I know that this is slightly offtopic, but am I the only one that is getting sick of all the appeals? I am beginning to think that an appeal should be an automatic thing. After all, everybody else does it, why not just make it mandatory?
Why dont they do a search instead of posting to slashdot? Well, Ill hazard a few guesses:
- When late breaking news stories are slim pickin' you could always pull a simple question like this out of the hat so us geek's have something new to read after the last visit to the site 5 minutes prior
- Why do research when you can ask 1million or so geeks that live just to reload and reread the latest/. headlines and read insightful (well, sometimes;) answers from a few dozen of the best moderated replies
Besides, if there were no new headlines for 24 hours or so, who the hell would visit slashdot? Gotta post some of those 1,000,000 or so "what if" or "what is the best way to..." questions sometimes.
First of all. Why was access to the data allowed from a public terminal? When you have something like answers for a test that can easily be stolen by anyone with a packet sniffer/key logger, why would you trust accessing that data in public places? Almost sounds as smart as using your bankcard in a hi-tech camcorder store run by ex-criminals.
Second. Why was the data accessible over a network rather than a standalone machine? C'mon school admins, think here. Did the military patent the concept of a computer device NOT connected to a network and NOT in a public place? Cause last time I checked, a machine in a locked room the must be accessed by entering/passing through an area which is populated, and where you would be recognized (uh, staff room?) as unauthorized would be impossible for a stuhave time to steal the data.
Moral of the story? Anything that is considered "confidential" should be on a standalone machine that nobody would have the time or resources to break into during a normal school day.
Re:look at the blackboard in the background
on
SCO.com Defaced
·
· Score: 2
I would think it is refering to how they got hacked. Looks like "realloc(" as in man 3 realloc. A snippit from the man page:
realloc() changes the size of the memory block pointed to by ptr to size bytes. The contents will be unchanged to the minimum of the old and new sizes; newly allocated memory will be uninitialized. If ptr is NULL, the call is equivalent to malloc(size); if size is equal to zero, the call is equivalent to free(ptr). Unless ptr is NULL, it must have been returned by an earlier call to malloc(), calloc() or realloc(). If the area pointed to was moved, a free(ptr) is done.
It may be stored in ascii, but that still doesnt mean that the number isnt stored internally as a 32bit unsigned integer and processed accordingly to do a comparison check against the old value.
"these serial numbers are now based on UTC time encoded as the number of seconds since the UNIX epoch (00:00:00 GMT, 1 January 1970)"
Uhh, call me stupid, but isnt this the kind of moronic thinking thats gonna nail us AGAIN in 2038 when 32bit epoch dates roll over?! Does anyone know if bind can handle 64bit numbers for serials? Or is this just another screwup waiting to be discovered in 2037 just before the internet stops working cause all the DNS servers cant handle > 32bit;)
Is it just me, or doesnt anyone else see that this is a good thing to do. If in the future we cant record anything because of broadcast flags and DRM "features" on our TVs, how would you be able to complain since you wouldnt be able to even make a copy of the show to bring in? If that were the case and they didnt have to keep a copy around it would be impossible to file a complaint. At least with the new rules you wont have to worry so long as you complain within the 60-90 day period. Oh well, maybe I just dont know anything.:(
Anyways, the subject says it all. Its very possible that you have been comprimised if your kernel is panicing. I think its time to boot from a safe copy of your distro (or some other custom distro...etc) and confirm the checksums of everything and do a good scan of the filesystems.
Also, one good thing to do is place a clean box in between the comprimised server and its internet connect and run tcpdump/tethereal on the brided connection. The first thing you need to do is be able to identify _all_ traffic going in and out of the box. If you dont know what something is, research it. You never know what you might stumble upon.
Here is a list of some things that I feel are worth considering:
1. Patch your system! As soon as a patch comes out, get it applied and reboot if you have to! Also, stay up to date on security issues by subscribing to mailing lists that are related to the software your using. One good general purpose site is cert.org. Keep in mind that while mailing lists are great ways of being notified, they arent fool proof. If your subscription expires and you dont know about it, you wont be exactly up to date in the community now will you?
2. Use grsecurity. This is a kernel patch that is briefly lagged behind official Linux kernel versions. It has many great features for protecting against stack attacks/buffer overflows. ie: Those latest greatest scripts your local script kiddie just downloaded wont likely do anything against you since special addresses are randomised. It can also hide files on your computer such as intergrity checkers so nobody except you know they exist. Plus it can stop insert code into a running kernel by making kernel memory readonly (which btw, would have prevented at least one of the attacks they mentioned).
3. Install a filesystem intergrity checker. Aide, integrit and tripwire all come to mind and essentially all do the same thing but with different config file syntax. Besides, how can you tell if a file is changed if you dont actually check? Also, dont forget to hide the existence of this program using something like grsec's gradm filesystem ACL util and be careful of automating checks in the crontab!
4. Read a good linux securing article. One such article I have read is called Securing & Optimizing Linux: The Ultimate Solution. It will teach you how to lock a system down a fair bit and how to remove unused/unneeded services from your computer.
5. Watch those logs! Log files provide a wealth of information, but administrators rarely check them (well, not all). If you dont know what a log entry means, research it, or else you may be looking at an attack and not even realise it. Now I know some of you are thinking I am nuts considering just how many logs even a small system generates, but there are tools to help you. One way is to use a program called swatch (a perl script). It can parse existing and old archived log files using a perl regex syntax and trigger actions based on found text. Start by configuring the system to ignore any log entries that are known to be friendly and show you everything. Then slowly eliminate each friendly entry one at a time. What will be left is a list of purely evil enteries:). Next configure swatch to alert you upon recieving such messages! Of course you can always use perl or even grep -v to parse logs, but for repeated use I think a specialised tool would save you some trouble in the long run.
Now I know I could go on forever with suggestions, but I think that these few things should give anyone a kick in the right direction. I hope this has been helpful.
I have an old defective 9gig SCSI that I would be love to see hit some surface at mach 4. But could data recovery companies still recover my data?;)
The first two are Dell Poweredge 4200's
on
Google's Early Hardware
·
· Score: 5, Informative
For those who are wondering, I happen to own two of the very same machines in the top two pictures lol! They are Dell Poweredge 4200 machines with the logo plates removed! The specs are roughly this:
Dual CPU capable (max 333mhz) Max RAM 512MB Bios Limit (66mhz EDO SDRAM) 6x80pin SCA drive bays Dual 700 watt hot swap power supplies Built in VGA (ATI Mach64 VT 1MB)
For the record, they typically ship with AMI Megaraid 428 (or higher) hardware raid cards. But the onboard SCSI2 is Adaptec AIC-7860 & 7880. Also worth mentioning, they are clusterable using Windows NT. I grabbed these machines off machine and local computer store and have been very stable work horses running Debian! (www.emaildesktop.com). Just glad to see that these machines were useful in their days!
Well, some people may not know it, but the firewall (iptables) in linux is very neat when it comes to doing "tricks" with incoming connections.
First, start by creating a table that all incoming SYN packets to the port 80 should jump to.
Next, us some sort of php script that has sudo permissions to add an ip address (DAMN WELL make sure you know how to properly check those numbers).
Set the default policy for this new table to REJECT or DROP (your call)
On each new session incoming to the server, call a script that can call iptables to add their IP specifically to the new table to ALLOW the connection, but use rate limiting on this rule of say no more than 10 requests per minute. Anything after that will cause the rule to be ignored and will hit the default policy which will reject them. The trick is to set the time value on the block to something like 30minutes. This way, anyone who goves over the 10 requests/min (or whatever you deem reasonable) will be blocked for 30 minutes. Thats should at least make it impractical to download huge amounts of data short of hitting the machine from multiple machines.
The last thing is to setup some sort of "Cleanup" script that either runs every so often when a connection hasnt been used to remove the old ip's from the iptables.
Anyways, its a rough idea, and no way in heck im gonna give the commands verbatim for nothing:) RTFM (man iptables).
Now, Im probably the dumbest person on the planet when it comes to understanding telescopes, but could it be possible to convert the hubble telescope into a laser weapon secretly if it were attached to the space station and refitted/modified? And if it could, doesnt it seem like an excuse to do so by prearranging the telescope to be placed ahead of time into a precalculated decaying orbit in the hopes of later using an already planned out method to tug it back to the station where it could be modified as such?
Also, isnt the mirror in the telescope very high quality? Could something like this is possible be used to melt incoming rocks?
Oh well, probably just another stupid post, but someone let me know, im curious if such a thing could be done.
Friday September 12, @03:58PM: Server goes down due to unusually high traffic. Friday September 12, @04:01PM: Server load causes electric breakers to trip power in whole building. Friday September 12, @4:02PM: Power surge from LAN going offline and slashdot visitors surge cause second blackout
On a side note, shouldnt we be trying to go out, attach small effecient space engines to these fly bys and forcing them into orbit either around the earth or the moon to possibly be used one day to slingshot off at a more deadly threat?
Please moderate this up! I think these kinda of thoughts deserve to be noticed and spoken about!
Wouldnt it be a good idea to go out and "retrieve" other close by "rocks" and sling them in orbit around Earth. They could then be equiped with proper rockets and perhaps trimmed down to the needed size to shoot back off at new astroids in a game of intergalatic pool?
All Tthat I'm suggesting is that we try keep these big rocks that fly by. They are massive objects which simply need some "redirection". Heck, I say we fight fire with fire by slinging them at each other.:)
Is it just me, or are some companies getting carried away with technology? Ill admit some features may be rather handy, but for the most part, products of today's society seem to be crammed full of features that most people dont want/need in order to justify a absured cost. Does anyone else besides me see a pattern here?
Wouldnt this be kinda like entrapment? I mean think about it. MS basically let the secret go without trying to protect it.
Fine. Now lets change the parties involved a bit and, oh I dont know, change the Kerberos document to say drugs. Now, if I were a police officer (MS employee) and I left say 1lb. of POT (something valuable to certain people) on a sidewalk (a public place like say....the Internet) and waited for someone to pick it up (download it), wouldnt that be entrapment?
I mean, its fairly obvious that MS probably did this for tactical reasons in order to hinder Linux and Samba. I thought MS was already in enough trouble as it is for this kind of stuff. Personally, I would like to see new laws that stop "childish" games like this.
Im curious...im sure that the module had a version number, and wass officially released with whatever number. Now, wouldnt the GPL require the official release with that version to be GPL'd? Or are they allowed to say "oops" and re-released that version under a non-gpl license? ------
Slashdot Mirror
I know that this is slightly offtopic, but am I the only one that is getting sick of all the appeals? I am beginning to think that an appeal should be an automatic thing. After all, everybody else does it, why not just make it mandatory?
My $0.02
This article has been brought to you by the Department of Redundancy Department.
Why dont they do a search instead of posting to slashdot? Well, Ill hazard a few guesses:
/. headlines and read insightful (well, sometimes ;) answers from a few dozen of the best moderated replies
- When late breaking news stories are slim pickin' you could always pull a simple question like this out of the hat so us geek's have something new to read after the last visit to the site 5 minutes prior
- Why do research when you can ask 1million or so geeks that live just to reload and reread the latest
Besides, if there were no new headlines for 24 hours or so, who the hell would visit slashdot? Gotta post some of those 1,000,000 or so "what if" or "what is the best way to..." questions sometimes.
First of all. Why was access to the data allowed from a public terminal? When you have something like answers for a test that can easily be stolen by anyone with a packet sniffer/key logger, why would you trust accessing that data in public places? Almost sounds as smart as using your bankcard in a hi-tech camcorder store run by ex-criminals.
Second. Why was the data accessible over a network rather than a standalone machine? C'mon school admins, think here. Did the military patent the concept of a computer device NOT connected to a network and NOT in a public place? Cause last time I checked, a machine in a locked room the must be accessed by entering/passing through an area which is populated, and where you would be recognized (uh, staff room?) as unauthorized would be impossible for a stuhave time to steal the data.
Moral of the story? Anything that is considered "confidential" should be on a standalone machine that nobody would have the time or resources to break into during a normal school day.
"If I was to manage a farm of 200 different of these I'd easily go crazy."
But if you had 200 machines to use in a compile farm, wouldnt gentoo make more sense?
Eat my dust!
I would think it is refering to how they got hacked. Looks like "realloc(" as in man 3 realloc. A snippit from the man page:
realloc() changes the size of the memory block pointed to by ptr to size bytes. The contents will be unchanged to the minimum of the old and new sizes; newly allocated memory will be uninitialized. If ptr is NULL, the call is equivalent to malloc(size); if size is equal to zero, the call is equivalent to free(ptr). Unless ptr is NULL, it must have been returned by an earlier call to malloc(), calloc() or realloc(). If the area pointed to was moved, a free(ptr) is done.
When you do find any good documents, please be sure to forward them off to all the governments around the world ;)
It may be stored in ascii, but that still doesnt mean that the number isnt stored internally as a 32bit unsigned integer and processed accordingly to do a comparison check against the old value.
A quote from their site:
;)
"these serial numbers are now based on UTC time encoded as the number of seconds since the UNIX epoch (00:00:00 GMT, 1 January 1970)"
Uhh, call me stupid, but isnt this the kind of moronic thinking thats gonna nail us AGAIN in 2038 when 32bit epoch dates roll over?! Does anyone know if bind can handle 64bit numbers for serials? Or is this just another screwup waiting to be discovered in 2037 just before the internet stops working cause all the DNS servers cant handle > 32bit
Is it just me, or doesnt anyone else see that this is a good thing to do. If in the future we cant record anything because of broadcast flags and DRM "features" on our TVs, how would you be able to complain since you wouldnt be able to even make a copy of the show to bring in? If that were the case and they didnt have to keep a copy around it would be impossible to file a complaint. At least with the new rules you wont have to worry so long as you complain within the 60-90 day period. Oh well, maybe I just dont know anything. :(
Anyways, the subject says it all. Its very possible that you have been comprimised if your kernel is panicing. I think its time to boot from a safe copy of your distro (or some other custom distro...etc) and confirm the checksums of everything and do a good scan of the filesystems.
Also, one good thing to do is place a clean box in between the comprimised server and its internet connect and run tcpdump/tethereal on the brided connection. The first thing you need to do is be able to identify _all_ traffic going in and out of the box. If you dont know what something is, research it. You never know what you might stumble upon.
Good luck.
Here is a list of some things that I feel are worth considering:
:). Next configure swatch to alert you upon recieving such messages! Of course you can always use perl or even grep -v to parse logs, but for repeated use I think a specialised tool would save you some trouble in the long run.
1. Patch your system! As soon as a patch comes out, get it applied and reboot if you have to! Also, stay up to date on security issues by subscribing to mailing lists that are related to the software your using. One good general purpose site is cert.org. Keep in mind that while mailing lists are great ways of being notified, they arent fool proof. If your subscription expires and you dont know about it, you wont be exactly up to date in the community now will you?
2. Use grsecurity. This is a kernel patch that is briefly lagged behind official Linux kernel versions. It has many great features for protecting against stack attacks/buffer overflows. ie: Those latest greatest scripts your local script kiddie just downloaded wont likely do anything against you since special addresses are randomised. It can also hide files on your computer such as intergrity checkers so nobody except you know they exist. Plus it can stop insert code into a running kernel by making kernel memory readonly (which btw, would have prevented at least one of the attacks they mentioned).
3. Install a filesystem intergrity checker. Aide, integrit and tripwire all come to mind and essentially all do the same thing but with different config file syntax. Besides, how can you tell if a file is changed if you dont actually check? Also, dont forget to hide the existence of this program using something like grsec's gradm filesystem ACL util and be careful of automating checks in the crontab!
4. Read a good linux securing article. One such article I have read is called Securing & Optimizing Linux: The Ultimate Solution. It will teach you how to lock a system down a fair bit and how to remove unused/unneeded services from your computer.
5. Watch those logs! Log files provide a wealth of information, but administrators rarely check them (well, not all). If you dont know what a log entry means, research it, or else you may be looking at an attack and not even realise it. Now I know some of you are thinking I am nuts considering just how many logs even a small system generates, but there are tools to help you. One way is to use a program called swatch (a perl script). It can parse existing and old archived log files using a perl regex syntax and trigger actions based on found text. Start by configuring the system to ignore any log entries that are known to be friendly and show you everything. Then slowly eliminate each friendly entry one at a time. What will be left is a list of purely evil enteries
Now I know I could go on forever with suggestions, but I think that these few things should give anyone a kick in the right direction. I hope this has been helpful.
I have an old defective 9gig SCSI that I would be love to see hit some surface at mach 4. But could data recovery companies still recover my data? ;)
For those who are wondering, I happen to own two of the very same machines in the top two pictures lol! They are Dell Poweredge 4200 machines with the logo plates removed! The specs are roughly this:
Dual CPU capable (max 333mhz)
Max RAM 512MB Bios Limit (66mhz EDO SDRAM)
6x80pin SCA drive bays
Dual 700 watt hot swap power supplies
Built in VGA (ATI Mach64 VT 1MB)
For the record, they typically ship with AMI Megaraid 428 (or higher) hardware raid cards. But the onboard SCSI2 is Adaptec AIC-7860 & 7880. Also worth mentioning, they are clusterable using Windows NT. I grabbed these machines off machine and local computer store and have been very stable work horses running Debian! (www.emaildesktop.com).
Just glad to see that these machines were useful in their days!
Well, some people may not know it, but the firewall (iptables) in linux is very neat when it comes to doing "tricks" with incoming connections.
:) RTFM (man iptables).
First, start by creating a table that all incoming SYN packets to the port 80 should jump to.
Next, us some sort of php script that has sudo permissions to add an ip address (DAMN WELL make sure you know how to properly check those numbers).
Set the default policy for this new table to REJECT or DROP (your call)
On each new session incoming to the server, call a script that can call iptables to add their IP specifically to the new table to ALLOW the connection, but use rate limiting on this rule of say no more than 10 requests per minute. Anything after that will cause the rule to be ignored and will hit the default policy which will reject them. The trick is to set the time value on the block to something like 30minutes. This way, anyone who goves over the 10 requests/min (or whatever you deem reasonable) will be blocked for 30 minutes. Thats should at least make it impractical to download huge amounts of data short of hitting the machine from multiple machines.
The last thing is to setup some sort of "Cleanup" script that either runs every so often when a connection hasnt been used to remove the old ip's from the iptables.
Anyways, its a rough idea, and no way in heck im gonna give the commands verbatim for nothing
Good luck
Now, Im probably the dumbest person on the planet when it comes to understanding telescopes, but could it be possible to convert the hubble telescope into a laser weapon secretly if it were attached to the space station and refitted/modified? And if it could, doesnt it seem like an excuse to do so by prearranging the telescope to be placed ahead of time into a precalculated decaying orbit in the hopes of later using an already planned out method to tug it back to the station where it could be modified as such?
Also, isnt the mirror in the telescope very high quality? Could something like this is possible be used to melt incoming rocks?
Oh well, probably just another stupid post, but someone let me know, im curious if such a thing could be done.
Friday September 12, @03:58PM: Server goes down due to unusually high traffic.
:)
Friday September 12, @04:01PM: Server load causes electric breakers to trip power in whole building.
Friday September 12, @4:02PM: Power surge from LAN going offline and slashdot visitors surge cause second blackout
hehe, well, It sounded funny in my head
Does this mean I wont be able to run my Windows update through my firewall now?
I guess we really are "Big Brother".
On a side note, shouldnt we be trying to go out, attach small effecient space engines to these fly bys and forcing them into orbit either around the earth or the moon to possibly be used one day to slingshot off at a more deadly threat?
Please moderate this up! I think these kinda of thoughts deserve to be noticed and spoken about!
Wouldnt it be a good idea to go out and "retrieve" other close by "rocks" and sling them in orbit around Earth. They could then be equiped with proper rockets and perhaps trimmed down to the needed size to shoot back off at new astroids in a game of intergalatic pool?
:)
All Tthat I'm suggesting is that we try keep these big rocks that fly by. They are massive objects which simply need some "redirection". Heck, I say we fight fire with fire by slinging them at each other.
Just think, if you could click the take picture button 24 times a second, you can get 3.33... seconds worth of video! Wow, who needs a camcorder!
Is it just me, or are some companies getting carried away with technology? Ill admit some features may be rather handy, but for the most part, products of today's society seem to be crammed full of features that most people dont want/need in order to justify a absured cost. Does anyone else besides me see a pattern here?
Wouldnt this be kinda like entrapment? I mean think about it. MS basically let the secret go without trying to protect it.
Fine. Now lets change the parties involved a bit and, oh I dont know, change the Kerberos document to say drugs. Now, if I were a police officer (MS employee) and I left say 1lb. of POT (something valuable to certain people) on a sidewalk (a public place like say....the Internet) and waited for someone to pick it up (download it), wouldnt that be entrapment?
I mean, its fairly obvious that MS probably did this for tactical reasons in order to hinder Linux and Samba. I thought MS was already in enough trouble as it is for this kind of stuff. Personally, I would like to see new laws that stop "childish" games like this.
Down with MS!
------
Im curious...im sure that the module had a version number, and wass officially released with whatever number. Now, wouldnt the GPL require the official release with that version to be GPL'd? Or are they allowed to say "oops" and re-released that version under a non-gpl license?
------