Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ongoing Linux/Solaris Compromise Epidemic

Posted by timothy on from the active-malice dept.

An anonymous reader writes to point out that Stanford's Information Technology Systems and Services "has written a summary of a series of compromises that have been happening at universities, research institutions, and high performance computing centers, for the last month or more. The attackers are using known vulnerabilities in Linux and Solaris, along with compromised user accounts, to gain access and control of systems, from standalone servers to HPC clusters ... (the attacks are still ongoing)."

25 of 366 comments (clear)

  1. Nothing to worry about by Rapid+Home+Offer · · Score: 5, Funny
    From the article:
    The attacker appears to be deliberately targetting machines in academic and high performance computing environments, rather than attacking systems indiscriminately.
    I wouldn't worry too much. It's sounds like some guy is trying to boost his SETI@home ranking.
    1. Re:Nothing to worry about by Anonymous Coward · · Score: 1, Funny

      No, no, just ignore this. When Windows is being compromised that's cause for gleeful giggles and jokes on slashdot. When Linux is being compromised that's for social misfits to blush about and shamefacedly ignore.

  2. Attacks against universities? by dre23 · · Score: 0, Funny

    Isn't this old news... like circa 1952?

    --
    IPv4 allocations for hobbyists? join the ipalloc-l mailing-list! www.operations.net/mailman/listinfo/ipalloc-l
  3. Check out a good substitute for all your Linux by Anonymous Coward · · Score: 3, Funny

    A good substitute for Linux and Sun boxes. My school migrated two years ago, weren't happier ever since.

    Here - those guys make a kernel, kickass GUI environment (faster than GNOME and easier to use than KDE) plus some office word editors and educational stuff like encyclopedias and maps.

  4. I'm just glad... by Anonymous Coward · · Score: 4, Funny

    I'm running Windows XP!

    aQazaQa

  5. Yes, but by Anonymous Coward · · Score: 0, Funny

    Dooes it runs Lunix?

  6. Re:In other words by FrYGuY101 · · Score: 1, Funny

    Shh. This is Slashdot... here them's fightin' words!

    --
    "If we let things terrify us, life will not be worth living."

    - Seneca
  7. Note to self by UnknowingFool · · Score: 4, Funny

    Change Linux root password from 1234 to something harder to guess

    --
    Well, there's spam egg sausage and spam, that's not got much spam in it.
    1. Re:Note to self by RussDavisDotCom · · Score: 5, Funny

      No Worries. I've already changed it for you.

      --
      My favorite phrase: You have 5 Moderator Points! Use 'em or lose 'em!
  8. HPC Clusters? by JessLeah · · Score: 3, Funny

    Isn't that an oxymoron? Cray Canada's CTO says so. Then again, Borland's CTO said "OS X is my favorite Linux distribution.", so maybe CTOs aren't so smart about Technology after all ;)

    --
    Honey, I shrunk the Cygwin
  9. I guess I'll just sit here by Anonymous Coward · · Score: 0, Funny
    ... and wait for all the great jokes about "Linux security".

    Oh, wait...

  10. DAMN IT MITNICK! by Anonymous Coward · · Score: 2, Funny

    You know he's at it again!

  11. Imagine... by Odin's+Raven · · Score: 4, Funny

    From the Stanford article:

    Stanford, along with a large number of research institutions and high performance computing centers...

    And further down...

    ...the compromised user account is typically used to run a password decoding application called John the Ripper...

    To paraphrase a cliche without any attempt at humor:

    Imagine a Beowulf cluster running John the Ripper.

    /me runs and hides in cellar...

    --
    A marriage is always made up of two people who are prepared to swear that only the other one snores.
  12. Re:Windows is not the only vulnerable OS by DAldredge · · Score: 2, Funny

    You just described 76% of all /. posters.

  13. Re:Hmm, doesn't seem very unusual. by Spoke · · Score: 3, Funny

    (And as for numbers and symbols making passwords less crackable--admit it, how many of you use 1337speak to make up the number/symbol quota?)
    Doh, how did you know my password was 1337speak? I better change now that you've posted it on Slashdot!

  14. Re:Now, wait a moment ... by eclectro · · Score: 1, Funny

    Now, my opinion of MS is not that great, but this just seems wrong

    Not really, if one of the companies is a cockroach.

    --
    Take the cheese to sickbay, the doctor should see it as soon as possible - B'Elanna Torres, "Learning Curve"
  15. Re:Windows is not the only vulnerable OS by Anonymous Coward · · Score: 1, Funny

    Yeah, vi has grown way too bloated. I can't even put it on a small floppy anymore with my emergency repair tools. Do you know how hard it is to edit anything with ed? Instead I just cat things around.

  16. this just in... by medelliadegray · · Score: 4, Funny

    PC's get compromised if security patches are not applied!

    and in other news...
    cheerio's get soggy in milk

    --
    Troll, Troll, go away and flame again some other day
  17. Re:Windows is not the only vulnerable OS by drinkypoo · · Score: 3, Funny

    I am a religious patcher.

    How's the reformation coming?

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  18. Sad Mind by Neo-Rio-101 · · Score: 5, Funny

    I was looking at one of the Solaris vulnerabilities, and I saw "sadmind".

    I thought it was some kind of nasty name for a hacking daemon - until I found out that sadmind was the "Solaris ADMIN Daemon"

    --
    READY.
    PRINT ""+-0
  19. Win 95 to the rescue! by CaptainPinko · · Score: 5, Funny

    Heh, I'm running Windows 95. I figure by now the hackers are just bored of hacking me.

    Security through boredom, my new secret weapon take th^454&*%2^$^^^B

    --
    Your CPU is not doing anything else, at least do something.
    1. Re:Win 95 to the rescue! by the_thunderbird · · Score: 2, Funny

      I'm running Linux on punchcards, let those dang crackers have a go at that!

  20. Re:Token-based security by Minna+Kirai · · Score: 2, Funny

    Don't use passwords *at all*.

    Wrong! Use tokens *and passwords* !

    Using just tokens opens your users to a wide range of physical attacks... especially if they're college students with roomates who can "borrow" things for a few minutes of infringement.

    I wonder if Debian supports any of those systems yet?

    Yes. RSA SecureIDs can be used with almost any computer system. (They are a combined physical-token + password solution, and have better hardware compatiblity than a usb-key, as the user reads an LCD screen on the card to see a passkey that expires every 60 seconds)

  21. Re:Strategic issues by awkScooby · · Score: 2, Funny
    I see a day coming when, in one day, half the computers in the US have their disks erased.

    Everyone needs to go patch their systems immediately. We need to make sure that enough of us are around so that we can still slashdot the webserver that survives.

  22. Re:Lazy Admin ? by Anonymous Coward · · Score: 1, Funny

    Where I work (a college Physics dept. that shall remain nameless), we are ruthless wrt securing our unix boxes but tend to be very slack when it comes to windows. The poor technician gets to reimage windows boxes on a regular basis though. Our (bad) attitude tends to be something like: "Oh, you got a virus/worm/trojan huh? Silly you! Pull the blue cable NOW, we'll have your PC fixed within a week. Until then use the student lab." This really helps with user training too! Go ahead, open the attachment, make my day! Now before you all say that we are suckers since creds harvested off windows boxes will tend to be the same as that user's unix creds, I should fill you in. We tend to classify users: "What operating system will you be running on your desktop? Oh, windows...? Is it alright then if we give you /bin/false as your shell? Great!" ie. don't give shell access to windows users, they have no clue as to how to use a CLI anyway! On top of that we are uber paranoid about account expiration and passwd policy due to these recent local root exploits and restrict remote ssh fanatically using an SSL PHP page. When a user wants remote ssh they have to visit this page, authenticate and nominate the ip from which they will connect. They get 2 weeks max before they have to repeat this process and each time they do we get and they get an email confirming their submission. FYI, cron runs a PHP script that writes the active user@ip lines to /etc/ssh/sshd_conf from the MySQL db.