Slashdot Mirror

For definitions of IW, see Carter Gilmer's paper here (draws heavily on Winn Schwartau). Nation-states appear to be penetrating each other's defenses to gather information. This is a "level two" (of three) info-war as defined by Schwartau. Level two covers a lot of ground. Depending on who you believe, the Russia-Georgia incident might have been a case of level three.

The important point may be for eveyone to remember that sovereign powers are very real, even in cyberspace. If they start extending real warfare into the Internet, then it will be bad for everyone's business.

The data from SANS Internet Storm Center shows significant recent increases in traffic on port 445. From this graph of traffic since January, we see an decline in traffic until September with the exception of a very large bump in late spring (some early testing of the exploit?).

Suddenly there was a big surge in port 445 traffic around September 1st. (The correlation between this event and the start of the school year is intriguing.) This surge looks suspiciously orchestrated to me. We also see a substantial, but short-lived decline in target traffic after Microsoft released its November 1st patch kit.

What's much more disturbing is the trend in sources which has spiked to incredibly high levels in the past week. This could represent a concerted attack on unpatched machines by those already infected. It also shows how many machines could really be infected but slumbering until needed.

The data from SANS Internet Storm Center shows significant recent increases in traffic on port 445. From this graph of traffic since January, we see an decline in traffic until September with the exception of a very large bump in late spring (some early testing of the exploit?).

Suddenly there was a big surge in port 445 traffic around September 1st. (The correlation between this event and the start of the school year is intriguing.) This surge looks suspiciously orchestrated to me. We also see a substantial, but short-lived decline in target traffic after Microsoft released its November 1st patch kit.

What's much more disturbing is the trend in sources which has spiked to incredibly high levels in the past week. This could represent a concerted attack on unpatched machines by those already infected. It also shows how many machines could really be infected but slumbering until needed.

A link to the SANS Institute example for a Remote Access Policy doc (PDF format):

http://www.sans.org/resources/policies/Remote_Access_Policy.pdf

This is the first time I've come across anyone wanting a formal policy for this & online searches haven't been very helpful.

It looks like there's a trend going on; most of the last few Ask Slashdot articles seem to be written by people who can't be bothered to do a little work.

The templates provided by SANS are a good place to start:

All of them are here:

http://www.sans.org/resources/policies/

Here's the remote access policy example:

http://www.sans.org/resources/policies/Remote_Access_Policy.pdf [PDF]

The templates provided by SANS are a good place to start:

All of them are here:

http://www.sans.org/resources/policies/

Here's the remote access policy example:

http://www.sans.org/resources/policies/Remote_Access_Policy.pdf [PDF]

If anyone running a Linux system simply adopts a self-imposed policy of "I will only install software from the repositories using the package management system" ... then their system is guaranteed to never get malware.
Is that so?

Well, even the Internet Storm Center (ISC) wrote about it.

Usually one could assume that the ISC would not write about it if it was not true as one of their handlers is Joshua Wright, my favourite wireless enthusiast. Not only do I dare saying that he is one of the world greatest wifi researchers but he also has close ties to many other wifi experts. I would be surprised if he does not know Martin Beck (the author of aircrack-ng) in person.

BTW, Josh, if you happen to read this, I would love to here a comment from you on that issue.

So, I do not think that this story could have been checked out more thoroughly apart from asking the researches themselves about the correctness of the articles.

Well, even the Internet Storm Center (ISC) wrote about it.

Usually one could assume that the ISC would not write about it if it was not true as one of their handlers is Joshua Wright, my favourite wireless enthusiast. Not only do I dare saying that he is one of the world greatest wifi researchers but he also has close ties to many other wifi experts. I would be surprised if he does not know Martin Beck (the author of aircrack-ng) in person.

BTW, Josh, if you happen to read this, I would love to here a comment from you on that issue.

So, I do not think that this story could have been checked out more thoroughly apart from asking the researches themselves about the correctness of the articles.

...will be to invest money in marketing to find some way in which this study is not "fair"; in other words, how it doesn't align with limited and unrealistic testing methodology that only focuses on very specific ways their tools succeed in detecting malware.

They've done (Skoudis) it before (Secunia).

True, there were also hundreds of successful attacks under Bush II. Granted most of the deaths where not on the US soil and with 4 attacks on 9/11 it's was unlikely for anyone to prevent them all. However, I still 9/11 a US failure. The people on the 4th plane did more to reduce casualty's than the NSA, CIA, and FBI combined. IMO, reinforcing the cockpit door's is doing more to prevent another 9/11 than all other safety precautions. What bothers me about this bush presidency is the amount of expensive security theater that does little to protect us while costing a lot of money.

I am more than willing to give credit where credit is due, but having personally predicted a 9/11 style attack and having a prior attack on one of the target's suggests it would have been possible for reasonable precautions to be taken prior to 9/11. I would even have given credit if bush was moving in that direction as it takes a while but make real change but there was not even a hint of such things.

PS: Read up on this http://www.sans.org/resources/idfaq/solar_sunrise.php Now the level of response might seem a little high but several machines that happened to be running old hackable mail systems where also doing important things for the DoD. During the event several high level people thought the US might be under attack at the option to nuke a target was brought into discussion. (I was not there, but this is a simplyfied version of what I heard from someone who "was" and they had the right credentials to be involved in such things.)

Now consider how you might try and damage to US. If you kill a lot of people or take down the wrong systems we will bring out the nukes, because MAD is less insane when your target's don't have nukes. For now I don't think we need fear the huge attacks that kill millions just the dramatic attacks that kill thousands. Which is why I feel drunk drivers are going to kill more people in the US than terrorists for the foreseeable future. And why spending 100's of billions attacking and then rebuilding Iraq was just stupid.

http://www.sans.org/reading_room/whitepapers/threats/480.php

Again, from this paper:
                                                                                                                    This paper examines the mechanics of the SSL protocol attack, then focusses on the
greater risk of SSL attacks when the client is not properly implemented or configured.
One faulty SSL client implementation, Microsoft's Internet Explorer, allows for
transparent SSL MITM attacks when the attacker has any CA-signed certificate. An even

greater risk is posed by unprotected systems where an attacker can preload his/her own
trusted root authority certificates. In public environments such as libraries and computer
labs, there is little to prevent such an attack from taking place. Casual observation of such
places indicates that an attacker would see them as low-risk, high-opportunity
environments.

Marcus Sachs at SANS has a post up where he says he doesn't think it is so much a war but others piling on and doing their own personal attacks to help out. He also admits that he might be being cynical about the actual scale of Russian state involvement.

http://isc.sans.org/diary.html?storyid=4903

But lots of other computer security places are reporting it as a real cyber attack by Russia against Georgia. It really doesn't matter all that much where the attack is coming from - the end result is the same. Georgian government websites are being DDoSed and the country's network is pretty well clogged.

And the points about why this is happening are irrelevant. Anyone who has followed this understands the South Ossetians are trying to break away and Georgia was trying to prevent it and that's when Russia decided to attack Georgia. That's not news.

Ah, here it is:

http://isc.sans.org/diary.html?storyid=3823

"11.5 % =>What DNS issue?"

http://isc.sans.org/poll.html?results=Y

Anybody care to test it for real using both an apple server and laptop, using dnsoarc, to get some real info?

Done! See Swa Frantzen's update at the isc Seems like they may have patched the server code, but the client is still using sequentially incrementing ports.

http://www.sans.org/reading_room/whitepapers/dns/1567.php

and running around the room screaming that the sky is falling.
An article over at the Register, states that this 'vulnerability' was discovered three years ago by Ian Green and published in a paper he wrote for the SANS Institute. While Kaminsky does deserve some credit for his organizational skills in getting people to act on this, that's about as far as his role goes. Since this has been known about for three years and we haven't seen anything 'in the wild' -until now that the media bandwagon is careening downhill on fire- just goes to show how hard this is to exploit.

you are completely misrepresenting the data available!

#1 the 'original guide was written pre sp2' is true, but has nothing to do with current survival times, or the new SANS vista 'surviving the first day' guide.

the 4 minute time? what is it 'really' it's the length of time it takes for any internet enabled machine to receive an attempted compromise that would have infected a vulnerable machine. the very article, had you read it would have informed you that WINDOWS FIREWALL DOES NOT STOP ALL ATTACKS, SANS is most worried about malicious websites, and P2P applications, because people tend to allow those types of communication through all their firewalls. infection rates have gone up, and the whole point is that sans is now offering a guide that Every vista using computer newbie should be required to read completely before they ever get internet (not that they will) http://www.sans.org/reading_room/whitepapers/windows/1298.php

SANS says windows firewall improved things, yet contrarily Survival times have GONE DOWN since windows firewall was introduced. i remember when windows survival time was 13 minutes, today it is 4 minutes, that means since the last time i paid attention, the number of attempted attacks have gone up by 333%

oh and hey, there wouldn't be an attack every 4 minutes on every pc on the internet, if there was some glorious magic bullet firewall that came with sp2 that blocks every outside hacking attempt.

one of 2 things must be true, 1. enough people run old machines without a firewall. 2, the most widely used firewalls don't block hacking attempts. it could even be both! why would hackers bother letting compromised windows systems send that much data, if it didn't catch people with their pants down, couldn't they utilize the available bandwidth more efficiently?

You think either the summary or the linked article would have been kind enough to say what version of Windows.

From the link that goes here (linked from the first linked page) it looks like Windows XP. Would be interesting to compare with Vista.

This patch was not designed to patch a Microsoft flaw, but instead a vulnerability in nearly all implementations of DNS. So far over 100 vendors have patched their products and coordinated the release of this workaround. If zone alarm is broken because of this change they need to adjust their product to work with this change, not the other way around.

I've taken this snippet from: http://isc.sans.org/diary.html?storyid=4687 which explains things in a little more detail. Full details won't be disclosed until Blackhat in vegas this August.

The root cause is a fundamental, well known, weakness in the DNS protocol. DNS uses UDP, a stateless protocol. A DNS server will send a request in a single UDP packet, then wait for a response to come back. In order to match request and response, a number of parameters are checked:

who sent the response? Was it the DNS server we sent the request to?
for this particular response, do we have an outstanding request?
each request uses a unique and random query ID. The response has to use the same query ID.
The response has to be sent to the same port from which the request was sent.
Only if all this matches, the response is accepted. The first valid response wins. If an attacker is able to guess the query id and the source port, the attacker is able to send a fake response, which will be cached by the DNS server.

Applied Security Technology will always meet the expectations of experience.

http://en.wikipedia.org/wiki/Pretty_Good_Privacy
http://en.wikipedia.org/wiki/OpenPGP#OpenPGP
http://en.wikipedia.org/wiki/Public_key_infrastructure
http://en.wikipedia.org/wiki/Certificate_authority
http://en.wikipedia.org/wiki/Philip_Zimmermann
http://en.wikipedia.org/wiki/Secure_Sockets_Layer
http://en.wikipedia.org/wiki/Secure_Sockets_Layer#TLS_handshake_in_detail
http://en.wikipedia.org/wiki/Hardware_token
http://en.wikipedia.org/wiki/Biometric_authentication

https://www2.sans.org/reading_room/
http://www.giac.org/certified_professionals/practicals/gsec/4993.php
http://www.giac.org/certified_professionals/
http://www.linkmatrix.de/index.php?education=home
http://www.linkmatrix.de/tutorials.php?q=PGP

Those that can DO, read. Those who can read, but not DO, preach.
Readers, fakers, and test-takers always manage to fail.
Hands-On experience and continuous-learners always work for tale (or is that rep).

To many PGP/PKI/CA/TSL... comments are cross-BS technology application comments. Only in politics does mixed pieces of BS function properly or as expected.

In technology as in science it either does, or it don't do. There is working properly or working poorly (with a problem) until troubleshot and fixed. If it never worked or ain't working at all (cannot be made to function fully and consistently as expected) then someone fycked-up bad (miss-applied technology application) perhaps the brown-nose wannabe manager that can only read made a decision.

You may also be interested in a pretty positive write-up from SANS about ThePlanet's response and handling of the situation thus far.

E.g., you could check for certain characteristics of the VM, like with VMware, the presence of the "VMware" string in memory or the presence of a communication channel between the VM and the host.

Then you can detect VMs by some special instructions that the native CPU would not understand.

And probably most difficult to prevent, you can detect the presence of VM by looking at the memory addresses of certain OS tables.

Take a look at On the Cutting Edge: Thwarting Virtual Machine Detection or just google a bit

Black Tuesday is rather important to many organizations as it gives them a target for workload planning on patch integration, testing and roll-out. Overtime can be good. ;) The fixed day is not the issue. IMHO, poor coding discipline is. http://www.sans.org/gssp/SANS-SSI%20C%20Blueprint%20(9-07).pdf

http://www.acronymfinder.com/af-query.asp?acronym=SANS
System Administration, Networking, and Security Institute (SANS)
Institute's Internet Storm Center (ISC)
http://isc.sans.org/diary.html?storyid=4247

http://www.acronymfinder.com/af-query.asp?Acronym=SAN&Find=find&string=exact
Storage Area Network (SAN)

http://en.wikipedia.org/wiki/SanDisk
SanDisk Corporation

http://japanese.about.com/blqow38.htm
from AnonymousCoward-san

http://babelfish.altavista.com/
sans acronymes le monde serait un meilleur endroit

Looks like a case of autocorrection by the MS Word spellcheck to me. ;-p

As regards the last Vista-SP1-related-problem article, I found this that mentions said problem and how to solve it, if anyone needs that.

The folks over here keep track of that sort of thing. You may want to speak with them.

"there is no official body emitting guidelines"

http://isc.sans.org/diary.html?storyid=3925&rss

FTA:

Submarine cables are essential for the Internet traffic as they are low latency. Geostationary satellites induce -due to the distance they must be at- significant additional delay on the packets, causing trouble for interactive work over those links.

Some additional reports from earlier this week and previous...

http://blog.trendmicro.com/e-commerce-sites-invaded/

http://www.scmagazineus.com/Attack-injects-malicious-JavaScript-into-e-commerce-sites/article/104206

http://www.theregister.co.uk/2008/01/11/mysterious_web_infection/

http://www.cpanel.net/security/notes/random_js_toolkit.html

http://isc.sans.org/diary.html?date=2008-01-18

http://isc.sans.org/diary.html?date=2008-01-14

http://www.webhostingtalk.com/showthread.php?p=4902045

Some additional reports from earlier this week and previous...

http://blog.trendmicro.com/e-commerce-sites-invaded/

http://www.scmagazineus.com/Attack-injects-malicious-JavaScript-into-e-commerce-sites/article/104206

http://www.theregister.co.uk/2008/01/11/mysterious_web_infection/

http://www.cpanel.net/security/notes/random_js_toolkit.html

http://isc.sans.org/diary.html?date=2008-01-18

http://isc.sans.org/diary.html?date=2008-01-14

http://www.webhostingtalk.com/showthread.php?p=4902045

Other info as of last week:

Various discussions:
http://www.webhostingtalk.com/showthread.php?t=651748
(useful discussion starts on page 3 or so)
http://www.theregister.co.uk/2008/01/11/mysterious_web_infection/
(describes the inability of ScanSafe to work out what's happening)
Trend have a piece on their blog:
http://blog.trendmicro.com/e-commerce-sites-invaded/
SANS/ISC
http://isc.sans.org/diary.php?storyid=3834&rss

• Web Hacking Incidents Database
• Attrition.org Data Loss Archive and Database
• Internet Storm Center

The Cyberpunks, with their l33t hacking skills, breaking into corporate dataspace, stealing intel, selling it to the highest bidder?

Yeah, I immediately thought of a set of malicious ads that triggered an IFRAME exploit back in 2004. The Register found them on their own site, pulled the ads and apologized to their readers. The Internet Storm Center did a pretty good write-up of the incident.

There's more information on what exactly the trojan does in a story on the sans hanlder's diary. The DNS servers used by the trojan are the usual suspects from the Ukraine. The entry states: The diary's enthe Trojan is really simple, it could have done much worst things (once the installer script has root privileges, it is game over anyway).

http://www.sans.org/reading_room/whitepapers/honor s/1491.php?portal=ca149743c753474b2eff202cff878a48

"So, come back in five or ten years, and we can compare SQL Server 2005 -- maybe it'll be hit with a massive worm next year. Otherwise, either compare broader sets of versions, or older ones." - by SanityInAnarchy (655584) on Friday August 17, @06:43PM (#20268857)

Well? So far?? SO GOOD (absolutely current data as of this date, today, on both per my subject line above):

Vulnerability Report: Microsoft SQL Server 2005:

http://secunia.com/product/6782/?task=statistics

Zero/0 vulnerabilities in its ENTIRE HISTORY, to date (of this post/currently)...

----

July 2007 - Operating System Vulnerability Scorecard:

http://blogs.technet.com/security/archive/2007/08/ 16/july-2007-operating-system-vulnerability-scorec ard.aspx

AND THESE, whole year long, by category...?

WORKSTATION CLASS OS VULNERABILITIES:

http://blogs.technet.com/blogfiles/security/Window sLiveWriter/July2007OperatingSystemVulnerabilitySc or_DB33/image_5.png

SERVER CLASS OS VULNERABILITIES:

http://blogs.technet.com/blogfiles/security/Window sLiveWriter/July2007OperatingSystemVulnerabilitySc or_DB33/image_7.png

It seems that LINUX has had more problems this year, with vulnerabilities BY FAR, than Windows XP SP 2 or Windows Server 2003, period... & last year too, see next section below:

----

Gee, that's NOT TOO DIFFERENT from what I saw @ year start for 2006 here, now is it:

National Cyber Alert System: Cyber Security Bulletin 2005 year end/2006 start Summary:

http://www.us-cert.gov/cas/bulletins/SB2005.html

----

And, as far as your thinking CIS TOOL is malware?

COMPUTERWORLD - CIS tool aims to help federal agencies check Windows security settings:

http://www.computerworld.com/action/article.do?com mand=viewArticleBasic&articleId=9018362&intsrc=hm_ list

SANS - CIS to Release Windows Configuration Assessment Tool: (May 1, 2007)

http://www.sans.org/newsletters/newsbites/newsbite s.php?vol=9&issue=36#sID302

2 respected places seem to state otherwise (though you TRIED to lump this program into the SAME CATEGORY AS SQLSlammer? I would STRONGLY WAGER, that the Slammer worm was NEVER noted to be for purposes of helping you, HELP YOURSELF, & aid in securing your system... as CIS TOOL is/was, per the url's above).

----

You stated these objections:

1.) This tool might be malware - I can only say, PROVE THEN THAT IT IS! (you *NIX guys, you're NOT "too big" on providing visible proofs are you? Judging by how many people have run from this multiplatform valid test of security here that are *NIX users (around 30 now)? That tends to PROVE that & "2nd my motion" on that account!)

2.) This program may send data out I am not aware of - but, you are (they record data for security purposes, most likely noting what areas are typically found WEAKEST ON THE MOST SYSTEMS, per the data they get from this test) first of all, & secondly? Just either:

a. Disconnect your router or PC from the net, yanking the cable IF

Truth, @ last... my reply, per your statement which I will quote, ought to interest you:

====

"Linux systems are only as secure as the admins who manage them. - by HerculesMO (693085) on Wednesday August 15, @11:04AM (#20236869)

I agree, 110% (alongside the fact that their producer/oem of said OS & wares MUST issue patches/hotfixes as needed that work too)... & by the way?

Tell THIS guy, SanityInAnarchy, an UBUNTU user, that, here:

http://slashdot.org/comments.pl?sid=264303&cid=202 35261

SanityInAnarchy refuses to use SeLinux in a layered security pattern above & beyond things I had to point him to for *NIX (chmod/chown/chroot) for MAC-ACL layered security over filesystems & userrights... as well as SeLinux providing SOCKETS LEVEL CONTROL, for layered security above & beyond IPTables usage, alone!

That's in regards to taking the multiplatform test of security, CIS TOOL:

http://www.cisecurity.org/bench.html

&, using the *NIX of his choice to beat my score of 84.735/100 on that test (proofs of most of the evasions from he (& others) I encountered is in the root of my replies there, parent to his posts, as well as my overcoming their objections):

http://img.techpowerup.org/070618/APK14SecurityPoi ntsCISToolResult84735.jpg

Fact is, I have challenged 30++ other *NIX users here @ /., & other LINUX sites, to that test as well (& NOT A ONE HAS EXCEEDED MY SCORE ON WINDOWS SERVER 2003 SP #2 fully hotfix patched).

They ALL ran, every *NIX user I challenged to this test... every time! SanityInAnarchy, is not alone, in that regard... Again - the proof of that, via 26 or so URL's from others here, is in the root of my replies to he, & my challenge to he & THEY as well, for a record of it.

All kinds of evasions were posted, each was overcome by myself using valid proofs &/or techniques mind you...

(Still - I would LIKE to see a *NIX user WITH A STRONG SECURITY BACKGROUND & SETUP TRY THIS LEGITIMATE MULTIPLATFORM SECURITY TEST!)

Preferably/specifically, an SeLinux bearing distro, like UBUNTU, or a FreeBSD user, with a "fully config'd right via layered security setup" (in place they are confident of, & have them Install CIS Tool, JAVA runtimes from SUN (latest for it))!

Then to see them post a valid unfaked photo of their score (yes, SanityInAnarchy said he could fake a photo, lol, believe it or not), & on that CIS TOOL multiplatform, legit/valid test of security...

CIS TOOL is noted as VALID/LEGITIMATE (vs. SanityInAnarchy's MAIN OBJECTION, that CIS TOOL could be "malware" etc., & IT IS ANYTHING BUT THAT, heck - it's "antimalware" if anything) per SANS &/or COMPUTERWORLD, no less:

----

SANS NOTES CIS TOOL:

http://www.sans.org/newsletters/newsbites/newsbite s.php?vol=9&issue=36

&

COMPUTER WORLD NOTES CIS TOOL and PURPOSE:

http://www.computerworld.com/action/article.do?com mand=viewArticleBasic&articleId=9018362&intsrc=hm_ list

So much for SanityInAnarchy's argument this tool might be "malware", lol... it is ANYTHING BUT THAT - it tells you how to secure yourself & points out areas that may be weak!

----

(Fact is - The admins of this system in THIS thread, which got 'hacked/cracked'? Ought to use it & learn SeLinux (which SanityInAnarchy was not aware of it being in UBUNTU first of all, but also he refuses t

"This in today- People wanting a secure server use Ubuntu Dapper Drake instead of Fiesty Fawn" - by daskinil (991205) on Wednesday August 15, @08:55AM (#20235231)

Ok, this just in/"new NEWS":

See this url:

http://slashdot.org/comments.pl?sid=264303&thresho ld=1&commentsort=0&mode=thread&cid=20159515

And download the multiplatform test of security by the CENTER FOR INTERNET SECURITY, noted by SANS + COMPUTERWORLD as a valid tool for benchmarking security on various *NIX derivant OS' (not all, no MacOS X or OpenBSD - noting a clear lack of development on them imo vs. other variants & yes, Win32) & Windows NT-based variants:

http://www.cisecurity.org/bench.html

& beat this score, obtained on a custom hardened-for-security build of Windows Server 2003 SP #2 fully hotfix patched (as of yesterday, "MS Patch Tuesday" & all):

84.735/100 score photo, obtained on Windows Server 2003 SP #2 fully hotfix patched:

http://img.techpowerup.org/070618/APK14SecurityPoi ntsCISToolResult84735.jpg

On the *NIX variant of YOUR CHOICE, & of "server-class build"... I would honestly like to see a photo of the score on THAT multiplatform CIS TOOL test for security, which has been noted by SANS + COMPUTERWORLD, here:

SANS NOTES CIS TOOL:

http://www.sans.org/newsletters/newsbites/newsbite s.php?vol=9&issue=36

&

COMPUTER WORLD NOTES CIS TOOL and PURPOSE:

http://www.computerworld.com/action/article.do?com mand=viewArticleBasic&articleId=9018362&intsrc=hm_ list

As a legitmate program for the purposes of "shoring up" holes found by it on them!

APK

P.S.=> 30 *NIX people have outright evaded that test, & gee - "I wonder why"... I overcame each of their objections thru that thread, & those listed as well (27 of them prior to that url above)... no takers (though I suspect they tried, & their *NIX derivant OS could NOT surpass my score shown above)... & about *NIX vulnerabilities, vs. Windows ones (and, that apps that ride on them)?

National Cyber Alert System: Cyber Security Bulletin 2005 Summary:

http://www.us-cert.gov/cas/bulletins/SB2005.html

A quote from it:

"There were 5198 reported vulnerabilities: 812 Windows operating system vulnerabilities; 2328 Unix/Linux operating vulnerabilities; and 2058 Multiple operating system vulnerabilities."

Also, that URL & report show LINUX as having 3x as many security holes/vulnerabilities in it than Windows NT-based OS' have mind you (in year end 2005/beginning of 2006, between the OS & its apps riding on it), so, let's compare them on security & vulnerabilities on THAT note as well... apk

Does it matter WHEN you said it? You SAID IT!

LOL - first you didn't have SeLINUX in place, & then later, you did... sure looks like a contradiction to me, OR that you don't even know your distro's capabilities + init. setup either...

After all - YOU ASKED FOR WHERE YOU CONTRADICTED YOURSELF, didn't you, OR you said you never contradicted yourself, & yet? You clearly did!

NOW, above ALL else?

Didn't you TRY to evade taking CIS Tool as a test, period, saying it is "malware" etc., more-OR-less? Well, "new NEWS":

SANS & COMPUTERWORLD EVEN NOTE THE MULTIPLATFORM CIS TOOLS' USES FOR SECURITY!

(Reputable sources for security & computer stuff, wouldn't you say, as they are often referred to in /. articles?)

COMPUTERWORLD - CIS tool aims to help federal agencies check Windows security settings:

http://www.computerworld.com/action/article.do?com mand=viewArticleBasic&articleId=9018362&intsrc=hm_ list

SANS - CIS to Release Windows Configuration Assessment Tool: (May 1, 2007)

http://www.sans.org/newsletters/newsbites/newsbite s.php?vol=9&issue=36#sID302

APK

P.S.=> Your initial argument is shot, it's NOT "rogueware/malware" of ANY kind apparently, yes?

And, hey: "More New NEWS" - Other folks from the *NIX world as shown as trying it, in a FreeBSD guy in my post parent to yours @ its termination as well!

( ... & all your other objections were overcome by tools present in the *NIX realm natively like chroot/chmod/chown which I pointed out no less)

Though, how WELL they work? Questionable, by ALL means now @ this point! NOT in favor of *NIX there, wouldn't you say?? An extremely penetrable defense...

(E.G./I.E.-> Chroot jails via impersonation methods in code don't sound that impervious, w/ out SeLinux in place as layered security over them (for BOTH sockets &/or filesystem control via MAC, which YOU refuse to run, & thus? You are NOT as secure as I'd like to see in a setup vs. my score on this multiplatform gauge of security, especially online today! I said it before here, early on, & I'll say it again - You're the wrong person for this job in this case because of that, mainly. I'd like to see a seriously hardened for security *NIX rig user, take this test, & to see a screenshot of their score))... apk

"I've always wondered how hard it would be to get a Slashdot reader to download and install a root-kit on their Linux box. Thanks to you, now I know it's not hard at all." - by Anonymous Coward on Sunday August 12, @12:15PM (#20203457)

LOL, this evasion's (from another A/C, not myself mind you)?

"NOT TOO LEGIT"...

Especially in light of the fact, anyone can see below, that even SANS recognizes this test as legitimate & the organization who coded it as well:

----
(QUOTING EXCERPT FROM MY LAST POST, THE PARENT TO YOU OWN):

MULTIPLATFORM ONLINE SECURITY TEST CIS TOOL (NOTED @ SANS: CIS to Release Windows Configuration Assessment Tool (May 1, 2007)):

http://www.sans.org/newsletters/newsbites/newsbite s.php?vol=9&issue=36#sID302

MULTIPLATFORM ONLINE SECURITY TEST CIS TOOL (NOTED @ COMPUTERWORLD):

http://www.computerworld.com/action/article.do?com mand=viewArticleBasic&articleId=9018362&intsrc=hm_ list

----

2 respected sources about computer information AND security, that are often cited here @ /., no less, where it is noted by both SANS & COMPUTERWORLD as legitimate, not "bushwhack ware":

APK

P.S.=> This "evasion attempt"? I have seen it before, & this is HOW I "overcame that objection"... honestly? TOO easy... if you can't beat the score that I obtain on a custom hardened Windows Server 2003 SP #2 setup system of 84.735/100 on the multiplatform CIS Tool test of online security, & on your part, provide photographic proof (jpg, bmp, etc. et al) of your score VS. mine, using YOUR *NIX OF CHOICE?

Well... "Run, Forrest: RUN!!!"... apk

"As long as they claim to have the most secure operating system ever: No." - kimvette (919543) on Saturday August 11, @03:27PM (#20197269)

Well, tell you what (like I have to 25 others here 25 times here before, & had nothing but evasions over from *NIX people (AND, in fact? I can post the list of url's for that IF you like also in any replies to you IF you reply back)):

DOWNLOAD THIS MULTIPLATFORM TEST OF ONLINE SECURITY (by the CENTER FOR INTERNET SECURITY):

http://www.cisecurity.org/bench.html

Install & run it on your *NIX rig, & post the score you get!

(Then, I'll post a screenshot of what I am able to "CUSTOM HARDEN" Windows Server 2003 SP #2 fully current hotfix patched to, as a comparison (AND, how I do it as well)).

Fair enough?

BY THE WAY? THIS TEST IS LEGIT, & EVEN NOTED BY SANS + COMPUTERWORLD, IN THE NEXT 2 URLS BELOW:

COMPUTERWORLD - CIS tool aims to help federal agencies check Windows security settings:

http://www.computerworld.com/action/article.do?com mand=viewArticleBasic&articleId=9018362&intsrc=hm_ list

SANS - CIS to Release Windows Configuration Assessment Tool: (May 1, 2007)

http://www.sans.org/newsletters/newsbites/newsbite s.php?vol=9&issue=36#sID302

APK

P.S.=> Hey- it's true that benchmarks aren't "EVERYTHING", & it's more the 'man behind the wheel' (in configuring a system for PERFORMANCE, or SECURITY)!

HOWEVER? Benchmarks are the best initial comparisons we have (hence, why tools like benchmarks exist, period really)... apk

"However, it is completely ridiculous to ever run Windows on a server." - by pyite69 (463042) on Saturday August 11, @01:37PM (#20196457)

http://www.microsoft.com/sql/bigdata/default.mspx

There are HOW MANY COMPANIES running Microsoft Windows (of modern NT-based varieties today (2000/XP/Server 2003/VISTA) + SQLServer 2003 on that page, & doing so successfully mind you, that will tend to disagree with you?

Quite a lot!

Guys, I KNOW you guys "love your LINUX" here @ /., but - don't underestimate Windows used in servers, OR for security either!

Windows of modern builds based on NT (2000/XP/Server2003/VISTA)? They're VERY securable as well, above & beyond their default configuration "out-of-the-box/oem stock"...

Really easily as well, via 12 basic simple steps anyone can use (inclusive of Windows admins, & at the DESKTOP CLIENT NODE LEVELS as well as on the server), per this guide:

http://forums.techpowerup.com/showthread.php?s=731 6c98c36e75835f964972f246c3eaf&p=375355#post375355

SCORE ON THE MULTIPLATFORM CIS TOOL (by the CENTER FOR INTERNET SECURITY) PHOTO:

http://img.techpowerup.org/070618/APK14SecurityPoi ntsCISToolResult84735.jpg

This multiplatform test runs on SOLARIS, BSD variants (sorry, no OpenBSD or MacOS X versions are available yet, but for example: FreeBSD has a version), Linux, & yes, Windows & has been noted by SANS & other notables/respectable sources, such as these:

COMPUTERWORLD:

http://www.computerworld.com/action/article.do?com mand=viewArticleBasic&articleId=9018362&intsrc=hm_ list

SANS: CIS to Release Windows Configuration Assessment Tool (May 1, 2007)

http://www.sans.org/newsletters/newsbites/newsbite s.php?vol=9&issue=36#sID302

(That's there for folks that have tried to "object to this program" because they did not know who "THE CENTER FOR INTERNET SECURITY" is, & attempted to say this program is "rogueware" etc. such as in the URL below):

http://slashdot.org/comments.pl?sid=264303&thresho ld=-1&commentsort=0&mode=thread&pid=20176577#20185 057

The sad part is this - I have posted the challenge to take this test (especially from SeLINUX bearing distros & users of them, & BSD variant users like FreeBSD) here @ /., around 25 times now - NO TAKERS, but plenty of evaders & spinmasters trying to avoid taking it, for b.s. reasons (saying in others, vs. the URL above's reason, that "there is no registry in LINUX"... & so what? There are other areas in the *NIX family tree that DO (such as the /etc & its subnodes)).

APK

P.S.=> And, don't get me wrong: I like Linux, especially on KUbuntu 7.1, because I LIKE KDE!

(AND, with SeLinux in place + configured on it ontop of the usual methods for helping to secure Linux (chmod/chroot/chown legwork + IPTables (perhaps Packet Filtering built into Linux as well via IPChains oldschool methods (but they BOTH offer things over one another), & even NetConfig to create a "NAT" system too - plus more things I am learning about for security in LINUX that are pretty neat)!

I did that CIS Tool multiplatform test in the URL above

Here is an article from SANS: Riding out yet Another Storm Wave (June 28, 2007), and The wave continues - Subject line variation from June 30.

Here is an article from SANS: Riding out yet Another Storm Wave (June 28, 2007), and The wave continues - Subject line variation from June 30.

SANS Internet Storm Center
to find out what may make my customers computers silly. :)