Slashdot Mirror
Cracked Series Complete
Quite a number of people have written in recently with the news that the Cracked Series has come to close with Feature #7. The series has been pretty interesting from a storytelling perspective - check it out on rootprompt.
In my opinion, script kiddies aren't moral or immoral -- they're amoral. Systems are just toys to them. Just like software, music, and movies, they feel "entitled" to take control of any system they like, because hey, it's out there. Even the Wall Street Journal called their generation (Generation "Y") the "entitlement generation."
The aura of arrogance that these kiddies have is really quite shocking. They have no perception of what it is like to actually run a system and defend it against real hackers/crackers. They just get their kicks by annoying hardworking people, and wasting their time and money.
And don't argue that the problem is admins leaving their systems unsecured -- if you notice someone left their door unlocked, it's not your duty to go inside, rearrange all the furniture, and leave cryptic notes saying how you "0wn3d" his house.
For more information, click here.
Hemos is not a troll!
Or is he ... hmmm?
The ethics are even more simple then that. If you are on or attacking a box you have not been invited to, you are acting unethically.
I helped clean up when a cracker was discovered on static IP Linux box my Sister put up.
The cracker was only doing "harmless exploration" (running bind scans against lots of other boxes on the local subnet and installing rootkits and trojans).
This clean up cost me about 20 hours that I would rather have been spending with my wife and two year old son... which is the most precious thing I have.
After the second crack, I told her to pull the plug. One less Linux server on the internet (she was using it for a bug tracking database for a startup company she was working with, her husband was using it to give free accounts for students at a local community college where he teaches).
On less corporation Linux had penetrated, 20 fewer students every quarter that can have a free account to learn to create web pages on *nix based systems. Congratulations, cracker boy.
I am a professional programmer, and in my spare time a humble open source developer (backburner, check freshmeat). Guess how many bugfixes have been released to backburner in the last year... Exactly 0. Why? Because I have had to spend all my time cleaning up cracked boxes and setting up firewalls just to keep my systems from being invaded, destroyed, or used to attack other systems (stealing precious time from others).
If you want to explore, set up your own network. 486's are a dime a dozen, NIC's can be found for about $15 each.
The moment you touch a system you have not been invited onto, you are stealing precious time from somebody, period. Somebody had to initially secure the system to keep you out, somebody has to monitor your crack attempts, and somebody has to respond to your actions.
Next time you are on a system you don't own, think about the fact that you are not just exploring, but taking a VERY high chance that you will force somebody somewhere to respond to your actions, and thereby steal that persons time.
I am telling you from personal experience, that theft REALLY hurts.
Bill
Mathematically impossible requirements are technically not against policy.
Noel
RootPrompt.org -- Nothing but Unix
kayaking
When I asked PSU for help securing my machine, I was told to use a different operating system.
I feel your pain in being cracked, etc., and I hope it never happens to me. But you have to understand by now that securing a *nix box isn't the kind of thing you could just relay to someone over the phone in 5 minutes, or even 1/2 hour. If you're not willing to go out and research this on your own, etc, you really have no business running linux. I don't mean this to sound snooty, it's just the amount of work it takes, if I was working a tech support line and someone asked me that, I'd probably tell them the same thing.
You know, I am really getting tired of *BSD people saying "Linux is insecure". Linux isn't insecure, Linux is the kernel! Many Linux distros are insecure, but is Linux any less secure than the *BSD kernels? Let's start being correct: many Linux distros are less secure than the *BSD distros.
Now, I will agree it is a shame that RedHad doesn't take more time to make the default installs secure....
www.eFax.com are spammers
OK then... Hands up who's got Slashdot UID #31337... Lucky bastard!
Have to admit that it looked to me like there are more "installments" to come.
The ethics are even more simple then that. If you are on or attacking a box you have not been invited to, you are acting unethically.
That's your personal ethics. Are you willing to impose them on the others? Are you willing to convert them into law?
Guess how many bugfixes have been released to backburner in the last year... Exactly 0. Why? Because I have had to spend all my time cleaning up cracked boxes and setting up firewalls just to keep my systems from being invaded, destroyed, or used to attack other systems (stealing precious time from others).
Now that's a bullshit argument. If you are dealing with computer security at work, this is your job and how intense it is has nothing to do with posting bugfixes for your project which you do in your spare time. If you tell me all your spare time is taken by cleaning up cracked boxes, I'll tell you that (1) I don't belive you, and (2) you should learn to prioritize your time.
The moment you touch a system you have not been invited onto, you are stealing precious time from somebody, period.
So? An inept clerk at a store is stealing my time. A person who stopped me to ask for directions is stealing my time. Windows' registry being fucked up steals my time and a lot of it. IRS steals huge chunks of my time every April.
My point is that engaging in activities has costs, and one of those costs is time. If you are running a publicly-accessible server, time to secure it and deal with vandals is one of the costs. Sure it would be nice not to have to deal with it. But think of the alternatives. We already have the War on Drugs where being caught with a bag of pot can land in your jail for many years. Do you want to live in a society where being caught at portscanning will lead to same results?
Kaa
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
WWJD -- What Would Jimi Do?
I am quite civilized, and I should be brought a beer immediately. -- Bruce Sterling
[Sysadmins] got computers that they need to defend, and they have every right to be suspicious even of an 'act of curiosity.'
No problem. They do have the right to be suspicious and to take measures to defend their systems.
However some people are taking the next step which I am uncomfortable with, that is: if sniffing around (pinging, portscanning) is causing busy hardworking people to waste their time and worry too much, why then, just make it illegal. Make portscanning a federal crime and add War on Hackers (yes, hackers) to War on Drugs. Sure, that will make sysadmins' life easier. I also think that this would be a very Bad Thing to happen.
If I see sombody sitting in a car outside my house observing it, I may walk up to him and talk to him, I may walk out and stare at the guy through binoculars, I may call the cops. I am NOT going to lobby for a new law forbidding people to sit in parked cars outside other people's houses.
Kaa
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
Some time after I moved in, I discovered Linux, and Unix. (Mostly from working on SGI's. I wanted to be able to run ANSYS without going down to the labs.)
VERY soon after I discovered Linux, I discovered what rootkits were. I woke up about 7 in the morning because my cdrom drive (an old noisy Mitsumi) was going nuts. I was certainly no guru at this point, and I had no idea what was going on. I did a ps aux, but I didn't see anything happening, so I just took the cdrom out and went back to bed.
Two days later I noticed that my ethernet connection wasn't working anymore. I called down to the computer center and was informed that my connection had been shut off and that there were charges pending against me for "cracking" attempts on PSU's servers. It took me 3 months to get my connection back.
When I asked PSU for help securing my machine, I was told to use a different operating system.
In addition to my own machine being cracked, my friend who was also running linux for the first time got cracked (probably thru my machine) and had nasty emails sent from his machine to a couple of government agencies. He and I were both in some deep shit for a while, and had done NOTHING.
So, cracking DOES hurt. I'd like to extend a big FUCK YOU to the kind of people who think that getting others in trouble is funny. Another big F*** You to every little clone virus writer who make life for tech support a living hell. You don't advance knowledge. You aren't doing anyone any favors. You prove nothing except that you are the same as vandals with a can a spraypaint. God help you if I ever find one of you.
"We apologize for the inconvenience."
Crackers are just like schoolyard teases. They feel important when someone pays attention to them. Talking to the cracker didn't gain the admin any info and it made the cracker's day.
/"--which is just what happened in this example. In any case, don't risk your precious time and money on your so-so psychology skills.
You might respond "but maybe you can befriend the cracker and set him straight". Yeah, maybe. Or maybe he'll start realizing you are getting too close and he'll lash out by typing "rm -rf
BTW, Slashdot trolls are the same way. Don't moderate them (esp down past 0), don't respond to them (even "just once"). Just ignore. Like your mother said "eventually they will get bored and leave you alone". And this isn't theory. I've gone through several cycles of trolls (or one troll with many names) targetting me for idiotic responses or unfair moderation (which reminds me, could we have some meta-mod power over "underrated" and "overrated"?). Once I realize what's going on, I don't even bother reading the responses. 24-48 hours later the "attack" is over.
--
Linux MAPI Server!
http://www.openone.com/software/MailOne/
(Exchange Migration HOWTO coming soon)
I found it very interesting, and useful, that the author specified that the sploit used was fixed in open source versions of statd before the attack but Digital UNIX took another 6 months.
I am currently involved in major battles with my line manager who seems to have this idea that Open Source = Unsupported. He doesn't realise that a product that is supported by thousands of developers who have a vested interest in solving problems is going to be better supported than one whose only backup is a handful of developers whose managers not only have a vested interest in hiding any flaws found but also want them involved in adding the newest whizz-bang features.
Based on articles I've read it looks like the equation is really Open Source = Secure and Supported.
"Don't write down to your readers, the only people less intelligent than you can't read" - Sign on Newspaper Office Wall
A proud tradition begun in The Hitchiker's Guide to the Galaxy.
At least they did add, "increasingly inappropriately named," to the trilogy reference.
The living have better things to do than to continue hating the dead.
I wonder if he's reading this, as well as the whole 7-part series. I'd pretty much have to believe so, as you say, for the ego trip.
But I wonder what he makes of the general disapproval. This especially comes from cracking a community system. Kind of like robbing a soup kitchen. He picked the wrong target.
The living have better things to do than to continue hating the dead.
I think one of the major causes of this problem is that RedHat (and others) do not go to much effort to make their distribution secure. RedHat could be considerate and do the following:
- No unneeded services running by default. This means, for example, there should not be a network service of lpd needed just so someone can print a file. Any services running should be services the user specifically asks for during the install.
- The default version of X should not bind to port 6000-6020, or, in a default system, ports 6000-6020 should be ipchained off.
- Programs with more than a given number of reports on Bugtraq should not be installed by default. What percent of new RedHat Linux users are going to actually run mh? Why does RedHat insist on having mh installed in the default install, despite the number of patches this has in a desperate attempt to make mh's suids not local root holes.
- ftpd-BSD, IMHO, should be the default ftp server (my version a patch that makes the default umask something sane). If not ftpd-BSD, at least anything besides wu-ftpd.
- Come September 20, RedHat will be able to make OpenSSH part of their distro. Hopefully, this will mean that they don't run telnet unless the user asks for it.
Little things like this would do much to make it so people just struggling to learn Linux and Unix don't have to worry about securing their systems at the same time.- Sam
The secret to enjoying Slashdot is to realize that it should not be taken too seriously.
Get root on my box and I find you? I am looking at a BUNCH if time looking for rootkits and backdoors regardless if you have installed them or not.
And thats only if you're not healthily net-paranoid... get root on my box and I find out then I'm not looking for anything but read-only install media and a fresh download of all patches from a trusted source.
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
I had a
"That's your personal ethics. Are you willing to impose them on the others?"
Um yes.
"Are you willing to convert them into law?"
Yes, I believe "Laws" are what imposing ethics onto people is called.
"Now that's a bullshit argument. If you are dealing with computer security at work, this is your job and how intense it is has nothing to do with posting bugfixes for your project which you do in your spare time. If you tell me all your spare time is taken by cleaning up cracked boxes, I'll tell you that (1) I don't belive you, and (2) you should learn to prioritize your time."
Who said anything about work? I thought this was for his wife or something? And in any case, just because you are PAID to do a job, doesn't mean it is ok for people to burn your time unnecessarily. If I'm preventing somebody from getting real work done, then I *should* be ignored.
"So? An inept clerk at a store is stealing my time."
Well, not really. He, and the store, is providing YOU a service. If you don't like that service go to a different store. If anything, the inept clerk is stealing the company's time by pissing you off.
"A person who stopped me to ask for directions is stealing my time."
Yes. Because you are not mandated to provide that service to him. Are we perhaps getting it now?
"Windows' registry being fucked up steals my time and a lot of it."
Yup, bitch to MS or switch operating systems. Same deal as the inept clerk. You just now have an inept OS.
"IRS steals huge chunks of my time every April."
Ditto. Bitch to government and try to change the situation.
"My point is that engaging in activities has costs, and one of those costs is time. If you are running a publicly-accessible server, time to secure it and deal with vandals is one of the costs."
Of course, but that doesn't make it acceptable for vandals to eat up your time. You have to weigh the benefit of the service to the cost of maintanence. Apparently the service the wife was providing just cost too much in security risk.
"Do you want to live in a society where being caught at portscanning will lead to same results?"
No, but are you saying that cracking into a system (secure or not), and destroying data or using it as a base for DOS attacks is acceptable? I sure as hell hope not. If you do that you *should* be thrown in jail (albiet probably with not so large a sentence as many of the criminals that have been made "examples" of *cough* Mitnick *cough*)
It's 10 PM. Do you know if you're un-American?
Well, the plus one bonus is gone from normal accounts and back only to the karma whores. The user info number thing is very interesting too - for instance, it's possible to tell that I'm not really siggy because my user number isn't 7608. (Bonus points to the first person who can read well enough to tell that my user name is different).
-o Who care's how corrupt our leaders are when they're political karma whores? o-
By the time I get high-speed access, I hope to have learned enough to run that ethernet adapter from diald, whether id's DHCP or PPPoE. I'd like the convenience of high-speed access when I want it without 24x7 vulnerability. I have a reasonably tight firewall, but I'm sure the right person can get through it. At the moment, even if I had a simple single input input rule on that interface of "-j DENY", I suspect that there are those who could get through even that.
The only truly safe interface is either offline, or disconnected.
The living have better things to do than to continue hating the dead.
This works for the static parts of the OS, but not for any user directories or /tmp. Remember that on the system in question users could log in and use shell commands, save files, etc.
Granted, this should prevent any rootkits from finding their way onto the system, but it's not an end-all beat-all, and a malicious cracker could still wipe out all the user directories (as did the guy in this story).
I'm not justifying anyone's actions here, but I for one think it is a good thing that there are some people out there 'poking around where they don't belong'. Most of these types are more curious than they are hostile and will usually leave your system unchanged (save for a l33t message about how you were had).
/' because the admins pissed him off by not giving in to his demands for access.
Out of curiosity, what do your comments have to do with this story? This is a story about a cracker who had compromised several of their machines, were using them to launch attacks and gain access to who knows how many other systems, and ultimately ended up doing an 'rm -rf
Granted, this guy Noel made some mistakes and had some unfounded assumptions, and paid dearly for them. (The moral I learned from this story? Don't bother trying to communicate with the person who cracked your system; just secure and/or rebuild your systems and plug the holes that they got in before.)
But your comments about "oh, some people are poking around because they're curious and don't mean any harm" just don't apply to this situation. As someone else said, if you want to learn how systems work, buy a PC, install Linux (or the *BSD of your choice) on it and use that for testing. If you meddle around in machines that you don't have legitimate access to, you deserve whatever punishment you get.
Jay (=
I understand your position but I do have a question.. When your sisters linux box was cracked the first time I presume you helped her make sure that it was operating a "default deny" type of access control - that the system wasnt running services she didnt need etc - did the cracker get in the second time by exploiting an unpatched hole in one of the services she did need or by a back door you'd missed in the first cleanup? If everything needed was patched to current and everything else was closed off then you were right to tell her to pull the plug - if not then perhaps it was the wrong advice and helping her fix the underlying problem would have been more appropriate.
Other than that I have to agree with you on every point.
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
I had a
Three years without a remote hole in the default install! Two years without a localhost hole in the default install!
.sigs are dumb!
Just out of curiousity (really, i'm not being a jerk here), what do you think is a 'real' security model?
file level? system-wide? more like linux (BSD, NT, QNX, ad infinitum)?
Rami James
Guy that's curious
--
rJames.org - illustration
ELEED Elastic Low-Energy Electron Diffraction
From dictionary.com and acronym finder.
(I REALLY should get back to work.)
Rami James
Guy with too much work
--
rJames.org - illustration
I think the other part of it is the idea that, by using this jargon, someone is "one of us" rather than "one of them." Jargons serve two purposes in linguistics:
1. Shorthand for concepts. I mean, we could say "someone who enjoys figuring out how things work, or is a good coder or adept at coming up with solutions to problems," but we say "hacker" instead.
2. Differentiation from the masses. To geeks phrases like "I don't have the bandwidth to read fiction these days" or "How should I know how to put the swingset together? RTFM" make sense, but to the outsider they can be as unintelligible as Cockney slang. (Misuse of jargon is also a red flag that someone doesn't belong, or is trying too hard to fit in.)
So 31337 5P34k is both of the above for the script kiddie. However, in this case, there's a third dimension to it -- marking someone as a sad, pathetic individual who thinks that being able to read and write a simple substitution cipher and click a couple of buttons in a pre-built dialog box is a substitute for technical mastery of a computer and its operating system.
--
Someone you trust is one of us.
I don't understand what Noel was thinking. The first thing to do when you are cracked is _not_ to leave your system open! He should have disconnected from the net (perhaps leaving a secured mail box running), and immediately backed up the home directories. He should have _verified_ the backups. Since the only irreplaceable data on a well-maintained unix system is in the home directories, it should be trivial to back it up properly.
I can only assume that you haven't read the whole series. The system Noel works on is a heavily used collection of machines needed round the clock. While attempts to assess the damage were done early, the major cleanup (and securing) of the machines was done during a relocation, including backups - sometimes even though you have been cracked, you have to sit on your hands a little while you work out how to fix it. In an environment where lots of people need those machines for real work, pulling the plug on everybody is not going to make you friends and may leave you with a Cracker who knows that he/she/it has been spotted. That might (as Noel feared) bring about damaging action sooner rather than later.
This brings up several interesting problems though for a network sysadm. Just when is the situation so serious that you have to disconnect and stop everyone else working? In a software company, losing the servers is a massively expensive problem - you effectively stop 90% of the possible work straight away, and you are going to have a large workforce twiddling their thumbs while the system is off-line. If this downtime is repeated or extended, the sheer number of working hours lost for a workforce of 1000 people can get very pricey very quickly.
Assuming that your back ups are up to date, you can to a certain extent run the risk of 'rm -rf /' and only lose at worst a days work. From the system admins perspective, things only get really bad when you are being used as the launch platform for the next attack. At that point, even finding a sniffer could be sufficient reason to pull the plug, and finding a Trinoo or TFN master server or client would definitely be time to consider that disconnection.
Cheers,
Toby Haynes
Anything I post is strictly my own thoughts and doesn't necessarily have anything to do with the opinions of IBM.
Noel - Lots oh skill it takes to type rm -rf
Translation into k1dd13 sp33k: "C'mon, I dare you to rm -rf me!"
The mistake? Talking to him at all.
#naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
Does it bother anyone else that the author of the article doesn't seem to be much of a sysadmin anyway? The first and most glaring indication of this is that he had no idea what state his backups were in. "The first problem we found with the tapes was that the disk space in use had exceeded the space available on the tape and not all of the home directories were on the recent tapes. The second was that not all of the old tapes worked. I had manually made a few backups of all the users configuration files and their public_html directories in a tar file and this was still on some of our tapes. So almost all of the users web pages were recovered. On the down side most of the mail in the mail spool was gone and some users had lost almost all their files." Seems like a pretty poor administration job from the start. As an admin on a multiuser service, your first responsibility has to be the data integrity of your users. Secondly, it appears that all he did was patch the hole that allowed the cracker in in the first place and started restoring the system. "Once we had the hole secured by turning statd off we connected back to the Internet and turned our services back on as we installed/configured." Maybe I'm paranoid, but if a system I'm running is compromised it doesn't get placed back on the network until it's been completely wiped and rebuilt. I'm yet to encounter a cracked box that didn't have numerous trojans and backdoors installed. Of course, without good backups it's an arduous task to rebuild the machine.
Cracking may or may not be a bad thing. Like so many other things, it depends on the ethics involved. (That may be overly broad, I can't think of anything that doesn't depend on the ethics.) Cracking can be an innocent act of curiosity, 'can I enter the system'. On the other hand, using the authority of a sys admin for any but legit purposes is at least immoral and should be illegal. It's a pity our laws don't correspond to such simple ethics.
So long and thanks for all the fish . . . !!!
Cracked is my favorite magazine, what do you mean it is complete.
It's just like I tell people who are being stalked online, NEVER talk to the person, just ignore them. If you ignore them, they don't know what effect their actions are having on you, and whether they are succeeding in pushing your buttons or not.
This isn't a substitute for securing your own systems, of course.
Sure if your windows get smashed, the window making industry will have more business, but it means _you_ have fewer resources to spend on other more productive/pleasant things.
...
You will in fact be spending more resources on just repairing stuff.
Would you prefer to have a stupendously huge window making industry, or rather have lots more people/industries doing fun and useful stuff?
Yes, most glass windows are insecure, but people have got better things to do than ensure that all their windows are vandalproof.
If your windows get broken regularly it means your neighbourhood is going down the drain, not that you are a poor houseowner.
If I do come across an insecure system (I've seen many), I don't break stuff. I notify the owner, sometimes show them how its done and how to fix things and perhaps how to better do things.
I believe that's the difference between being a good neighbour and a vandal.
But one must be aware that there is a danger of being prosecuted for trepassing if you try to change stuff.
There's a difference between seeing a door is open (through legitimate access), and walking down the footpath and actually shutting the door without the owner's permission. If you know the owner, then you could get away with that.
But if you are strangers it is best to just notify the owner ("Anyone home?" "Your door's unlocked"), or the landlord/police. If not touchy people could prosecute you. Heh, not nice to lock someone out of their own house too
In this day and age it is more and more evident that we are all neighbours. Most of us here are just seconds away from each other at most.
I suppose living in a nice friendly village is out of the question but do we want to live in a War Zone? I suppose we can put up with a few nosey neighbours, but I don't think we should tolerate vandals going around burning down houses and kicking doors in. It's too late to say "no need for better security", but it's not too late to say : Vandalism is wrong, and we will not tolerate it.
Remember: first it's vandalism. Then it often goes on to theft, robbery or worse.
Cheerio,
Link.
(Note:This was a few years back on UK BBS's. The broken shift key-ism just seemed to stick.......
- "How do we do it? Volume!" - The Bursar of Unseen University.
Articles like this one and my own efforts to wade through inconsistent documentation on how to secure a unix box make me question the whole unix security model.
This model needs to be rethought from the ground up - perhaps retaining some of what exists but scrapping most of it becasue it is indeed worthless. In my opinion, 90% of unix sysadmin is intentionally arcane for the job security of sysadmins. The so-called "elite club" of unix sysadmins resembles more than anything the "tech men" in Asimov's Foundation. They understand little and innovate not at all, but carry on a tradition of maintaining their own power and restricting access to this arcande mumbo-jumbo among others.
Some things like the method of authenticating users with passwords, the useleness of keeping unix systems built around a core of remote shell account logins which 99% of users never employ, though they once did in the old telenet days, etc., and the list goes on. Sendmail is a prime example of a program which has been patched and patched beyound recognition, and each patch or fix or enhancement is likely to create new exploits and bugs which don't show up until later. Why is sendmail the default even on single user boxes for home users? I think it is to create work for sysadmins who have "learned the ropes" and thereby justify their positions to employers and/or to clients for whom they do consulting work.
While I do not particularly care for the methods and lifestyles of crackers and script kiddies who contribute little of value to the community, at least they contribute one thing. They usually can beat sysadmins at their own game with ease and even without much knowledge or skill.
If the unix security model and other aspects of unix system administration were really well designed, much of what sysadmins do would be unnecessary. It is a crying shame that Linux and other open source systems mimic the flawed model of commercial unix instead of doing really innovative things to change it. Well, they have done a few things, but progress seems to move at a snail's pace.
Perhaps I have been overly critical. Some sysadmins are very knowledgeable and do care about meeting the needs of their users. But even these don't seem to be doing much to change the entire nature of unix system administration, which requires active efforts to work with those who develop systems, not just patching this or that vulnerability in the systems they administer personally.
I am sure some people have thought hard about this and come up with ways to modify unix at a deeper level to make it a more robust and sleek and easier to administer as well. Have specific suggestions for change in the unix standard arising from such studies ever been taken seriously?
First he did not have adequate backups. While I know that this happens at many sites, I personally have backups of my home system. At most I'd have to reinstall, but most of my config files I back up often enough that reconfiguring my system would be at most a few hours. Granted I have one system, and he has many, but that being the case is just more of a reason to make sure that you have adequate backups of your system.
Second why did he talk to the hacker in the first place? He should have just started going through machine by machine and make sure that they were secure. Checking ALL of the software and looking to see what he was using that may have exploits. Yes a good place to go to find this info is on the net as the hacker said, but that is probably where the hacker went to find this out.
Thirdly the sys admins should have been rebuilding and updating their system when they first found out they had been hacked. Box by box.
Lastly if they did not catch this hacker and lock him away, I am sure that they have not heard the last of him, and if they are not careful they are going to get hacked again.
send flames > /dev/null
Only 'flamers' flame!
Hugh Daniel showed me once exactly how to limit the damage a script kiddie can do, once he's cracked your host and gotten a root shell.
Hugh's systems are all built with at least two drives. The boot volume is read-only. (I don't mean it's mounted read-only, I mean it's READ ONLY. After installing the OS, he pulls the write-protect jumper.)
Right now, the machines that the FreeS/WAN project are hosted on are configured with a very clever device: it's a toggle switch. In one position, the boot volume is R/W. In the *other* position, the ethernet connection is live.
A big part of the problem in trying to secure UNIX is that we keep trying to solve issues in the wrong domain.
-jcr
I don't understand what Noel was thinking. The first thing to do when you are cracked is _not_ to leave your system open! He should have disconnected from the net (perhaps leaving a secured mail box running), and immediately backed up the home directories. He should have _verified_ the backups. Since the only irreplaceable data on a well-maintained unix system is in the home directories, it should be trivial to back it up properly.
Only when a complete, verified backup has been made should he reconnect to the net (after cleaning up the cracks). The mere fact that he didn't check the backups first, when data hadn't been deleted, makes him liable for the damage. Quite simply, he didn't take obvious and common-sense measures to ensure his customer's data integrity.
Am I wrong here?
Was that supposed to be a lesson in 'how not to admin a network?'
Backups that weren't backing everything up? And the admin wasn't aware?
Dissimilar tape drives? Donated tape drives?
Must not be a very serious business..
They're obviously demonstrating the amount of redundancy in our alphabet and numeric system by showing just how few characters you can use whilst still remaining intelligible (just!). Rather than being "childish" they are in fact demonstrating a deep and intuitive understanding of information theory and entropy, one which we, as foward thinking people, should admire and indeed emulate!
Or maybe not :)
---
Jon E. Erikson
Jon Erikson, IT guru
I noticed this earlier. Is it perhaps a precursor to a feature that will allow filtering out of comments with a UID above a specific number(eg 50000)? Could be interesting...
So because some of us lurked for a lot longer before signing up for an account, we're somehow less qualified to comment than someone who signed up for account number 2 but does nothing with it but troll?
interesting logic going on there...
It was kid in mentalaty, but he "showed" to know more that just running some scripts. Unless call writing c program also a script. But a "hey you earned it" was not a good thing to do. Ddos that hacker (a port scan of noel already gave him a log of lag) But if he was that good he better pursued some other goals than rm -f. -Some media hype things like "crack yahoo" -Go for the money. Either by getting it from banks CCards or earning it by cracking for money("security audits") by the way, it became a little bit predictive after story #5. somy already wrote it was statd.
Included are useful details from somebody who could secure his machines to keep out the script kiddies, but instead choose to leave a few otherwise-unused machines undefended and log the results.
I do not deploy Linux. Ever.
Oh, come now. When DDOS attacks were hitting major web sites, they took down sites regardless of OS. And if you read Slashdot frequently, you'll notice many news stories about vulnerabilities, exploits, and security holes in Windows NT.
The main reason why UNIX-like systems are featured in stories like this is because there's an element of suspense as the cracker types many commands, and the superuser can look at every move he makes. Even NT's Event Logger doesn't catch every damaging command, and from the exploits I've seen it's possible to take down a poorly safeguarded NT box without even logging into it.
The scene of watching and dealing with a cracker is good drama, at least to Slashdot-reading geeks like myself.
For more information, click here.
I can only plead inexperience and that I was a part time volunteer with a real job and a family.
In hindsight I see many things I should have done differently.
Noel
RootPrompt.org -- Nothing but Unix
kayaking
Is it me, or does it looke like it's notcomplete?
It has all of a storyline for a television soap drama. At the end of the season there is also always something dramatic happening, like someone shot down. - read drive with bas backups rm -rf'd. This makes the series too dramatic to be true 100%. at least what I'm thinking....
IIRC it started as a way of getting around swear-filters on chat systems(while 'fuck' would not appear, 'phuX0R' would), and sort of permeated the BBS community, and then IRC. I'm not sure why it still exists. It seems to be used as more of a parody than anything else these days. Even the guy on 'Cracked' only seems to use it once, and he's using it to prove his advanced humour 'look everyone, I can do self-parody!). Most of the coders I know (around London) seem to use it sarcastically these days. 'Man, u r so '1337' tends to mean that what they've done is obvious, or a horrendous kludge.
- "How do we do it? Volume!" - The Bursar of Unseen University.
As long as OSs don't use a REAL security model, we'll still hear some sad stories like this for a loooonng time.
I don't know if EROS will ever become mainstream, but it's capability model sure looks interesting.