rootprompt.org · Domains · Slashdot Mirror

Points to Consider by brank · 2000-06-10 10:48 · Score: 2 · on A Network Security Class?

The most important thing to remember about security is that if you don't keep up to date about threats, you won't know what can happen and how to prevent it. It is important for such a class to cover sources of information, and how to evaluate and act upon information.

It is also important to remember that new versions of software fix old holes and create new ones, and that admins should look out for fixes and new dangers when installing software.

rootprompt.org has a lot of security stuff. I find two serials paticularly interesting Watching and Waiting, about what happens when a system gets cracked, and Know your Enemy, about how a typical cracker works.

Re:Password Sniffing by whoop · 2000-06-02 02:44 · Score: 2 · on SANS Releases Top Ten Exploits

A good read on the damage one cracker can cause with a sniffer, check RootPrompt's Cracked! series of articles.

More of Less! by korpiq · 2000-05-17 19:14 · Score: 3 · on OpenBSD, Reductionist Design

Why We're Doomed to Failure, linked to from # (mandatory for roots?) discusses this as well.

This is what I have been saying for a while now.

There is a strong, growing need of

Moving all networked computers off Windows (will viruses eventually do this job?)
Securing all (restricted) networks with Open SSH
Developing/studying systems that can be proved secure (buffer overflow wrapper where?)
Packaging all software in a safe default installation.

Luser unsecurity hype is mostly unnecessary; software developers need to be more conscious.

@input = map {
/^(\w+)$/ and $key=$1 and
$cgi->param($key) =~ /^([\w\xA1-\xFF]*)$/ and
( $key, $1 );
} $cgi->param(),

Good article on honeypots by cutshade · 2000-04-06 21:20 · Score: 1 · on Security-Why Not Watch The Crackers?

I found this article on honeypots to be quite interesting and informative. Gives examples of how to track people and prevent them from getting any further than the honey pot.

Taking the TIME by mr · 2000-04-06 20:54 · Score: 2 · on Security-Why Not Watch The Crackers?

Do you have the TIME it takes to dedicate to the honeypot?

Most sysadmin jobs have 10 hours of work each day to fit into 8 hours. So sysadminning become more like triage, or the gerbil on the excersise wheel. If you run fast or go slow, you end up in the same place at the end of a day of running. And some days, some jerk comes into your cage, rattles it or, while you are on the wheel running your little heart out for that paycheck, they jam something in the wheel to make it stop suddenly.

A possible way to run the honeypot:
Use VMware/virtual PC/bochs and have it run the honeypot environment. The honeypot then has the ports open to the outside world. To fix the pot-a simple file copy.

Will this help? Depends on if you have the time to drop EVERYTHING to watch the box when something happens. Me personally, I watched some dud break into my box. (It alerted me at the point of the break-in) At the point when s/he started deleting files, I typed in halt. About all I learned is they were using 2 porn sites and one at MIT. They used a known issue with BIND. (bad me, I didn't upgrade bind.) Had I been busy/at a client site, they would have been able to poke around on the box. This particular attack showed me I had a problem with bind. (big whoop. I KNEW that, and chose to ignore it.) And the ISP's who were used in the attack? One was rude "who the hell are you to call me that I have problems with my systems, I can't control the internet" and the other was "they are not affecting production, so I don't want to disturb them"

And, had they been GOOD, they would have not set off my alert system. But, they wern't GOOD enough. So, depending on how you work your system, they might just be better than you, and your honeypot becomes a host to launch the next attack from. The truly skilled break-in artist is nearly impossible to detect.

About all you may be able to add to the world of computer security is YOU might be lucky to report the 1st break-in of type X, or help trace back someone. But, most likely, any traceback will dead-end with people who don't want to take the time to care, and they will use a known hole you should know about via bugtraq/cert.

Lance Spitzner wrote some articles.
http://rootprompt.org/article.php3?a rticle=159 is the start of his series

Re:It's funny how you can get the code.... by MrEfficient · 2000-03-31 05:20 · Score: 1 · on Slashcode v1.0 Released

RootPrompt.org is another slashdot clone I've found. I kinda like it. All of the stories I've seen posted so far have been from the same person, I assume he's the guy who's running it. Quite a few people seem to have created accounts for the site but few people are posting. Still, it looks promising.

Re:Hmm... by noeld · 2000-03-19 02:56 · Score: 2 · on Notes On The World's First PA Unix System

It is not slash it is custom code written in PHP.

Noel

Domain: rootprompt.org

Comments · 91