Slashdot Mirror
Getting Hacked Through Your Terminal
hdm writes "My company recently published a paper on security issues with common terminal emulator applications. The interesting thing about these vulnerabiltiies is that many of them only require the victim to be running tail on their log files (apache, syslog, etc) for the attack to be successful. The paper (TXT) can be found here."
~~~
It's a text file on what appears to be a decent server, not some Joe Q. User's geocities account, discussing a topic of relatively low interest to most people.
In other words, it's not going to get slashdotted, so stop karma whoring.
A Minesweeper clone that doesn't suck
For instance, you can recover a root password in just 10-15 minutes on ANY machine.
You shouldn't make such claims without any evidence.
Do you care about the security of your wireless mouse?
In the article, especially in the 'Fictitious Case Study', the author makes quite a lot of snide (although funny) remarks about Enlightenment.
By the way, I am not an Enlightenment user, so don't think that is why posted this.
For instance...
...or...
Thank you.
GrimReality
2003-03-02 01:27:02 UTC (2003-03-01 20:27:02 EST)
>And that, in my opinion, is what separates Great Hackers from the myriad of
>wannabes. I'm definitely a wannabe.
No, sir. YOu are not a wannabe. Go check out usenet:alt.hacking.* and look for
"Hotmail Hax0rz", "Warez", "Mail haxorz", "DOS", and other usual keywords
associated to 'have-no-clue-but-must-impress-my-friends' wanabees. If you have a
clue, you're already out of that category.
>I'm proficient at everything I do, but I'll never spend the (quite possibly small
>number of) hours actually finding out why that string crashes xterm, and maybe
>doing something useful with it. The rewards are definitely there,
The big key there is "why". That's what gives master hackers their edge. The
thirst of knowledge hanging just above their head, waiting to be plucked. But
how do you pluck it? Do you just rush to it, squishing it in your hands, licking
the residue from your palm? No.. you cherish and understand it. But you don't
give up. If that means asking for help from somebody more learned in that
area... Anything to solve that problem.
>and I've tasted
>their sweetness in flashes of inspiration, but I just don't have it.
But you've never tasted the sweetness of power sitting at a console with remote
root, gotten accidently by noticing and exploiting a 'weird bug'?
>What is it? I don't know. I don't suspect that I ever will, in this particular
>field. I think that I might just have it in another field (racing cars), but I
>think it's likely that I'll be Just Proficient at that, too, much as I have
>been at most everything for my whole life. And that's a pretty depressing
>thought.
Oh, is it? Look at your skills as a stat with a library of different happenings.
Who else here, let alone else in the world has your exact skill set and
memories? Nobody.
And so what, you'll be 'just proficient' in computing. That's way above the
average. Many people have a hard time of understanding "double click" or basic
computer terms. Put together and exploit what you do know and become an expert
in your field of knowledge. That'll get you respect, and access to more
information.
This is a nice touch, but remember that it's only security by obscurity. If you have physical access to the machine, you can just as well boot from a floppy, or remove the harddisk and put it into some other computer booting from another disk.
Not that it isn't useful, though. Most sysadmins do give their users physical access to their desktop (or laptop) computers. But then the users are, at least to some degree, trusted...