Slashdot Mirror
Novell OpenSUSE Server Hacked
abelikoff writes "Both LinuxWorld Australia and SuSE Linux Forums report that OpenSUSE website got hacked last night." This story was submitted quite a number of times.
← Back to Stories (view on slashdot.org)
People always try to blame the software right away but usually it's poor administration.
Linux is near-flawless in terms of security.
If you "get" pointers add me as a friend (116)!
I still will never understand why people do stupid things like hack websites.
They could just run OpenBSD.
How does hacking this website help to put your voice ? Other than geeks, how many people check that website. If they had hacked CNN or BBC, it would have been noticed significantly. Soon this would go into oblivion. Makes me wonder what has nuclear progam to do with open source linux ?
Looks like they were quick to fix it -- I just checked out the site now and it looks as though nothing ever happened.
The Iranian hackers should first learn English. I was banging my head on the table reading that grammatically incorrect junk.
Of corse this had to happen just a few days before OpenSuSe released the latest version 10.0 final. Now I'm assuming that there will be a delay there to make sure nobody added any "extra" software. I've been waiting for it to come out since I tried beta 1 of 10.0.
The US and EU better let Iran develop a nuclear energy program or these senseless acts of web terrorism will never stop!
http://wiki.novell.com/
Site is currently down.
People always try to blame the software right away but usually it's poor administration.
Was this a targeted attack? Did they just fall victim to a script? Unpatched vulnerability? Weak password? what? Im just asking cause none of the links provided answer this.
If something exists that does not need a creator (god) then why must the cosmos need one?
Just goes to show you that any jackass can type "./the_great_script" and replace a home page. More evident that Iran has its fair share of jackasses like the rest of the world.
I see these attacks all the time on all Internet facing servers.
There are two kinds of sysadmins: paranoids and losers. I'm both kinds.
The LinuxWorld Australia story is actually about an earlier break-in of a Novell system that was being used for World of Warcraft related stuff, not the OpenSUSE site at all.
Steven
If it was a website about Linux, it probably wouldn't even need to be hacked to make the front page of /. if it was running Windows
The open SuSE website wasnt hacked, it was a damn gamming machine they had on their network.
From TFA:
"The employees that set it up apparently had no idea of security," Brandon said. "But what is really surprising is that Novell would allow employees to set up game servers on their corporate network and then allow the public to access it."
"There was no major breach of security here," Barney said. "Needless to say, we are taking the appropriate steps" to address the situation.
TruePunk | Games
Looks like that SSH login/password brute force scanning attack that's been going for the past year or so. So some employees setup an easily SSH login on a gaming server? So what. Only part I can't figure out is why was the box public?
This guy is way out there
"Let's annoy the Linux community to hell. Then the world's governments will take us seriously!"
Nobody's gay for Mole-Man.
The point is, it was a Suse website, running Suse that got hacked.
If a Microsoft windows 2003 site, running Windows 2003 was the victim, then yeah, I think it would make the front page.
No folly is more costly than the folly of intolerant idealism. - Winston Churchill
Goes to show that you always need to check your machine. I had no need for remote ssh access so why did I leave it enabled.
Oh well, luckily I have no business with the arab nations so they are now all banned. Blame the ISP in question for not reacting.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
People always try to blame the software right away but usually it's poor administration. Windows is near-flawless in terms of security. Sound familiar?
Your logic and reason are not welcome here.
This would not have happened if the people at Novell had used Ubuntu Linux. :)
Linux Help
for all things on Linux
You still need strong passwords for real security. With a weak password, there is no real security...
Do trolls even try anymore?
Comparing it to Windows will be a moot point, since El Dorado is going to have a 40% larger code base than XP.
rc28@linux:~> ps -eaf | grep ncsd
rc28 27377 7202 0 12:44 pts/0 00:00:00 grep ncsd
rc28@linux:~>
wtf are you talking about?
From: yourfriendly neighborhood Suse 9.3 user
No, it wouldn't. People would get pissed about having to dig through 100000 stories of "Yet another cheesy Windows server hacked" until they found a real story.
Just because you don't prefer suse doesn't mean it sucks. I love to recommend suse to all the beginners that want to go to linux as i personaly have had the best luck with them using it and sticking with suse vs other distros.
Speaking from personal experience, 85% of all hacks come from poor administration. ie. not patching flaws, weak passwords, poor security measure such as file permissions and lack of firewalls. The remaining 15% come from a mixture of things, and like it or not, 14.999% of that is Windows. Security through obscurity doesn't work when you have thousands of people pounding at your code just trying to find a way in.
All these Worms on the net is a perfect example. And when you get down to it, even some of the poor administration is Microsoft's fault for making it "so easy you don't need an experienced technician...." When in fact they bury stuff so deep unless you know where it is, the necessary changes don't get made leaving everything as default.
I can't even begin to count how many times I've gone to a customer's location where they had an employee that was a self proclaimed geek that did all the setup and everything was not only wrong, it opened gaping holes on their network. Including things like having a USER logging in as Administrator on the server and using it as a workstation.
Plus I won't go into all the people who hold an MCSE that never touched a computer until they went to a 2 week bootcamp on how to pass the tests.
But, point in fact, any closed source application is subject to flaws that don't get patched because it's a small enough flaw that putting a programmer on it to fix it would cost more than keeping the flaw hidden.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
the hacker team has a website to add to that, its likely being hosted in iran so no one can do jack shit
Viable Slashdot alternatives: https://pipedot.org/ and http://soylentnews.org/
The OpenSuSE server has been sucking wind for weeks, and i know for a fact that trouble tickets have been submitted about it within Novell.
Maybe they were just trying to lend a hand with the administration . . . .
This is just like television, only you can see much further.
Ok, I'm not sure the argument was ever that linux was secure by design. You need the best security, you should probably go secure solaris or openbsd.
The argument is not so much pro-linux, as much as it is "Windows? Are you fucking crazy?"
Linux can be very secure if configured and admin'd properly, and given the same resources far more secure than windows. The argument is that it's the closest to a mainstream alternative with market presence and a large application base.
Not holier than thou, just holier than you.
The first rule of USENET is you do not talk about USENET.
He is a movie fan and was just accepted to a university.
Some bits of information can be found here:3 90/
http://www.zone-h.org/en/defacements/view/id=2917
Besides the OpenSuSE website they also hacked into wiki.novell.com and forge.novell.com.
Too bad that the Iranian hackers used OpenSuSE for their political stuff. It seems a bit misplaced, what does a linux distribution has to do with the question whether Iran should have nuclear stuff or not?
I had told novell not to run their websites on Windows OS. They wont listen. See now
[satire] that Novel has screwed up Linux! Of course the user name was "administrator" and password "linusrules" I only hacked it to show that strong passwords are better. Strong like user: admin6traitor password: billgatessucks69.
Help end the use of Sigs. Tomorrow
Pardon my obvious post-placement, trying to get this near the top and visible, but I suspect this is an important question for people to see, assuming answers are posted:
What is the practical upshot of all this? Is the damage limited to the "Give us nuclear rights" web defacement, or was that just a front to make people think nothing else was damaged?
I'm running SuSe 9.3, and this morning, I let the automated update program do it's thing. Did I download and install any breached files?
TFA don't say anything. One is dead already, and the other is useless.
I mean, I understand that there's a lot to discuss regarding security policies and server operating systems, but there are people who could be immediately affected here.
Procrastination -- because good things come to those who wait.
Dear Hackers,
If you're going to hack websites, don't try to justify your idiotic hobby by turning it into a political posterboard. It has the opposite effect you're looking for. The thing that scares people most is unpredictable behavior. If Iran were calm, clear in stating there intentions, and followed all the diplomatic protocols with a smile there would be no way for anyone to stop them from builting reactors (wheather it be for processing fuel for weapons or not). But stupid stuff like this make Iranians look like evil subversives. Just look at the graphic they posted. It looks like the shadow of some kind of daemon with horns. This is not a good image for Iran.
Or if it's a different group impersonating iranians, you're just losers.
Easy enough.
Allowing "users" to setup their own box, on your network, outside your firewall, using your IP address IS a breach of security.
No modern OS is flawless. Due to feature creep and the massive amounts of code involved, none can really be considered 'near flawless'. ( agreed, some are better then others )
Its the job of the administrators to mitigate and compensate for known, and unknown, security flaws.
---- Booth was a patriot ----
let me guess, iptables not enabled, no firewall service up, no bfd, SSH was up unfiltered and the root pass was a 3 letter word like god, to quote the movie "hackers" with angelina jolie. Hack the gibson. Hack the planet. Go Iran. Just kidding.
Alot of people are reluctant to use a firewall, even though you can easily do it with SuSE and YaST2.
I have the pay version of SuSE9.3 Pro, which is well worth the $99 price tag.
I mostly run fedora core boxes though, and this is a really good alternative to other iptables interfaces.
http://www.webhostgear.com/60.html
http://www.webhostgear.com/61.html
Get yourself those, make sure non of your dir's are 777, have strong 20+ char long passwords, don't RPM fetch from shady repositories, and you're on your way!
You do not want to work for VA Software (OSTG). The company is mostly comprised of ass-kissing managers and ass-kissing underlings that get promotions and raises. Your entire OSTG career will be about how much abuse you take from the low-level managers without speaking up about it. It is not about doing good work.
Again, for clarity: OSTG is not about doing good work. It is about kissing manager ass. Does that explain the Slashdot dupes, Linux.com crappiness, and dumb NewsForge stories for you? You don't have to be good. You have to act like Rob and Robin are your heroes.
"secure by design"? You're thinking of OpenBSD, not Linux. Not that Linux' security is bad, but the Linux kernel developers do not have the same paranoid attitude towards security that the OpenBSD developers have.
quidquid latine dictum sit altum videtur.
Best. Webhost. Ever. Dreamhost.
Is it just me or is it a bit off kilter for a hacker or anyone to related to a hacker to actually have his personal information online. I managed to get the name of of an Iranian by performing a whois search.
Ooo man the floppy drive is broken. No wait. The computer is just upside down.
I think it is time for the open source community, as a whole, to better consider its public image. Incidents like this, involving one of the premiere Linux vendors, do unfortunately tarnish the image of our community quite badly. And then you have rogue open source developers publically insulting users. Such incidents make people remember open source software for all the wrong reasons.
Now, perhaps this is just a case of amateurs being allowed to join a community that mainly consisted of academics and professionals. The high standards that the open source community once enjoyed are being degraded on a daily basis by developers who cannot write secure code (ie. many PHP developers), by developers who blatantly insult and ridicule their users (ie. the KOffice example earlier in this post), or companies that provide insecure, open source-based products.
Is there much that can be done about this? I'm not sure.
Cyric Zndovzny at your service.
Yeah, reposts are heavily frowned upon.
Don't fight for your country, if your country does not fight for you.
You're sites have been hacked so often that you can stats its accuracy to 3 decimal places? I think you need to rethink your place in the world of technology...
No smoking sigs indoors.
http://forums.suselinuxsupport.de/index.php?showto pic=20645
It's not being hosted in Iran. It's hosted in the US by Virtuoso Net Solutions inc. I sent this email to abuse@virtuosonetsolutions.com yesterday about 7 PM (I sent them my real info, obviously):
Dear Sir/Madam:
The OpenSuSE website was defaced either today or yesterday by an Iranian
hacker clan whose website is located on your servers. I checked the
whois data for the hacker clan's domain (ihsteam.com):
Majid NT
Bl Sajjad-milad 7 no. 12
Mashhad 8735452575
Iran
IP of the website (according to whois records of the ip, it is owned by
your company):
147.202.64.138
References:
http://www.opensuse.org/
http://www.ihsteam.com/
In case the sites above have been changed, I've attached an compressed
archive saves of their main pages. I hope you'll see that ihsteam.com
is in direct violation of your AUP.
Sincerely,
Name
Phone
Email
They haven't replied yet, and the website is still up. But it IS a weekend.
I pretend to know more than I really do by mooching off google and wikipedia.
Hey good call how many home users need to do any of things you mentioned. We are talking fred average who wants to check his email and type word documents and is tired of windows.
Vanity: Empty pride inspired by an overweening conceit of one's personal attainments or decorations.
Source: 1913 Webster
Yes, I agree with you there. Last year I did an internship at my high school with the IT department. We had to switch a bunch of users from one Windows domain to another, and it involved having users change passwords in the proccess. So, as I went around setting the various workstations to talk to the new domain, I would instruct users to type a new password. As I did this with one secretary, I happened to glance down at what she was typing for her 5 digit password. It was 11111. I told her she had to use something more complicated, but I didn't see what she typed after that. God only knows what some of the people with whom I wasn't staring at their keyboards typed...
Saying "I'll probably get modded down for this" in a post is the best way to get it modded up.
With SuSE 10.0, you get your choice of 5 different rootkits.
I'm pretty sure that when Microsoft's WindowsUpdate servers were cracked by a worm, it made the front page.
Actually, in comparison to NT4 and 2K, 2K3 is a brick wall. I don't believe there has been a remote compromise in the default install of 2K3 since its launch.
Saying Java is nice because it works on all OS's is like saying that anal sex is nice because it works on all genders.
might wanna work on your syntax a bit before posting suggestions like that.my machine responds with: PermitRootLogin ermitRootLogin no /etc/ssh/sshd_config now with something like: echo "PermitRootLogin no" >> /etc/ssh/sshd_config maybe you'll get the job done. but then again, maybe not.
It's a little worse than that. The IHS guys aren't just script kiddies, their lead guy's blog is here. He is apparently very active in writing exploits and gives code to all of them. He was just accepted into a university, but worse, one of his blog entries is about how he likes slackware and is trying to write some code to help the project out. Now I don't know about you, but I find that suspicious as hell. Unless someone goes over every line of code submitted with a magnifying glass than it can be fairly easy to sneak in a little area for a buffer overflow or something. (Preventive measures like SELinux and exec-shield are necessary and even they don't fully solve the problem). I can only hope that the slackware community does decent background checks on submitters, and also good code checking. The last thing we need is for Open Source to start being purposely made vulnerable and attacked from within.
Regards,
Steve
I don't know how the hackers hacked, but OpenSUSE is a very young outfit and this may serve as a useful wake up call so that by the time they get to be big and flourishing they'll have things locked down real tight. It must be hard locking down php scripts like MediaWiki, though. Php seems to run Microsoft Windows close as a great way to get hacked.
Anyway, as one of the main contributors to the OpenSUSE project pointed out, a few script kiddies planting half-baked slogans on a site not even appropriate for them palls beside the things elsewhere in the world that happened overnight, such as the dreadful loss of life in Bali. It's a sign of the sheer immaturity of the hackers that they should think what they're doing is important. So in hoping to publicize their cause, they're in fact just making it a laughing stock.
Which makes them two-time losers in my book. If they are who they claim to be, of course.
Las qué passoun
tournoun pas maï
Wrong. In most states, ex-convicts are not allowed to own guns as they have proven they are not trustworthy individuals.
Iran, as a state sponsorer of terrorism, has proven itself to be an un-trustworthy state. If they build a reactor, we should turn it into a parking lot before it is even close to operational.
-- I ignore anonymous replies to my comments and postings.
Aren't they sitting on top of a shitload of oil?
1. Their website does not mention *anything* about the break-in
2. The first link thrown up by a Google search for "opensuse hack" is a thread on suselinuxsupport.de that, apparently, has been deleted!
Nandz.
Just a note. Anything can be hacked given enough patience, enough time, enough resources, and enough basic knowledge. There is no such thing as a 100% secure system, unless you are talking about a system that has been unplugged, encased in concrete, and sunk to the bottum of the ocean. Even then, I wouldn't be too sure. In other words, best that can be done is to make it a challenging thing to do. There is no system that cannot be penetrated by a talented hacker. This one, evidentally, from what I've read, was fairly talented...not your average script kiddie.
So lay off alright?
it could be an Alias.
-William
God is everything science has yet to explain.
How'd that moderation get past the Ubuntu Mafia?
RE: (Or, has the the Nagasaki & Hiroshima bombings escaped your memory??)
I suppose you would like to go the memorial services each year Nagasaki & Hiroshima? Do you ever think about the Nanking massacre? How about Japanese war crimes? A quote from the article:
I don't care how or why Hussein was removed from power... I am just glad he was. Same will go for Iran's reactors if they build them... and Iran itself... if they build a bomb.OK... I'll stop feeding the troll now... I... just... couldn't... help... it.
-- I ignore anonymous replies to my comments and postings.
Just a reply to all the replies I've seen thus far to the parent. Your comparisons are poor for a few reasons.
Murder and bank robbery always negatively affect someone. Removal of life and removal of property and all that. Hacking/cracking/whatever-you-want-to-call-it sometimes involves property damage of a sort, if the hacker actually does do any real damage.
A much better comparison would be "people that break into your house". If real life reflected cyberspace, there would still be essentially murderers and thieves trying to break into places, and there would also be people hopping through your window at night to leave a sticky-note on your coffee table that reads, "Window latch is broken, you really oughta fix that." People that, for fun, are trying to circumvent the security of others, simply for the thrill and opportunity to improve said security.
So, let's come around to, "if nobody hacked, we wouldn't have this problem!" Seriously. In reality, there will always be an incentive to break into stuff, to steal, to cause various sorts of trouble. This incentive will create a certain type of hacker; it's not as if all the "bad" hackers were once "good" and then realized all the harm they could be doing. The bad apples were created in exactly the same way most criminals are created. Some guy with a passion for computer security is a differed breed of "hacker" than an organized crime syndicate. Don't confuse the former with the latter, and don't act like they're part of the problem.
They're not.
If other reasons we do lack, we swear no one will die when we attack
...The poor children.
It's a reasonable question to ask.
Yes, fundamentally it's true that configuration management has a significant effect on security. To be precise, this is not a flaw, but a characteristic. A site which is in full control of system configuration will have formal security advantages over one which isn't, and this is universally true regardless of platform.
However, the story is told from a much different perspective when it comes to evaluating the security of a given platform. Configuration remains a major factor in security, but it has to be weighed in light of platform capability. So, for example, a very simple network appliance with a very small configuration space has the prospect of being very secure. An ideal appliance cannot be configured insecurely. In practice, that may or not be the case, depending as always on design tradeoffs and correctness of implementation.
Apart from pure appliances, all computing platforms must, for reasons of generality, offer configuration possibilities that put some security tradeoffs in the hands of site administrators. Such is the case for both Linux and Windows, so indeed poor administration can always result in poor security on a sufficiently general platform.
The practical focus, therefore, has turned to how securely these platforms are configured by default. Interestingly, even though Windows is marketed for nonexpert use, it has a long tradition of being configured insecure by default, exactly the opposite of what would be appropriate for a nonexpert market. It also, in my opinion, embodies a lot of fundamentally insecure design tradeoffs, neglecting principles such as modularity, containment, and least privilege, for example. These are extremely deep design problems, not easily fixed.
Linux and Unix, although designed by developers for developers, and therefore intended for expert use, have a record of delivering much better security by default. I can think of lots of particular exceptions, but they have tended to be minor design tradeoffs that could be, and were, easily corrected. Security incident statistics seem to reinforce these observations very strongly.
In my line of work, I get to see what goes on behind the scenes at a lot of sites. It's not often that I come upon a site which is not suffering to some significant degree from a chronic neglect of configuration management. All discussion of platform characteristics aside, this is a real problem on the ground for security.
The issue, in terms of value for effort, then becomes to identify which of these sites is (a) at most immediate risk, and (b) has the best potential of improvement. In the former case, I find that the answer is Windows, and in the latter, it's Linux.
Parity: What to do when the weekend comes.
But.. but, what about: /etc/ssh/sshd_config ?
emacs -nw
Although, I prefer vi for editing config files and emacs for programming, personally.
If I have nothing to hide, don't search me
I don't blame them though
Yeah, my bad. Slashcode considered my "greater than" > > as some sort of html tags and deleted it.
And the Catholic Church incinerated around seven million women during the Inquisition. Shall we round them up too?
(I'm not saying the modern Catholic Church is just as bad; if you like that kind of logic - oh, you ARE in the right forum! never mind)
First off, that was a slight exageration and the fact that you thought it was actual facts tells me that maybe you take some things a little too seriously and/or can't tell the difference between fact and making a point.
The point to that was, I've not had a single "virus" hit my linux servers. Basically, at this point, I'm batting 1000 on my linux servers for everything. Not one hack or virus. On the other hand, don't get me started on Windows servers. Even after hot fixes have been applied to a clean server, I'll turn around and 24 hours later find they've been infected. Clean up, apply the hot fix again, another 24 hours later, worm again. So before you try to wax intellectual and point the blame at someone that you "think" should be doing something else since their figures look skewed. Maybe you should ASK.
The old phrase comes to mind about the wise man listening while the fool chatters. I was mearly pointing out real world scenerios. Hell, half I'll be called in the first time something gets broken. I've never touched the network before. And you wouldn't like me to tell you the alarming rate of them that have had personal data stolen that are real estate agents or mortgage brokers. You know, the kind of people that get their hands on your most precious of data. Then we wonder why so many people are having their identities stolen. After all, real estate agents and mortgage brokers tend to be notoriously cheap and will spent thousands of dollars a month on their image, but are loathe to spend $10 on the infrastructure.
I don't understand why many people now-a-days seem to side with the criminals and not the victims. Why else would the OP seems to try to raise sympathy for Iran (sponsors of Hezbollah) by trying (boo hoo) to show how one of the most brutal war-like societies in modern history (Japan of the 30's and 40's) was sooooo hard done by. I suppose you think that Japan was just misunderstood? Maybe they were all abused as children and it wasn't their fault they raped, tortured, murdered millions of Koreans and Chinese and Filipinos and ... Or maybe Iran is just having some fun supplying explosives to brainwashed college kids to strap on and blow up Israelis with? But maybe we can't see that because we're from another culture and are just too narrow minded to understand? Come on, enough with political correctness already. All you need to understand is that until Iran moves their human rights to the 21rst century, they have no business having nuclear programs. Political correctness is ridiculous in these circumstances. If I have a choice of generalizing, not letting them have nuclear power, and for sure not being nuked by a terrorist; or giving a state with a known track record of terrorism the capability of building a nuclear bomb, I will generalize night and day... and support those who want to keep nuclear capability out of their Iran's hands.
-- I ignore anonymous replies to my comments and postings.
What kind of backwards logic is that?
If we didnt have hackers, we wouldnt need "things such as online shopping and ssh encrpytion etc".
Ofcourse this is no perfect world, and we do have hackers... but thats quite a stretch, trying to justify their existence.
My hand touched her hand. Her hand touched her boob. By the transitive property, I got some boob! Algebra is awesome!
In the spirit of openness, I hope that Novell releases information about the crack. How it happened, what was compromised, what information can lead to the perpetrators.
Now that they've already been "hacked", as much information as can be gleaned should be disseminated so we would know how to avoid this. If we're using OpenSUSE products, we'd like to know how to protect ourselves and provide a test that would hack into our systems to make sure any solutions are really working.
I would suggest "WideOpenSuSE"
Tubby or not tubby. Fat is the question
The United States, as a state sponsor of terrorism, has proven itself to be an untrustworthy state. Since the US already has many reactors, should it be turned into a parking lot?
I once had a signature.
Put yourself in the president's position; because of the past president the international community doesn't take you seriously when you threaten action. Most everyone, including your own advisors and intelligence agency, (and need I mention- the country in question), claim that a *certain country* has biochemical wmd's and are willing to use them. There is even past evidence of wmd's and past use of them on that country's own civilians. The past president and the UN threatened military actions against that country if they did re-start their wmd programs or continue human-rights violations, both of which they have done, largely with impunity; failure to enforce this promise on your part will cripple your ability to enforce international policy in the future.
There is more, but I will not bore you. Looking at this information and knowing that leaders MUST make decisions before they know all the facts, (if they ever do); what would you do?
As for the atomic bombs, most of the radiation dissapated quickly because it was an air-burst explosion, and there was interesting circumstances on that one too. The Japanese were actively training their civilians to fight, (women, children, anyone able to hold a knife or stick - anyone able to kick, bite, hit). Remember, these are people with a fierce honor system and religious loyalty to the emperor, (who was seen as the son of god by them). the president saw casualty estimates and decided to act. Personally, I would probably do the same. Was it horrible? Only the devil could answer no. Of course it was.
I am not advocating or endorsing war or nuclear holocaust of any kind, but I also know how worth while the 'monday-morning quarterback' is and it is just about as much as the duke I flush every day.
The fact is, these both happened. Learning from history is important, yes, but let's get out of the situation before we tear the nation apart. Protest is great. Dialogue is great, just don't cripple the war effort and the support for our troops. Your brother may be home, but so many others are not. Remeber; they read our media and react to the encouragement they find there. (ie:Bush Approval ratings Hit Basement! Iraq War A Loosing Battle, Thousands of Troops Die!)
The number one rule in international polotics is cover your own ass first. If you are eradicating starvation in Africa, but your own people are killing each other, it will do you no good. Think of it another way; the best defense is a good offence, right? How many terrorist attacks have happened on US soil since we attacked Afghanistan and Iraq? Right, now how many happened in the eight years prior to that? Yeah. Makes sense, doesn't it?
The bottom line is this; Not only do I care about the people suffering over there, but I CAN care, and I am STILL HERE to care. Not only that, but this post and yours have NOTHING to do with the above article... why did I write this here???
"Our Constitution was made only for a moral and religious people. It is wholly inadequate to govern any other" -John Ada
Hilarious! My new sig has arrived!
I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
Oh, yeah?
Try telling that to SCO.
They seem to be doing just fine running Linux. Hope they don't accidentally involve themselves in their automatic lawsuit machine...