nmap Security Scanner

Yes, the GPL does have that handy section 4 whch allows for the termination of redistribution rights of any company that violates the GPL. I plan to exercise this (actually it happens automatically) to revoke their right to redistribute Nmap. I just started on the wording and haven't run it by a lawyer yet (I will). But the announcement will probably be something like:

SCO Corporation of Lindon, Utah (formerly Caldera) has lately taken to an extortion campaign of demanding license fees from Linux users for code that they themselves knowingly distributed under the terms of the GNU GPL. They have also refused to accept the GPL, claiming that some preposterous theory of theirs makes it invalid. In response to these blatant violations, and in accordance with section 4 of the GPL, we hereby terminate SCO's rights to redistribute any versions of Nmap in any of their products, including (without limitation) OpenLinux, OpenServer, and UNIXWare.

-Fyodor
Concerned about your network security? Try the free Nmap Security Scanner

hi i would like to meet ur sister,, im a successful computer programmer (you might know me from networking apps such as NMAP). plz can you tell her to send me a mail to fyodor@insecure.org tnx

Your state at least one candidate I really like.

Georgina Russell, who is a software consultant, is running for governor in the recall race. I learned this thanks to this BBC article.

A quick google search found her campaign site here, along with a few Linux mailing list posts.

She appears to be one l33t Linux chick. She has even compiled test kernels before... Now I am all hot and bothered ;)

Even though "Ahhhhnold" supposedly has this election already wrapped up, I can appreciate her efforts!

My favorite quote from the article is that after selling just one license, Sontag of SCOsource states that "we are very pleased with the licensing interest to date". Apparently, they didn't expect anyone to fall for it.

However I do understand why the buyer wants to be anonymous. I would rather be caught buying penis enlargement pills from spammers than SCO licenses. Both prove that you are sucker, but at least with the pills you aren't the only one.

-Fyodor
Concerned about your network security? Try the free Nmap Security Scanner

hi im a successful computer hacker and would like to meet you irl, plz contact me at fyodor@insecure.orgtnx.

I remember, you don't, NT not at fault

Your topic doesn't make sense, since I can't "not remember" an article that I might not have read.

Besides, maybe you didn't read this thread:

http://lists.insecure.org/lists/politech/2000/Aug/ 0027.html

Which actually partially references the article you mentioned, even though you cited a link that doesn't even work. (http://www.sciam.com/1998/1198issue/1198techbus2. html (nope, doesn't work even without the spaces))

I find it cute that NT crashes to its knees because a userland app made a division-by-zero (or buffer overflow) error. Which makes it at fault.

Except for learning and using the MS tools (Active Directory, IIS, ACLs etc.), making yourself a home is the best thing you can do.

Most *nix Software has been ported either directly by the developers (Emacs, Vim, nmap etc.), MinGW or CygWin. Insecure.org's tool list gives a nice overview over the essential networking programs and ActiveState has Ports of your three favourite scripting languages already.

1)
Don't write to your senator, either write to your MC Donalds & Co. representatives.
One way to hurt this SCO bastards would be to put public pressure and complaints at there last costumers.
(e.g. MC Donalds should have a high level ov awareness on costumer protest as they are familiar with this.)

2)
A more funny way would be what I readed from fyodor in the nmap changelog.

'o Added a new classification system to nmap-os-fingerprints. In addition to the standard text description,
each entry is now classified by vendor name (e.g. Sun), underlying OS (e.g. Solaris), OS generation (e.g. 7),
and device type ("general purpose", router, switch, game console, etc).
This can be useful if you want to (say) locate and eliminate the SCO systems on a network ,
or find the wireless access points (WAPs) by scanning from the wired side.'
(empathized by me) nmap changelog

Regards

Nobody mentioned the great value of nmap yet? Geez, yer all getting sloppy.

I last days read throught something in the nmap changelog - you may probably be interested in :-)

'o Added a new classification system to nmap-os-fingerprints. In addition to the standard text description, each entry is now classified by vendor name (e.g. Sun), underlying OS (e.g. Solaris), OS generation (e.g. 7), and device type ("general purpose", router, switch, game console, etc). This can be useful if you want to (say) locate and eliminate the SCO systems on a network, or find the wireless access points (WAPs) by scanning from the wired side. '

nmap_changelog

Regards, Jan

• Doubleclick exec takes a top post at Commerce Department
• The original article from "Wired" is here. The O'Connor part of the story starts about halfway down.
• Here's another article from "Wired", about a week after O'Connor started.
• Last year, O'Connor became Chief Counsel for Technology for the Department's Technology Administration

DoubleClick's entire business model is based on gross invasion of what little privacy we have left, intensive data mining, consumer profiling, spamming, etc., ad nauseum. Far as I'm concerned, they deserve this!

Some examples: In 1998, the spammed Princeton U, trolling for job candidates. In June of 2003, DoubleClick announced their own so-called anti-spam initiatives that, according to the article, will "focus on finding out how consumers identify spam, to give marketers a better idea of how they can avoid being unfairly singled out as spammers." (For the record, spam is any E-mail received that tries to sell you something or, in the case of political spam, get your vote, and that you did not ask for).

Want more? No problem. In 2001, DoubleClick two unnamed E-mail marketing companies to, according to a quote in the article from CBS's Market Watch, "increase its junk e-mail capabilities."

Still not convinced? How about this thread over at the Firewall-Wizards site from 1999?

In summary, it looks like DoubleClick has long attempted to redefine spam as "That Which We Do Not Do." It also appears that their ethics are questionable at best, especially in light of those FUI banners on web pages.

DoubleClick, if you're reading this... You brought it on yourselves, and you have nothing but your own shady practices to blame. May you go down in a nice, pretty set of multicolored flames, and may the ashes be used as space filler for the next five Great Deconstructed Architectural Makeovers in FunFun Town. Nick Danger could probably use a new office...

Not only does Larry threaten to change the protocol willy-nilly and implement digital signatures in an attempt to prevent interoperability with free software, but he also claims that writing a free interoperable client is a violation of the license agreement. What a jerk! Read about it in his own words.

They were shut down by their ISP (Affinity), but I still have the English version in my cache from an earlier viewing:

http://www.insecure.org/tmp/defacers-challenge/

Note that Insecure.Org DOES NOT in any way condone or promote this so-called challenge. I'm just providing the link so people can see what the fuss was about. I'm planning to add a note to that effect to the top of the page in a few minutes. What I found most humorous is that they ask people to register in advance by sending in their contact info. That is a really great idea :).

-Fyodor
Concerned about your network security? Try the free Nmap Security Scanner

They were shut down by their ISP (Affinity), but I still have the English version in my cache from an earlier viewing:

http://www.insecure.org/tmp/defacers-challenge/

Note that Insecure.Org DOES NOT in any way condone or promote this so-called challenge. I'm just providing the link so people can see what the fuss was about. I'm planning to add a note to that effect to the top of the page in a few minutes. What I found most humorous is that they ask people to register in advance by sending in their contact info. That is a really great idea :).

-Fyodor
Concerned about your network security? Try the free Nmap Security Scanner

I am not convinced that any old SCO employee made those amateur drawings. Those pictures are good art, and I see no evidence that anyone at SCO knows how to produce quality art on a volunteer basis.

Hence, if Chewbacca lives on Endor, you must acquit SCO!

Idle Scanning (which is really cool) does require a valid IP from-address since you have to be able to query the zombie to see whether it got a response.