Slashdot Mirror
Hacking Linux Exposed, Second Edition
HLE on the other hand was much more like a good textbook -- it taught you how to think about security, to see how each problem was caused and how to combat them. As the years went by, my copy of HLE was still as useful as it was the day I got it. For this reason, I was skeptical what they could put into a second edition -- the first seemed to stand the passage of time just fine.
Nonetheless, I bought it, and was surprised to find that the second edition is even stronger than the first, yet they have made it still work on its own -- you don't need to buy the first edition to have a complete understanding of Linux security. You should probably read their reviews page which has links to reviews of the original, as well as the Slashdot review from last time which have detailed breakdowns of what you'll find. I'll concentrate on the changes in this review.
The new edition deprecates or cuts a lot of old material that is no longer applicable -- the emphasis is on OpenSSH configuration vulnerabilities, rather than RLogin/RSH/etc, for example, which is fine since no Linux system comes with Rlogin installed by default any more. The second edition is 100 actual pages longer, but due to the condensing of old material, it's effectively 200 pages longer at least. They took out some of the material that isn't needed in the paper copy and put it online too, which was a great idea.
So, from my perspective, here are the noticeable differences:
- More tools are covered in detail -- Exim gets equal play with Sendmail and friends, DJBDNS gets covered as much as BIND. (For configuration, that is. Nothing can match BIND for vulnerabilities.)
- There's a whole new Denial and Distributed Denial of Service chapter, that covers the gamut - much more than just your simple TCP-connect floods.
- There are three new chapters about post-system-compromise tricks the crackers will play on you, showing you exactly what kind of things you'll need to clean up if they get in. This stuff was absolutely amazing, and the authors could probably write a whole book on this if they wanted to.
- More distribution-specific information.
- Step-by-step instructions on how to patch and rebuild your kernel using the existing kernel configuration parameters, detailed enough that any newbie could do it. They have specific variants for Red Hat and Debian as well.
- The best discussion of network-based attacks (ARP spoofing, Man-in-the-middle, session hijacking, etc) in any book, anywhere. You could easily use the stuff in this chapter to take over Windows machines too.
- More custom tools and code than before.
- Just passing references to things like the Morris worm, the Ping of death, ipfwadm, and other hacks and tools that are so old and irrelevant today that they shouldn't be discussed in depth any more. They get their nod, but the authors spend quality time with things of current relevance only, rather than wasting the space just to make the book look thick.
- Even more integration with the website.
That last one needs a bit of explanation. Brian Hatch, the lead author of HLE, has a weekly security newsletter called Linux Security: Tips, Tricks, and Hackery. (You can read the article archives or subscribe.) These often have very detailed implementation instructions, such as installing DJBDNS and migrating away from BIND, using /proc to investigate cracker activities, and occasionally has contests too.
The nice thing is that Hatch has built up a body of free online instructions, and thus rather than copy and pasting them into HLE, he can point to the online articles from within the book. This saves lots of paper, and keeps you focused on the goal of the book -- to learn attack methodologies and how to stop them.
One thing that these guys prove in their book is that "code is speech." Rather than having wordy passages such as "The user then needs to run the command 'nc client-ip-address 80' on server 'freddie' from the /etc/ directory where client-ip-address is the actual ip address of the target, and type ..." they show it all through a command-line view, embedding this extra location and user information in the prompts and formatting (bold/italics/etc) like this
jdoe@freddie:/etc$ nc client_ip 80
GET /some/web/page
<head><title>This is some web page</title>
...
They always show you what's actually going on behind the scenes -- an actual SMTP or POP conversation for example -- so you know how things really work, rather than living in a black box where Nessus says "vulnerable" and you don't know how to determine it on your own.
Here's a very quick table of contents:
- Part I: Linux Security Overview
- Chapter 1 -- Linux Security Overview
- Chapter 2 -- Proactive Security Measures
- Chapter 3 -- Mapping Your Machine and Network
- Part II: Breaking In from the Outside
- Chapter 4 -- Social Engineering, Trojans, and Other Cracker Trickery
- Chapter 5 -- Physical Attacks
- Chapter 6 -- Attacking over the Network
- Chapter 7 -- Advanced Network Attacks
- Part III: Local User Attacks
- Chapter 8 -- Elevating User Privileges
- Chapter 9 -- Linux Authentication
- Part IV: Server Issues
- Chapter 10 -- Mail Security
- Chapter 11 -- File Transfer Protocol Security
- Chapter 12 -- Web Servers and Dynamic Content
- Chapter 13 -- Access Control and Firewalls
- Chapter 14 -- Denial of Service Attacks
- Part V: After a Break-In
- Chapter 15 -- Covert Access
- Chapter 16 -- Back Doors
- Chapter 17 -- Advanced System Abuse
- Part VI: Appendixes
- Appendix A -- Discovering and Recovering from an Attack
- Appendix B -- Keeping Your Programs Current
- Appendix C -- Turning Off Unneeded Software
- Appendix D -- Case Studies
The other nice thing is the authors have put all their source code, tools, and example cracks online for free download, released under the GPL. You may notice that you need to type a password to get in, but if you have half a hacking cell in your body, you'll find that the authors think a password requirement is stupid as we do.
If I could change one thing about this book, it would be the risk ratings. These are the dumbest things I've seen. These are little boxes at the beginning of each 'Attack' that list three values: "Popularity", "Simplicity" and "Impact." It then averages these and comes up with a risk rating. Since all the Hacking Exposed books have them, I can only assume it was a requirement of the publisher -- I don't know if Hatch and Lee care for them one bit, but I can tell you I find them useless. (Of course, I give this book a 10 in spite of this fact.)
These numbers are presented as quantitative, but it can't possibly be. I can argue giving many different values in each category, so what does this actually tell us? For example take open X11 servers. Impact could be 10 because you could type a root password that's intercepted, or it could be 7 because it only gives you user-level access. Popularity could be 3 if you say most people don't set it up this way, or you could say it's 9 because many crackers look for open servers. I'd rather they just used impact, gave it a scale of 1-10 and were done with it. The popularity and simplicity factors override the impact in too many cases to make the final value anything but specious.
Aside from that drawback, which is easily ignored, the book is absolutely solid.
When I was about to buy my copy, I noticed that the authors are donating all online proceeds to the Electronic Frontier Foundation, so you should order through their website, regardless what the Slashdot link may be. ;-)
In my opinion, there's no Linux user who should be without this book. It's 720 pages of answers you need to keep yourself secure from the blackhats, or 720 pages of ways to become a blackhat yourself, depending on your ethical alignment. Either way, you won't be able to put it down, except to type as you follow along.
If David did not convince you otherwise, you can purchase Hacking Linux Exposed, Second Edition from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
At first I thought this said something about "Linus Exposed"... Thank God I mis-read that...
GET
One hopes this wasn't a mistake made in the book itself.
Why is review under the AMD topic (I see the AMD logo as of now)? Odd.
The book list slashdot as the distributed denial of service main source?
With regard to the useless numbers, I see them purely as an indexing system for the script kiddies... ie, find the crack with the most impact, then spend time finding as many people to cast it at....
Although, one would hope that with the sort of admins Linux has, that most would fail anyway....
What is it? Just the source code to BugBear?
Trolling is a art,
Everyone knows you cant hack Linux! :P
That's the fate of books, there isn't an update button or tool :). Especially IT books, get outdated very fast !
n-e
"Cracking Linux Exposed", it's a great book.
As someone not that familiar with Linux (at the time I read it), it was very easy to read , and handy in helping me secure a Redhat box that hangs off my cable modem.
Volume 2 looks to be just as good:
Hacking Slashdot Exposed - covering such essentials as changing the proper story icon to the AMD logo and frustrating trolls by not allowing them to comment for 20 minutes.
There's no point in buying any book about computers or the Internet. There's particularly no point in buying any book about operating systems unless it's a reference book.
Laws are for people with no friends.
I was planning on doing a review of Hackin Linux 2nd edition, but obviously was too late. The one above is accurate, but not helpful if you didn't read the first ed. Here's my more descriptive review of the book's contents:
.tgz packages, discuss both inetd and xinetd, and even svscan/supervise. They are extreemly complete.
Hacking Linux comes in six parts, each of which is worth the price of the book in whole. Part one: security overview covers all the basics like file permissions, setuserid problems, buffer overflows/format string attacks, tools to use before you go online, and mapping tools like nmap. Part two comes in from more of the hacker angle with social engineering and trojans, attacks from the console, and then concludes with two excellent chapters about netowrk attacks and TCP/IP vulnerabilities.
All the stuff to this point assumes the hacker is on the outside. Part three takes over and shows you what the hacker will do once they've gotten on, such as attacking other local users including root, and cracking passwords. It becomes obvious that you need to protect things from insiders as much as from the outsider, because the outsider will usually get in as a normal user first, and if you can prevent him or her from getting root access, the damage cannot be nearly as severe. A lot of books don't cover this angle at all, and it's done superbly here.
Part four covers common problems in internet services. First they discuss mail servers. Sendmail, Qmail, Postfix, and Exim each get covered in detail - it's nice to see more than just Sendmail discussed in a security book. Of course, it'd be even nicer to see something other than Sendmail installed on a Linux machine by default. Next they cover problems with FTP software and problems with the FTP protocol. I'd never seen "beneath the hood" and realized how wierd FTP really was, and why it's not supported by firewalls very well, and the authors show you the inner workings of it so anyone can understand the problems. They continue with Apache and CGI/mod_perl/PHP/etc problems, both from a coding standpoint and how to secure against outsiders and your own web developers. Next it's on to Firewalls (iptables and TCP wrappers) and lastly (distributed) denial of service attacks. The countermeasures for the DOS problems are excellent, and a must for anyone with a server.
Part five covers everything a hacker can do once they've broken in. They describe trojan programs, trojan kernel modules, and configuration changes that can be used to keep root access, or hide the hacker activity, or let them get back in should the computer be partially fixed. This was not only complete, but scary in how many different things they showed. It works both as a blueprint for what you need to defend against, how to clean up after a hacker has gotten in, and also how you could back door a machine if you get in. I'll leave the ethics up to you.
Lastly we have part six, which is the appendicies. While most times I ignore appendicies, these are really an integral part of the book, and are referenced throughout the book all over. (This very good, because it keeps the book from having too much repeated countermeasures.) They discuss post-breakin cleanup, updating your software and kernel, and turning off daemons (both local and network ones) and a new case study. The book is good about covering Linux from a distribution-agnostic standpoint (it doesn't assume you use RedHat, unlike everything else out there) but in these appendicies they cover the differences you may encounter. They show you how to use dpkg/apt-get as much as RPM as much as
Hacking Linux Exposed 2nd Edition is required reading for anyone with a Linux machine, period.
I dunno, ever use Outlook?
Best Slashdot Co
This is a good series for a person with an average level of experience to get some form of understanding what sort of expoits are out there. Many of these computer security type books go a little too much for the hype (watch out for the 31337 haX0rz!) and not enough stepping you simply through why and how an expoit works. Someone new to Linux admining will pick up more about Linux security reading this book than they will many others. It contains a good list of the most popular expoits. Of course your box won't be entirely secure if you read this book (security is a process) and to a seasoned sysadmin much of this will be old hat. It will however mean that your system is probably less hackable than some other administrators who has a similar level of experience but hasn't read this book.
This series Windows 2000 offering is very good as well - not a lot of hype but tends to get down to the brass tacks of how to start to secure an out of the box installation.
The only problem with these books is how quickly they do become dated. You won't get an amazing amount of use out of them in 5 years time except for as some sort of historical perspective. Not a lot of depth into the methodology of locating exploits - just more a list of exploits and how to understand their use.
Is it just me or does the intro to this article bear little relation to the body?
The "summary" uses the words "overblown, outdated and obsolete" while the review itself goes on to rave about how wonderful the book is. Quite odd.
Oh, there ISN'T one... Isn't THAT interesting.
It's Christmas everyday with BitTorrent.
He's not talking about the book he's reviewing, the bland book he refers to is Hacking Exposed, which only appears to be the pattern for Hacking Linux Exposed.
Need a Linux consultant in New Orleans?
You're assuming all network admins keep tabs on the vulnerabilities, update their software frequently and have the necessary time to dedicate to such important things.
But they don't always. Yes, even on Linux.
Joe
http://www.joegrossberg.com
the title says it all. tell 'em robbIE.
look for: va.msn.net, ticker: (VAST)?
the rode ahead? looks LIEk it's littered with Godless greed/fear based liesense peddlers, right now.
I would never get this book based on it's title. If I wanted a book on Hacking Linux, I would get "Understanding the Linux Kernel" or "Linux Device Drivers"
This book makes me want to buy the "you are dumb" T-Shirts from think geek.
nt.
I have a copy of the book, and the way the book is written it seems it is more useful for the sysadmin types.
But the problem is that any good sysadmin would know atleast half of this stuff already, making the reading kind of boring. Now what I want is a good way of finding how to secure "my" system. When I read about how to set up NFS securely I really don't want to know that sun solaris had a vulnerability in their OS a few years ago which allowed elevation of privileges etc., what I want to know is how to do it now, with the right packages on Linux.
But as a general read the book is full of anecdotes and examples and makes a good reading.
.ACMD setaloiv siht gnidaeR
LS: Supposing you had free time, what would you be doing with it?
Brian: I'd devote some time to helping out the Linux Security Module project. I hope to help port systrace to LSM next year. Currently it is a kernel patch, and I think the community would be served better in the long run by having it available as an LSM module, which would make it more accessible to those who fear kernel compilation.
And some day I hope to get around to turning some of the megs of perl code I've written over the years into well defined Perl modules for CPAN. Then I won't be the only one supporting this spaghetti code. ;-)
If I had infinite time, I'd learn to play the Hammered Dulcimer and French Horn. There's nothing in the world as musical as a well-played French Horn.
LS: In your opinion, what is the most interesting thing about Linux and Security?
Brian: The first thing is that, with Linux, security is a possibility. It is not an end point - you must constantly keep abreast of new attacks and revisit your security posture - but there is nothing that is unavailable to you if you want to look. Closed source systems can never offer this. By design, be it chosen for monetary reasons or to prevent competition, closed source products always hide details from the users and administrators that could be critical to understanding how thing function, and how they can be broken.
One of the beauties of Linux (and other open systems, such as *BSD) is that you can use them to boost the security of those closed source machines. By the liberal application of Linux machines throughout your infrastructure, you can keep those exploits-waiting-to-happen locked down where they can do less harm. For more of my ranting on this topic, see my article Linux is Securable -- I won't waste time rambling here.
What is most intriguing right now on the Linux horizon is the evolution of security controls. In the beginning, all you had to work with were file permissions. Root could do absolutely anything unchecked, and root access was required for some things such as binding low network ports or opening raw sockets, which meant use of set userid bits on programs, which frequently were broken to gain root access.
Next came capabilities, where each bit of root's power was defined in more specific terms. When determining if a process could bind port 80 originally you'd check to see if uid==0. Now you'd check if the process had the CAP_NET_BIND_SERVICE capability. In theory, you could now remove capabilities from the system - for example removing the ability to load kernel modules ever again, which is good for defending against malicious LKMs.
It goes on quite a bit - a good read.
I hate hackers!
However if you show different types of attacks as a teaching tool -- "Here's how an off-by-one error in OpenSSH caused it to be exploitable" for example -- then you can show different classes of attacks so the reader understands the actual problems that occur in many different software products.
The goal was to show different kinds of vulnerabilities as explanation. Anyone who is still running older buggy software isn't maintaining their system properly. (And yes, we cover how to upgrade packages in great depth.)
On the other hand, sometimes the problem is configuration: I can have a perfectly secure OpenSSH version, but if I ssh to an untrusted host with X11 forwarding on, the X11 server on my client is easily compromised. No new version of OpenSSH will fix this, it's an inherent problem with the all-or-nothing nature of X11. So configuration-based vulnerabilities do stand the test of time.
I'd never just write a book with a list of BIND vulnerabilities that are based on bugs in the source code, but problems with the DNS protocol itself (it's easily spoofable, leading to MITM attacks) are fair game for in depth coverage.
So, version-specific attacks are only covered if they help teach a concept. Configuration-specific attacks are covered if they are likely to stand the test of time. Protocol-related vulnerabilities (FTP bounce attacks/etc) are fair game until the protocol is destroyed with a big huge mallet.
For a quick bulleted list:
The only exceptions to this rule are the front and back cover, on which we were either overruled, or gave up the good fight.
I keep hearing about this Ninnle distribution on /. Does anybody know anything about it? What makes it special or different from something like RedHat or Mandrake? Is there a Ninnle website?
The HLE authors have a Windows vs Linux Security Challenge where they want to have a Linux security team and a Windows security team install and secure a Linux and Windows machine at the same time, documenting what they do and how long their machines are vulnerable. I'd love to see this. It'd be a great way to see exactly how bad Windows machines for both generic installation (imagine counting the number of reboots for one vs the other as you update service pack after service pack, a reboot after installing IIS, another when you change your password ;-) and security (locking down the machine so that IIS doesn't have a billion holes from the default installation).
I'd pay good money to see this.
Uhhh *moderators* where are YOU? This is a response from the guy who wrote the book. Even if it were a hoax account (I doubt it, given the fairly low user number), the link alone is worth at least an 'informative'.
Sheesh.
My journal has hot
We decided that this sort of content would provide the quickest time-to-market without any need to tech edit. By providing 0% useful information, it should be able to be read in whole as fast as you can turn the pages - no reading required. We found that people were not able to read the reviews on slashdot in their entirety, so why should we expect them to read ~700 pages about Linux Security?
I was tremendously impressed by the approach they took with the book, with code examples, and explaing why things work, and how/why they approached the problems with the solutions they did....rather than just saying "Do this not to get cracked". I also picked up the 3rd edition of _Essential System Administration_, another ongoing classic.
These two books are must-have tomes for any serious SysAdmin!
ttyl
Farrell
CAN-CON 2019 - Ottawa's only book oriented Science Fiction Convention! October 18-20, Sheraton Hotel, Ottawa, Canada h
Ok, I don't use sigs or anything to plug my books. I like to be a normal /. person. But in case you're suspicious (you probably have a good future in computer security...) I'll post my /. id to our website so you know it's me.
How much have you raised thus far?
However the process of hardening them is very different. I bet I can install Debian with minimal packages and achieve all the functionality I claim within an hour or two, with one reboot just to make sure it would come up correctly if it's out in a remote datacenter somewhere.
But that's really no the point - I'd like to see good explanations of what's needed to secure both. It's not just a competition to say Linux is easier /faster to secure (though I suspect that would be the consensus.) It's a way to create more documentation for everyone, Linux and Windows users. In that respect, it's more noble than just a pissing contest.
If I ever got off my butt and tried to actually make the thing happen.
If David did not convince you otherwise, you can purchase Hacking Linux Exposed, Second Edition from bn.com.
Or you could get it for $5 less from here.
I don't mind SlashDot having a financial incentive to provide links to the book at bn.com (I have an incentive to have you buy it through the above link), but what I fail to see is why they would want to see the SlashDot users consistently overcharged for tech books. SlashDot should sell its books through whatever site that can offer the lowest price, and compensate them fairly for providing the link. If they are against Amazon because of their stance on Intellectual Property, then they should make that clear as the reason for linking to BN.
Work for Change & GET PAID!
Um, 3, Informative??? How about Funny?
Especially IT books, get outdated very fast!
Books that cover 1. theory and 2. mature environments grow outdated much more slowly than (say) a book on Visual Studio .NET version 7.
Will I retire or break 10K?
Or you could get it for $30.50 here:? qs=0072 225645
http://www.bookpool.com/.x/mxrbyhvyin/ss/1
Wow, a response from an author! I'm very flattered.
Can you provide some insight on why the price went up 25% in under two years?
Hacking Linux Exposed, Second Edition
by Brian Hatch, James Lee
List Price: $49.99
Paperback - 720 pages (Dec, 2002)
Hacking Linux Exposed: Network Security Secrets and Solutions
by Brian Hatch, James Lee, George Kurtz
List Price: $39.99
Paperback - 608 pages (Mar, 2001)
Are the extra 112 pages that nice? Not to be cynical, but are you trying to be agressive about the people who already own version 1 (like me)?
Joe
P.S. Lest you get the impression otherwise, I liked the book.
Joe
http://www.joegrossberg.com
Getting Linux to run on a Linux machine?
Why are you all so serious about this? Does it really matter that much? If you go back in time and look at places like the old Berkely or MIT hacking sub cultures you'll find that hackers were the excellent coders and the security breakers. They were both, they did both. In the old days the people that were skilled with computers were also commonly into breaking into systems.
I've found that inside the hacker community of today everyone refers to it as hacking. Cracking is looked upon as just a rediculous term. It's not just the media. It's [what's left of] the hacker community today. They call it hacking and they call themselves hackers. And they are being pretty accurate. Many of those people dedicate a lot of their lives to computers and are very intelligent and creative people.
The only people that use the term cracker these days are the security folk that never were a part of the hacker community and their followers. Hacking is about learning and figuring things out. It doesn't matter whether you are doing it legally or illegaly. It's still hacking! Sure, crackers and script kiddiez may not be the best hackers out there, but they still are hackers. They've got the interest and commonly the beginnings of the lifestyle, even if they don't have the skill or knowledge.
In actuality, there are about 200 new pages, since we cut out a lot of older stuff, condensed things that are not as relevant that still deserve a good nod, and put the original three case studies online instead.
Chapter 10 grew to be three chapters all told. Chapter 11 needed to be split because it was too big for both Mail and FTP in one chapter. We covered many new attack methods and tools. Everything grew substantially, in spite of trimming out the old and tightening up what we had.
And we fixed a bunch of errors and added completely new ones.
Everything in HLEv1 is still valid. If you own the first, I'd suggest you compare the contents of the two books to decide if you want it or not. Or browse it at the store. Unfortunately, the sample chapter is again chapter 1, which is one of the least modified chapters, so it doesn't give you the best indication of what's new.
This is my best stab at a response. I am so much not a marketing guy, I'm a geek.
It's not slashdot's responsibility to provide all its readers with the best deals on all the reviewed books. I see a convenient link to a reputable reseller. Frankly, I'm not going to complain about that free service, even if I don't take advantage of it. Perhaps if posts recommending better deals were to be banned, you would have something to complain about. But, honestly, are you really going to begrudge slashdot its inobtrusive, and perhaps helpful, way of making money?
Title (almost) says it all.
I'm starting to believe that some sort of test for intelligence and background knowledge should be required to gain moderator privs. here.
When you live in a sick society, just about everything you do is wrong.
Of the "Hacking Exposed" line, there are two good books,
Hacking Linux and Hacking Windows 2000. Both of these are able to stay on one OS and cover everything that needs coverage.
Hacking Exposed tries to cover everything (come on, who cares about breaking into your PBX and listening to people's voice mail?) and thus can't give any of them the space they actually need. The unix stuff in Hacking exposed is incomplete to say the least.
The J2EE book might be good (I haven't read it) but the Web one is definately inferior to the one by
Stuart that he did with Addison Wesley. Now why do you think one of the big wig HE authors went to a different publisher to write
a book that was also being written under the HE title? I suspect it was to get away from the problems of the HE style. I agree with the reviewer - the risk ratings are not helpful at all, and HE is cluttered with too many pretty icons.
I bet that the Hacking Linux authors were forced to follow the HE format, and in spite of that they wrote a great and readable book.
Also, anyone know why Kurtz is just a "series Consultant" for this one?
And while I'm typing at you, I'm really glad that you're donating money to the EFF. There are just too many people who simply don't put their money where their mouths are.
Cheers
Sticking feathers up your butt does not make you a chicken - Tyler Durden
Patrick Doyle
I mod down every jackass who puts his moderation policy in his sig. Oh, wait a sec....
In my email program (mutt), I have a perl script pick randomly from ~800 different signatures. (Most new additions seem to be from the "witty comments from my daughter" category.) The script must have some sort of AI in it, because it freqently picks things that are relevant to the text. Having just a static signature for /. seems less interesting. Manually changing it certainly more work than I'm up for.
I don't want folks reading my /. posts and thinking I'm just writing them to have my sig get more notice. I don't want folks seeing my posts and assuming that they has more or less relevance because of the info in the sig. If folks want to see who I am, it's easy enough to click on my home page or /. area.
And I am very very bad at self promotion. Anything I'd write for a sig would sound pompous.
I'm really glad that you're donating money to the EFF. There are just too many people who simply don't put their money where their mouths are.
I don't have the time, energy, or know-how to do what the EFF does. But they seem to fall on the same side of every issue that I do. So I do the best I can - send them cash. Now if only we could fund EFF as well as some corporations fund lackeys on capitol hill.
Fucking right mate, but we still sat and read through the whole of it.
Carolina Porfirio was 19 and part English with an Italian father, hence the name. She worked as an office girl for a company in the same building where I rented an office suite for my business in Nice, down the corridor on the same floor. All that follows happened shortly after I split up with Ginny Harris and was preparing to leave the Riviera to go to Spain. I was, by this time, a full member of the Riviera Rape Club and wanted to provide the club with a bitch we could abuse, torture and sex kill.
I chose Carolina because the young 5'4" cunt was gorgeous (in fact, she was stunning, a real head turner) and close enough to keep under observation for a while but far enough not to be connected with me. There was little chance her disappearance would be linked to me. I kept a watch on her for a couple of weeks and learned her name, age, that she commuted by train from across the border in Ventimiglia, Italy (only a 30 minute train ride), had no boyfriend, and jogged every evening. The jogging would explain the sexwhore's lovely athletic look. The jogging looked like the best opportunity to abduct my chosen sexbaby and that's how we got her.
As soon as we had the sexy bottom babe in a safe place (by this I always mean safe for the abuser, not the victim), we crowded around (there were 8 of us) to fondle Carolina's body still with her clothes on. I think this is very humiliating for a sex object to be fondled fully dressed. It is like being raped but with the added fear of knowing it is yet to happen. Then we ordered her to do a striptease for us. She tried to back away from us, shaking her pretty head and crying, looking down at the floor and saying "Nooooo" and "Pleeeeease!" over and over. It took a punch deep in her belly and a hard brutal kick from behind right in her teenage cunt, which sent her sprawling and retching on the floor, to change her mind.
It's interesting that even a tracksuit can look gorgeously sexual on an attractive love object, male or female. Carolina was wearing a powder blue track with a pale pink stripe over the left shoulder and down the body, repeated in the trouser part to the ankle. On her small pretty teenage feet she wore white and bright pink reeboks and dayglow pink cotton anklesocks. After fondling the 19 year old whoregirl with her clothes on, we made the babybumsex bitchgirl do a striptease and dirty dance for us. I lied to the pretty bumbaby, saying that we'd also kidnapped her kid sister (an 11 year old ugly duckling, quite unlike her delicious big sister) and would kill it if she didn't perform for us and obey all our commands completely and immediately, no matter how disgusting and evil she thought them. I told her to leave the reeboks and the cute little sexy sox on. In fact, the fat bottom girl Carolina wore them throughout her terrible ordeal, and died with them on.
Following the dirty dancing, throughout which Carolina cried her lovely blue eyes out, we made her stand with her hands on her pretty head so we could all feel and fondle her nude body all over. Then I made the fucking babysex kneel down so that we could take turns in front of her pretty face.
Each man was allowed to present the teenage whore with either his penis or his bum, but not both. Most gave her their cocks to lick and kiss, but I was one of only two presenting her with our big bums, making the lush childwoman lick up and down our dirty cracks and kissing our bottom holes. It's hard to describe the feeling of it to someone who hasn't experienced the wonderful sensation of killing a very sexy looking girl (or boy). I'm not in the least sorry about doing it. She deserved to be murdered for being so lovely and sexual, for being a very pretty young female and for having a gorgeous body. I am sorry only that I've not done it more than once. There are so many I would love to have killed, girls and boys, women and children. Among these are my ex-wife Elaine, a number of ex-girlfriends from my earlier years including Doris, Maggie, Patti and Mary, and, more recently, Laura Green and her children, Lindy Sutton and hers and, of course, Ginny Harris, her sisters and her lovely little boys.
Anyway, back to Carolina Porfirio. We kept Carolina alive in captivity for 15 days. After the stripping and rude dancing scene on the first day, the only clothes the sexy cunt was allowed to wear until she died were her little white and pink reeboks and her bright pink ankle socks. I think it is important to strip condemned beauties of all their dignity. They have no rights, anyway. His or her life is entirely in your hands and you learn very quickly to play the dirty cunt's emotions like a musical instrument. It's half the pleasure of working your way up to murdering them.
We used Carolina for sex and humiliation games for about 5 days during which we raped her many times in all her holes, often brutally gangraping her. As well as her gorgeous tight teenage vagina, we used her fat young bottom and her pretty mouth, her nose and her ears. I was thrilled to discover the fucking little bitch was a virgin throughout her body and I was the first, and among the last, to use her luscious fuck holes. On one occasion, the child woman had a man in her cunt, another in her bottom, two men alternately fucking her mouth, one trying to push the knob of his penis in her nostril, another spurting his cum in her right ear, and a cock in each hand to be wanked. She often had her titties fucked and the resultant spunk sprayed on her face as a punishment for having such lovely young teenage breasts with nipples. She was fucked in her armpits whilst being made to look at the horrible prick poking out from between her arm and her lush young body, and hold her cute face as close as possible in order to receive the shower of gooey white sperm on her tongue. The teen goddess was fucked between her closed athletic legs and along her deep bottybobo poopoo crack. We even managed to squirt spunk into her teeniegirly urethra via a fine hypodermic needle.
Another fucking I gave her several times is one I particularly like for its deep humiliation factor. I've done this to many of my victims, male and female. It is essentially a matter of fucking her or his face in a literal sense. You need to make the sex toy lay down or sit with her/his head back against a wall or seatback so that you can create friction on both sides of your penis as you press your belly against the victim's face. You lay your cock against her cheek with your balls near her mouth so she can lick them and your knob right next to her eyes above the bridge of her nose and then you jerk your whole body up and down in short fast strokes until you cum on her eyes (or in her hair, if you've got a long cock). A nice variation is to make her lay on a table and stand behind her head so that you can lean across her and lay your penis in the opposite direction with your knob above her lips, allowing you to squirt your filth in her mouth or all over that part of her face.
Days 5 to 9 were largely filled with canings, whippings, beatings and kickings combined with painful and humiliating bondage and suspension. On day 9 we began to torture Carolina. I won't tire you with what would be a long list of all the nice, loving and very painful and humiliating things we did to her gorgeous body but would like to tell you about the needles in her fat spunkbags (200 in each chest baby), in her vulva, inner and outer cunt lips, vagina and inner thighs (over 500 used in this area including many inside her cunthole and two long ones forced through her cervix into her filthy babybag), in her big soft, full bottom cheeks (200 in each) and around her tiny bumhole (50), in her shoulders and upper arms (100 in total), in her calves (50 in each), in her belly (300 including 50 long ones directly inserted through her bellybutton) and 100 in her beautiful teenage face (through her eyelids, nostrils, tongue, lips, earlobes and cheeks). Although I like pretty well every torture ever invented, I think I love needles the most especially when they're used in huge quantities as on Carolina. Her screams and whimpering were so sexy to hear and her uncontrollable shaking with fear beautiful to see. Especially nice was when she began to hyperventilate from the combined effects of fear and pain.
Although Carolina thought that we wouldn't kill her because she was performing to our requirements, the tortures on days 10 to 14 quickly became more and more extreme. We were careful with our games because we didn't want her to die from any of the stresses on her lovely body until the day we planned to murder her, day 15. One of the most amusing of the extreme tortures was the steaming of her uterus. I forced one of those women's steam curling tongs deep into Carolina's slimy cunthole and pushed the top four inches of it through her (by now badly damaged) cervix into her filthy uterus, then turned it on full. As soon as it was at its top temperature (she was already screaming from the searing of her cunt flesh), I pressed down on the steam control and held it down for a full five minutes until all the water was used up pouring into her vagina and uterus as boiling hot steam. Delicious screaming and, amusingly, she involuntarily pood herself. I enjoyed feeding it to her on a spoon.
On the 14th night, I had Carolina kneel before her masters and told her that we would decide this night whether or not we would kill her the next day. I told her that she may plead for her life and, if she did it well, we might consider letting her live. That was a wonderfully erotic evening listening to the child woman crying and screaming, begging and pleading for her life. She promised so many idiotic things, many of which we'd already done to her magnificent body. At the end of it, we all fucked her one last time, each of us choosing one hole (I buggered her laying on top so I could look into her eyes as I told her the methods we were going to choose from for her execution - this prompted yet more begging which helped me to explode in her pretty bottom one last time).
On the morning of day 15, the last day of lovely Carolina Porfirio's short life, I went with my colleagues to its cage and, after unchaining it, made the whore stand with legs wide apart and hands under its breasts holding them up and out for us to see. A mirror was placed behind her so we could see her lovely bottom. Then I told the curvy, pretty teenage girl that I had decided she would be murdered later that day. She immediately began screaming and wailing, sank to her knees and crawled forward to kiss my feet and up my legs to my penis in an endearing bid for mercy. She pood herself again and lost control of her bladder. Before any pleas for mercy were to be considered, the lovely child woman was ordered to lick up her disgraceful mess on the chamber floor.
That morning, while we 'considered' her plea for mercy, she agreed to a torture hysterectomy. One of my colleagues was a retired doctor who'd specialised in gynaecology and he led the fun operation. Everyone got a turn to do some cutting inside Carolina's young body, but the doctor had control in order to keep the cunt alive for her execution later in the day. He did so well, I gave him a very expensive bottle of rare wine as a thank you gift. Especially, as he saved just for me the final exquisite moment of the poor girl's mutilation, the removal of her uterus and ovaries from inside her nubile young body, her hopes of having children in a bloody tangle of bits and pieces of mangled flesh which I pulled from between her legs and trailed up her body to dangle over her beautiful, sobbing pale face. As the blood dripped onto her lips and her most intimate sex meat dangled over the bridge of her nose and in her beautiful blue eyes, Doc went to work inside cauterizing the wounds to prevent the bitch from bleeding to death or going into shock. God, that was such a loving and sexual moment, almost as good as taking the young whore's life itself.
At this time, Carolina thought she had just paid the price for keeping her useless fucking stupid life. With the bleeding stopped plus some emergency surgery on what had been her cervix, and pumped full of suppressant drugs, Carolina was allowed to rest for an hour. Meanwhile, her uterus, ovaries, vascular tissue from the cervical area, and chunks of flesh from the lining of her vagina were gently braised on a griddle. When it was cooked enough to make it tender, we fed Carolina her own internal sex organ piece by piece. The pretty whore (now only half a woman) was pumped full of adrenaline and other stimulant drugs. I told her that she could be shown no mercy, since she was a female sex toy, and a very pretty one at that, and we would kill her in precisely one hour.
The fucking pretty teenage whore didn't scream and wail at this news. Instead, she lost all colour and swooned, almost losing consciousness. Only the drugs in her system prevented the lovetoy from fainting. She looked as though she knew this was coming but, even so, couldn't believe it was happening to her, like it was a nightmare from which she would wake up at any moment. I ordered the cute bitch to walk to the execution chamber. This was, in fact, just another room in the basement chambers in which we had set up a wooden platform with a rope noose hanging above it from an overhead beam. She gasped and cried when I gave her this command but meekly obeyed. She was made to wiggle her bottom as she walked and to hold her fat young breasts in her hands. As she entered the chamber, the first thing she saw was the rope noose which shocked her so much she cried out again and fell, sobbing uncontrollably, to her knees.
The noose was actually merely for effect. Much as I like hanging, I had another more interesting, cruel and humiliating death in mind for Carolina. A swift, hard kick to the filthy slut's kidneys sent her sprawling on the chamber floor, retching. She was dragged along the floor by her pretty blonde hair to a wooden frame against the wall and facing the noose. Carolina was bound to the frame by her wrists and ankles and all we all gathered round to watch her darling angelic teenage face as I read the charges to her.
I remember the words as if I'd spoken them yesterday. "Carolina Porfirio, you are guilty of being 19 years old, being a sexually attractive whore, having a gorgeously pretty face and a beautiful, lithe body, of having large breasts, a tight, slimy cunt, a big, pert bottom, and gorgeous long legs. You are also guilty of having no uterus inside your body. Moreover, you are guilty of being a filthy little teenage whore, a beautiful female sex toy slut. Worst of all, you have, for the last 14 days, been showing your gorgeous big filthy body to men. You are a dirty little girl, a fat young tart. And for these reasons, I condemn you to die. You will give your life for our pleasure, Carolina. You will be killed in thirty minutes, lovegirl. You now have the opportunity to save your sister's life, Carolina, although not your own, by agreeing to eat the meat out of your fat teeny tittiebags."
Pleading with us not to kill her kid sister, the teen bitch agreed to eat her own titmeat, although she hadn't a clue what this meant. She didn't have to wait long to find out. Her breasts were cut open with the slice of a razor sharp scalpel in a straight line from her chest to the nipple of each bobo and both tits were opened like the petals of a flower. The female was so full of stimulants that the shock of having her tits cut open would be unlikely to kill her or even make her faint for quite a while. Using a spoon with a crafted razor sharp edge, I dug into each spunkbag in turn digging out titmeat and fatty tissue and fed it to her. The sharp edge of the spoon cut the inside of her mouth as she sucked the bloody mess off the spoon and swallowed it. Feeding Carolina her own breasts took about 10 minutes. We stuffed them with those soft, spongy things plastic surgeons use for enlarging bitches' tits. This seemed kind of funny, and we all had a giggle at it. Doc sewed up the tits as best he could, and then we led Carolina to the noose.
She was shaking with terror and began to plead one last time not to be killed. We stood her on the platform, tied her hands behind her back and put the noose around her neck. She was screaming and struggling and trying to kick us. That was nice to watch. Her ankles were then tied by cords to metal rings on either side of the platform, stretching her pretty legs to their painful maximum. At this point, the murder method was unveiled. Carolina thought she was going to be hanged but I wanted her to suffer real terror, pain and utter humiliation in her pretty death.
Mirrors were arranged behind and in front of her. Behind, so that we would have a good view of her bottom during death. It's always good to watch a sex toy's bottom during murder, to see the way it moves, especially its wobble, and to see what comes out of the anus. Nice also to glance at the legs from behind and the curve of the creature's back. In front, because we wanted Carolina to be able to see exactly what was being done to her.
Carolina Porfirio was now in the last few minutes of her life as I opened a small trap door in the platform immediately below the teenage whore's genitals. Then, stepping to the side of the platform, I inserted a metal handle into the ratchet at the top of a post which had just been inserted into a socket in the floor. By turning the handle, I was winding an orchestration of cogs and drives which produced a narrow steel shaft from the trapdoor between her legs. The shaft was about an inch in diameter brandishing a sharp point and tiny steel barbs each about a quarter of an inch in length and pointing in all directions. I quickly wound the shaft up to meet Carolina's wriggling cunthole then, leaving a colleague to drive the shaft, I went round to her front to guide the vicious steel shaft into Carolina's young body. The noose was tightened around her neck to make her body movements as dangerous as the shaft which was about to enter her vagina. Wearing a safety glove to protect my hand, I grabbed the shaft and two others helped to steady Carolina's shaking, struggling body. With my other hand, I opened her fat, sticky cunt lips. The rising shaft was now easy to guide into Carolina's young body. An inch inside the screaming teenager, the shaft had purchase on her cunt flesh and would now plough its own path as the drive mechanism forced it further and further inside her, through the remains of the place where her uterus had been, into her stomach and through her diaphragm.
Without careful guidance and a good knowledge of anatomy, the shaft could penetrate either lung or her heart or pass between them. Whilst, with Doc on hand, we had adequate anatomical knowledge, and we could, with his help, easily guide the shaft past her vital organs, my decision was that the shaft should be allowed follow its own path. It, in fact, penetrated one of her lungs, evidenced by the sudden spurt of pink and red foam from her mouth. Blood was also pouring down her lovely legs and the shaft itself. It finally came out of Carolina's long pretty neck just beneath her chin. I was thrilled to see she was still alive, if barely. Rather than let her drown in her own blood in her perforated lung, I asked for a bowie knife and plunged it into her belly, slashing around in there to sever her organs. We all came on Carolina's face as she died. 24247
Does the donation to the EFF apply only if I go through the Hacking Linux Exposed website? I bought a copy of that two weeks ago. However I was going to get Building Linux VPNS which is by Hatch and Kolesnkov. Does the EFF donation apply to that too?
Grow up, or the spamburgler gets it!
Yes, let them veg for another week. Let the bulbs mature a bit longer. Only switch to 12/12 when you are confident at maximum yield because some strains will produce only 4 or so bulbs that require support or the stems will crack somewhere. Or other plants will develop many smaller buds and I see more results in the fewer+larger buds than I see with the many+smaller buds. Yet the many+larger-bud strains are more difficult to grow and are more subject to health problems because of the general unstable size and loss of turgor inherent should they be damaged/disturbed in some way. Don't use the airoponics methods: hydroponics is much easier than airoponics (did I remember that as the correct term or am I smoking too much?) and use as much seagull shit as possible. Seagull shit is more rich than Chicken shit becaus seagulls consume fish (all-meat diet holds more nutrients) and chickens make do usually with grains. I recommend keeping your own chickens for this purpose, and rightly so because a *good* chicken can lay one egg each day so 4 chickens will supply you a good ammount of fertilizer for your hydroponics system and give you an egg breakfast.
;)
Just in my experience
Kudos!
Does it run Linux?
So I do not dissagree with you -- your solution is definately optimal for creating lots of good machines -- but the goal was to show how to install and secure one machine in a standalone environment with a set suite of server software.
As to the actual time I'd take to do the install and lockdown, I think 2 hours is plenty, given the proposed packages that must be installed and configured:
Including the (secured) operating system itself, the final server configuration must support (as secure as possible)
- A Web Server, preferably with dynamic-content generating capabilities, such as ASP or mod_perl. No documents need be installed, however all default-install documents/programs must be deleted. In other words, every possible request should return a 404.
- Anonymous FTP Server (read-only)
- Mail Server (able to accept email for itself and send to other Internet machines)
- DNS Server (able to act as a primary for 'OS.example.com' and as a cache for the local network)
- Firewall rules that allow only the above protocols, and any other packets necessary for system administration and normal functionality. (Inbound SSH, DNS Replies, etc.)
The software I'd probably choose would be Apache (mod_perl), DJB's publicfile for anon FTP access, Postfix for the mail server, and DJBDNS for the DNS server/caching server.Now that 2 hours includes keeping a log of what I'm doing, or at least explaining it to someone who can keep a good running log, includes download time of updates (like I said, this should be like an end user, so the packages should be out of date on the install CD) and time to go get and consume a grande non-fat extra carmel carmel macchiato from starbucks.
Checking our Amazon affiliates account, it looks like about 70 products were ordered on the day this slashdot review was published. I can't see actual monetary amounts until the items are shipped, unfortunately. But based on last quarter's average of $2.78/item, that means we'll be sending about $200 to the EFF for that day alone.
Also, I'd like to thank Alex Lewin who didn't buy through our links, but wrote:
That's the spirit, guys!
right. I know that was the original context. in the message I replied to debian was mentioned in a more general sense (at least I took it as a mroe general comment).
:)
which I agree on postfix, we have switched to it, I love the thing. as for DJB? well, I can't stand the way he breaks every unix filesystem convention for config files
So yes, in the specific challange context I agree 2 hours seems reasonable. It has been a while since I did a non kickstart redhat install, but even with redhat I think I could do a secure server install in 2 hours.