Slashdot Mirror

Maybe those credentials were posted on github by devels and then scraped from there. Or from google, there is a bunch of id_rsa that pop up with trivial searchs.

Anyway, 25.000 linux/unix servers looks like a very low number, considering the 500.000.000 servers running apache or nginx, even with multiple domain hosted in a lot of them.

Is that "better"? That were over a million Linux servers defaced in 2010, most of them actually rooted.

-1 troll. I guess I deserved that. I didn't cite any of my sources.

By comparison, BES email is encrypted by default wit AES. Good luck brute-forcing that.

If you're the US government, you can just ask for the key. You wouldn't need to brute-force anything.

"If you’re a BES user, your IT department has the option of encrypting the body — not the the PIN — of your PIN-to-PIN BBM messages with a key unique to the company. By default, however, BBM messages are not encrypted because it restricts PIN-to-PIN BBM communication to only employees of the company, instead, they are scrambled. Scrambling is done with a universal cryptographic key that every BlackBerry has." [source]

Besides if you're not an Enterprise user:

"Your emails between your BlackBerry and the BlackBerry Internet Service are not encrypted. Unlike BlackBerry to BlackBerry communication on BES, BIS email messages are not encrypted before they travel over a mobile carrier’s network. For BIS users, only the mobile carrier’s standard 3G/2G protection applies. " [source]

Riiight. That's why Austria & Turkey have certified the blackberry platforrm: http://ca.blackberry.com/business/topics/security/certifications.htmlTurkey & Austria aren't part of Echelon. Look, if you want to criticize the blackberry, at least choose things that are true.

That does not negate what I said. I also never implied that Austria and Turkey were part of Echelon. Here is the citation for the French government. I also believe Germany and Sweden have issued similar statements.

With RIM, you are in control. The server that controls your devices is in your data center, under your control. We at RIM have no control over your devices. You have the keys, and you set the keys. We have no way to get into your phone. We can't listen in, nor can we let a government listen in.

Apparently, the French government and half of the European countries do not believe this statement. They seem to be under the impression that RIM is an intricate part of the US-UK-Australian-Canadian Echelon program.

Also, you should note this article:

If you’re a BES user, your IT department has the option of encrypting the body — not the the PIN — of your PIN-to-PIN BBM messages with a key unique to the company. By default, however, BBM messages are not encrypted because it restricts PIN-to-PIN BBM communication to only employees of the company, instead, they are scrambled. Scrambling is done with a universal cryptographic key that every BlackBerry has.

[...]

RIM can provide this universal key to governments to unscramble messages even in a BES environment — if no additional encryption is applied.
[source]

So not only, by default your message is not encrypted by your IT department like you think it might be, thus providing you a false sense of security, but because RIM insists on having a centralized BBM communication network (even in this internet age). It doesn't matter what European country you may be working in: Spain, France, or whatever... A BBM that you send to your colleague sitting less than 1 meter away from you will always get routed through their closest hub in the UK before it even returns back to your country and your colleague.

Linux does have significant marketshare in the server and smartphone arenas. Servers are generally more secure than desktop machines (not to mention better maintained), so there's naturally fewer points of vulnerability

http://www.zone-h.org/news/id/4737 "Since many years ago, Linux became the most used OS for webservers and of course the preferred target for the defacers. Last year we archived 1.126.987 attacks against websites running on the Linux systems. The most used exploit by the defacers is the CVE-2010–3301"

Operative System Year 2010
Linux 1.126.987

Windows 2003 197.822

FreeBSD 46.992

Win 2008 15.083
...

Several sites, including the register and ups.com were redirected by DNS to a defacement page...

A list of the sites is at:
http://www.zone-h.org/archive/notifier=TurkguvenLigi.info/page=1

It does not seem to be a DNS poisoning, since the whois servers also reported the hacker's dns servers.

Also zone-h reports that the site was running Linux, but it is clearly whatever server the hackers redirected the DNS to that runs linux, it was not necessarily a linux system that was breached in order to actually carry out the defacement.

It would appear that the registrar for the domains in question has been hacked, and the hackers chose a few high profile sites to deface.

Check http://www.zone-h.org/archive/notifier=TurkguvenLigi.info From the cache of http://www.theregister.co.uk/2011/08/12/mckinnon_website_defaced/ "TurkGuvenligi is a serial website defacer whose previous victims include Secunia. An archive of his work can be found here [3]. Defacers typically use search engines to search for vulnerable sites before setting on victims and uploading digital graffiti on these sites. Such hacks, by themselves, are normally trivial and seldom expose more sensitive systems."

http://www.zone-h.org/news/id/4737

From that ancient (2004) article:

This reasoning backfires when one considers that Apache is by far the most popular web server software on the Internet. According to the September 2004 Netcraft web site survey, [1] 68% of web sites run the Apache web server. Only 21% of web sites run Microsoft IIS. If security problems boil down to the simple fact that malicious hackers target the largest installed base, it follows that we should see more worms, viruses, and other malware targeting Apache and the underlying operating systems for Apache than for Windows and IIS.

Ugh. Which operating system are the most compromised (2010): http://www.zone-h.org/news/id/4737

Linux 1.126.987
Windows 2003 197.822
FreeBSD 46.992
Win 2008 15.083
F5 Big-IP* 14.000
Unknown 7.840
Win 2000 6.097

Which servers?

Apache 1.095.982
IIS/6.0 195.154
nginx 40.640
LiteSpeed 37.795
Zeus 14.111

Seems reality caught up with that conjecture.

For years I have understood that Unix systems were less prone to security threats posed by malware/viruses/hackers due to the basic security model of unix. When naysayers said Mac was less prone because of marketshare, the argument against this is the large number of Linux servers which have never been successfully targeted by any major security threat

linux servers are the most successfully attacked web servers and have been for a number of years. http://www.zone-h.org/news/id/4737

Also you can't use a local privilege escalation exploit until *AFTER* you have obtained user level access. How was this level of access obtained?

PS: you can tell by just looking at the time the server was defaced and the kernel version you can get from the info the server returns (as well as the sheer increase in numbers) : If it was after mid-September, and the kernel wasn't the one with the fix (or something really old), no hacker would have not used the sure way to root the machine.

And who fucking cares what they used to go into the machines: they did - and rooted them. Because all it takes is a vulnerability in some much-used gadget-add-on for Apache and one of the ever increasing number of local priv. escalation bugs. And if you look at previous stats, you'll be able to see how wrong the "Insightful" claims about the unpwnability of Linux boxes are. Well, you probably won't. Which was my fucking point about you hopeless cases - who feel the need to paint all Mac users in a similar brush. That's first rate irony.

Yup. And Linux's dominant market share in the server space means that it's an even juicier target. Which is why you hear about so many pwnt Linux boxes on the web.

http://www.zone-h.org/news/id/4737

Last year the Zone-H archived a sad record number, we archived 1.419.203 websites defacements. Why and how this is happening? [...] Since many years ago, Linux became the most used OS for webservers and of course the preferred target for the defacers. Last year we archived 1.126.987 attacks against websites running on the Linux systems. The most used exploit by the defacers is the CVE-2010–3301, that was fixed in 2007 and was mysteriously reintroduced in 2008, in a large pile of kernel versions x86_64.

You are obviously right - 80% of website defacements last year all dues to rooted Linux servers - and you don't hear about it, so it must not have happened.

People say that, but if one compares the number of security issues in Apache (which is the #1 webserver out there) compared to issues people report in IIS, the argument that Linux or Mac are "secure" because of their marketshare has been disproven.

It doesn't matter how many security issues there are, but how often they are used. http://www.zone-h.org/news/id/4737

Servers (esp. Linux ones) are run by admins, not casual users. They understand software security.

http://www.zone-h.org/news/id/4737

Since many years ago, Linux became the most used OS for web servers and of course the pre ferred tar get for the defac ers. Last year we archived 1.126.987 attacks against web sites run ning on the Linux sys tems. The most used exploit by the defac ers is the CVE-2010–3301, that was fixed in 2007 and was mys te ri ously rein tro duced in 2008, in a large pile of ker nel ver sions x86_64.

Translation: Keep up the good work.

http://www.zone-h.org/archive

Linux and FreeBSD boxes get hacked all the time. One can claim it's because people use weak passwords or use the same password on their box as they do on every site on the internet, and there are probably a lot of those boxes that compromised that way, but a lot are also do flaws in software installed on Linux boxes. Spend some time going through sites like Zone-H and you'll see that Linux sites get successfully attaced as much, if not more so than Windows servers (the numbers change from day to day).

You're living in a dream world if you think Linux security is any better or worse than anyone elses. Most Linux boxes have 1000x more software installed on them, and each software package is a potential security flaw waiting to happen. Most of those can only compromise the account it runs on, but attackers are getting smart and creating blended attackes that include multiple vulnerabilities, including local root vulnerabilites that get executed via a user-level remote attack.

But really, the only people who attack Linux boxes are those looking to either brag, or those looking for fat pipe DDoS zombies. Malware authors, who target stupid users who will pay $50 to the fake virus writers are going to target the vast majority of systems.. ie windows.

Government related sites are hacked continously, it's just that only few stories actually arrive in "mainstream" media about it.
Have a look at the zone-h archive of defacements and note the number of .gov.X sites in the list: http://zone-h.org/archive/special=1

Interesting. It's my underatnding that the number of apache vulnerabilities AND exploits is significantly higher than the number of IIS vulerabilities and exploits (reference: http://www.zone-h.org/archive/published=0 and http://www.infoworld.com/d/security-central/continuing-web-server-security-wars-iis-or-apache-more-secure-098 (full disclosure: The author of the 2nd link works for MSFT).

Zone-H is currently hacked... interesting.

link to screenshot if they fix it any time soon.

hillaryclinton.com

I am not sure about credibility of the results (concerning Americans vs. European standpoint). Let's see. I live in Slovakia (a relatively fresh European Union member). Microsoft and our government signed a deal: http://www.etrend.sk/technologie/telekom-a-internet/microsoft-spristupni-slovenskej-vlade-zdrojove-kody/44633.html in which Microsoft gives our government: "access to the source code of software solution of Microsoft company". By signing the deal "Slovak government is given a chance to tie its own technologies to Microsoft Windows platform and customize it to its own security needs." I am kind of worried if MS Windows regularly selled in Slovakia also contains such "customizations" made by our government---or our natial security agency that left blatant security holes in its own infrastracture and was previously hacked. http://www.zone-h.org/content/view/14755/1/

ICANN and IANA Websites defaced: Zone-H.org Reports ICANN and IANA's sites defaced

Troll, FUD, Flamebait, wow guys get some original material or shut up already. I didn't find anything directly on update.microsoft.com but a very quick google search will show you just how "secure" Microsoft keeps their own shit.

http://www.news.com/2100-7349_3-6085589.html
http://www.zone-h.org/content/view/227/31/
http://news.zdnet.com/2100-1009_22-6085589.html
http://www.infoworld.com/articles/hn/xml/00/11/03/001103hnhacker.html
http://archives.cnn.com/2000/TECH/computing/01/10/ms.taiwan.idg/index.html
http://news.zdnet.co.uk/internet/0,1000000097,2086058,00.htm

There are many more but I'm not really in the mood for doing other folks homework for them.

It's not just animated cursors, it's EVERYTHING that calls LoadAniIcon See here for details (don't worry, not enough details to reproduce it easily, just a pretty neat explanation what's cooking).

What sends shivers up my spine is that I have a jpeg here that seems to work the same way. Now, how likely is it that a jpeg gets loaded in IE? I have that gut feeling that the WMF trojan storm of last year was a gentle breeze compared to this.

I have a hunch that this could maybe be the reason why MS is in such a hurry to fix this. And, while I rarely agree with them, I consider this extremely urgent as well. But only because I know now stronger word than urgent.

There are countless reasons but two that come to mind.

FreeBSD is used in Juniper (http://www.juniper.net) core internet routers preferred by carriers and service providers.

Sites run on FreeBSD less likely to be compromised and defaced.
http://www.zone-h.org/component/option,com_attacks /Itemid,43/page,6

>The only way to have a 100% secure web browser is to use a text browser with no scripts

http://old.zone-h.org/advisories/read/id=8276
https://rhn.redhat.com/errata/RHSA-2003-029.html

I'd suggest telnet to port 80, typing in GET commands, and reading the HTML. But then someone would embed the nam-shub of Enki and you'd be even worse off.

For what it's worth, the same group defaced several hundred websites in the last couple of days, almost all of them running under Linux.

Other defacements by the same group

I'll put out two links for you since you're either lying or just misinformed. Link 1

Link 2

Apache is one of the most hacked services right under Sendmail I believe. As for OS X security let's see how much we can learn by sniffing the traffic coming from the unit. By default Samba on OS X doesn't support session signing or encryption. Both features fully support under practically ever modern linux distro. Apache is by far the dominant web server and because of that it is more prone to attack. It's simple math. Its major progress over the past is that it is getting easier to configure and secure properly so it will become less prone to attack. Why does this sound familiar? hmmmm.....

At any rate, every platform has its vulnerabilities; OS X has its patches just like every other OS out there. I'm not sure what you mean about innate security since I believe both OS's can and more importantly are often secured.

As for viruses, I honestly haven't seen one do any damage to any of my end-users in years. Of course they run with limited access just like I do. The mechanism has been there for quite some time, on the order of 10-12 years so it's mighty confusing how people are still mentioning it.

I'll leave you with one more link Shows both sides fairly

Both platforms have their faults but spreading mis-information does no one any good.

Please take a look at the verified attacks and defacements of today.... http://www.zone-h.org/ I guess you don't know much about operating system design either,you just like to repeat something you heard somewhere...

According to to the Web Application Security Consortium, there were 58 web hacking attacks in 2005.

According to zone-h.org, there were 494,988 web hacking attacks in 2005.

Close enough.

Only one in 1999? What a wonderful world we lived in. This presents a rather different picture.

The only thing funnier than jokes about Lynx vulnerabilities is that there have been real ones. Remote shell access in Lynx, Lynx command injection, Lynx NNTP buffer overflow.

Maybe the thing to do is to telnet to port 80 and parse the HTML in your head, but then someone will probably find an HTML trick that will drive everyone who reads it insane.

"Internet Explorer runs active X which runs with system wide permissions."

You are confused. In order to install ActiveX controlls you must have admin priveledges. So, if you can install an ActiveX control, then that ActiveX control will naturally run for the first time with...admin privledges. All of the ActiveX exploits for IE in the past have not worked unless the victim was running as admin.

Using Firefox/Opera and a thrid party firewall can stop ~60% of Windows security issues. Just by killing ActiveX.

Or you could just not run as an admin and accomplish the same thing.

"That's the truth behind MSFT security. As for market share, Apache doesn't run well on windows and has more than 60% of the server marketshare. Yet IIS is the most attacked and most flawed server."

According to the one website which records website defacement statistics, you are wrong.

But, hey...lets not let facts get in the way of good propaganda!

He is a movie fan and was just accepted to a university.

Some bits of information can be found here:
http://www.zone-h.org/en/defacements/view/id=29173 90/

Besides the OpenSuSE website they also hacked into wiki.novell.com and forge.novell.com.

Too bad that the Iranian hackers used OpenSuSE for their political stuff. It seems a bit misplaced, what does a linux distribution has to do with the question whether Iran should have nuclear stuff or not?

http://www.zone-h.org/en/news/read/id=3287

"Why computer virus writers are useful and why we should thank them."

An Immunologist's view on computer hacking.

... big companies with lots of resources produce most of computer innovation. I'm still waiting for something innovative to come out of Open Source. Most, if not all, of it is copying proprietary software.

• competion - monopolies don't need to innovate. An example is that Microsoft had stopped development on Internet Explorer (IE) 6 SP1 as the final standalone version in June, 2003(1) since it is just part of the Operating System. Then in Feb 2005(2) they announced they changed their mind and IE 7 will be out for Windows XP. (Surely just a coincidence that Firefox 1.0 was had been released in that time frame). Capabilities like RSS based live bookmarks and tabbed browsing in Firefox may or may not be innovative by your definition (I don't know - I'm not trying to troll or inflame) - however it has raised the bar for web browsing and helped prod Microsoft to produce a better product. Note that Microsoft sat back for years with no innovation for IE, or even proper bug fixes for CSS support and you can't say it's because of lack of resources...
• cooperation - in particular open formats/protocols - TCP/IP ultimately begat HTTP and Mosaic.
• market share and network effect - IRC begat Instant Messaging but that wasn't innovative until MSN Messenger came along to patent custom emoticons. (3)

Is it possible to count all the software innovations and then make a determination of whether that innovation came from an open or proprietary software license?Maybe Microsoft can fund a study?

References:

1. http://www.zone-h.org/en/news/read/id=2789/
2. http://www.microsoft.com/presspass/press/2005/feb0 5/02-15RSA05KeynotePR.mspx
3. http://yro.slashdot.org/article.pl?sid=05/07/23/13 8228&tid=155&tid=109

I don't know about Malware, but http://www.zone-h.org/ has some interesting hack statistics.

Here is a list of appoximately 325 Linux based web sites that were defaced today.

http://www.zone-h.org/en/defacements/filter/filter _system=Linux/filter_date_select=today/page=1/

Let's also not forget that buffer overflows are in general much much harder to exploit on PowerPC where overwriting the stack merely overwrites program data, not the return address or function parameters (which are all stored in registers). To successfully exploit a buffer overflow on PowerPC you'd need to have more specific knowledge of the particular program or library you are exploiting.

Completely false. The return address and stack pointer is stored on the stack in OS X too, at least if the function calls another function (since that may manipulate the registers).

Here is an article about stack-based exploits on PPC.

Linux (67.2%)

Win 2000 (17.3%)

Win 2003 (6.8%)

FreeBSD (5.4%)

SolarisSunOS (2.3%)

Win NT9x (0.7%)

NetBSDOpenBSD (0.2%)

[other]... (0.2%)

Well, it would appear that this story was published because Zone-H put out its annual Web Intrusions Report, the timing of which happens to coincide with a with a London information security exhibition, InfoSecurity happening April 26th-28th.

Now, as to whether this is FUD paid for by mysterious "who", I doubt it. The Zone-H website addresses their motives: BLACK OR WHITE HAT?. The conclusion is that it is "A creature without identity. A neutral ground where different IT security aspects can meet. 'The Switzerland of the ITsec'".

And it would seem that anyone concerned about IT security would benefit from this information.

Well, it would appear that this story was published because Zone-H put out its annual Web Intrusions Report, the timing of which happens to coincide with a with a London information security exhibition, InfoSecurity happening April 26th-28th.

Now, as to whether this is FUD paid for by mysterious "who", I doubt it. The Zone-H website addresses their motives: BLACK OR WHITE HAT?. The conclusion is that it is "A creature without identity. A neutral ground where different IT security aspects can meet. 'The Switzerland of the ITsec'".

And it would seem that anyone concerned about IT security would benefit from this information.

Interestingly enough, a year long study at http://zone-h.org/en/winvslinux2 has it that the Linux family is attacked (probed, not comprimised) more than Windows.
As with all studies, your mileage may vary, how was it setup, how many IP's etc. - but a fun set of graphs in any case.
( What's that line down the bottom .. ? Is it BSD ? )

In fact, for those who haven't tried it, it's quite an excellent full-featured Unix, with everything you'd find under Linux. In fact, it's fully binary compatible with Linux.

The only difference is that it does things the old way -- vi is vi, not vim, and you get sh, csh or tcsh instead of bloated bash. It doesn't have anyone pushing for "ease of use," though it's about at the level of slackware, except with ports, the greatest package management system known to man. Gentoo's portage doesn't even come close to the flexibility and reliability of ports.

Internally, it runs great, because it's not doing things the kernel shouldn't do to boost benchmarks. It's not deeply involved in corporate America, but remains strong due to good management.

Plus it's far more secure. With how much Linux websites are hacked these days -- see http://zone-h.org/ and check out the statistics section, at least 70-80% of website hacks are Linux based -- I wouldn't run it on Linux. FreeBSD is the obvious choice, as it runs its services flawlessly.

Actually there was a buffer overflow reported recently in apache. It just wasn't reported that much. Similarly there was a second .png and xml exploit about two weeks ago affecting many applications, including those mentioned here.

My point is that somethings are reported more widely than others. You can speculate about why.

However - If your really interested in security, then its a good idea subcribe to security mailing lists like those hosted at security focus or zone-h. Or even a Full-Disclosure list.

Worry about their own security first?


2004/09/04: channel.mit.edu
2004/09/04: ecco.mit.edu

Worry about their own security first?


2004/09/04: channel.mit.edu
2004/09/04: ecco.mit.edu

Hmmm...

If you buy XP today it will come with SP2, either as a supplemental CD or rolled in. The same goes for New Computers.

My experince of connecting and un firewalled, unpatched Xp was that it lasted about 30 seconds before the service DCOM crashed due to virus.

If i connected an unpatched Linux distrubtion from say 2001 to the internet, if it would be compromised ?? The interesting question however is how would i even know i had been compromised? Or are such issues confined Windows ?

Web Servers Compromised

26/08/2004 -
Linux (75.7%)
Win 2000 (11.2%)
Win NT9x (7.1%)
FreeBSD (3.0%)
Unix (1.1%)
MacOSX (0.7%)
SolarisSunOS (0.4%) ... (0.7%)