As others have said, you should always reinstall after noticing your boxes have been cracked (you'll also want to check on things to see if you can determine the point of entry and person(s) responsible).
The better solution is to just not be cracked in the first place. The way to do this is to be known-secure. How do you do that? Audited code, such as OpenBSD provides peace of mind. Secure logging (i.e.: logging to another internal machine whose job it is to accept log reports) -- this gives you a nice write-only log target, making it easier to trace intitial probes and attacks.
Next, you'll want to check existing services, and review any services you want to add. I discussed this in Securing the Border, parts 1, 2, 3, and 4.
You might also want to read "Auditing Kuro5hin" where I found a root compromise on Kuro5hin.org when reviewing the system with Rusty, the site owner and creator. It has tips on how to recover cleanly. ---
NFS mounted home dirs solved this for me (as I have a home LAN, and I needed to consolidate my file access).
However, over the internet that's not really safe. Cron syncing with scp is a potential solution.
I'm sure we'll eventually have a "home space" system whereby people can access their home stuff via a public-key/encryption based authentication/transfer system.:-) ---
"Finally, only accept connections from hosts with a valid IDENT response."
How exaclty are people who use Win32 supposed to send mail through the SMTP server then? What about machines which have been rooted, or otherwise have identd installed to fake responces?
Relying on the client to provide valid data is a trivial security flaw. Perhaps you mean to say, "only accept mail to a non-local domain from an explicit set of IP addresses," and make sure that your machine has anti-spoofing enabled to its highest level via
echo -n "Setting up IP spoofing protection..." for f in/proc/sys/net/ipv4/conf/*/rp_filter; do echo 2 > $f done echo "done."
You'll also want to use the Postfix mailer, as you have to misconfigure that to relay spam. ---
"And there is nothing expensive about loading up a bulk email program and sending mail to a half-million people." Unless you happen to be:
An ISP whose mail server goes down because of the sudden rush of out going mail
An unfortunate user whose valuable paid-for connection time is used downloading spam (think European telecom costs)
The unfortunate ISP who receives a half-million bounce messages.
Spamming is criminal, or should be. Anyone who does it deserves the full penality of law. Since law seems to not be able to deal with it, vigilantism is our only recourse.:-/ ---
"You never think about "connecting to the internet", you just work with data that happens to be located somewhere else "
I think you're thinking of DSL/Cable connections. At least in my neck of the woods, there is no PPPoE evil on the DSL side, and the Cable systems are also 24/7. I never "think" about connecting, I just work with non-local data. Of course, the rare few times such a connection is removed, it's very annoying because I'm forced to work locally, and cannot use the Internet to look up reference information:-/
So get a highspeed/reliability connection, and enjoy it. ---
"I think the client should always pay for the bandwidth."
Currently, most people do pay for bandwidth. It's the backbone providers who are making the money from the scheme -- they charge somesite.dom so many dollars per gigabyte, and then charge the people loading the page (inderectly via the ISP) for the same gigabytes.
If the backbone providers had more competition, and there was a standard way of paying for site useage (anonymously, of course), your idea could work. But I'm not holding my breath:-) ---
This shows the problem with special optimizations. People often talk of their "cool ASM hacks" which give them another 5 to 10% on some piece of hardware. The problem is that a year or so later, when that hardware is dreadfully obsolete and we all have new hardware, the software performs worse, or not much better at all because of the hack. This is why clean coding would be good.
If all software was written in a general way for a "generic" x86 processor, we'd see how truly nice the Althon does compared to the PIII (which would stall out constantly, I'm guessing)
Although on a static platform (console unit which can never be upgraded), such performance hacks make sense. ---
"Without the only man who keeps this company alive, Id goes under."
John Carmack is good. John Carmack is not god.
To work at iD software, you have to be the "best of the best" -- and be proven at what you do. Not just any joe-schmoe walks off the street and gets in because "the company can rely on the one guy who does all the work"..
John does engine work with 2 other programmers. There are also 3 level mappers and 3 character animators. This is a balanced company, even if one of the guys happens to be so skilled at one thing he does that he is revered as a god. ---
It was indeed over the racism charges against a professor (or medicine IIRC). The forward thinking people on campus protested this to the Dean, who ignored. It led to the whole studen protest.
The "proof" was when a person (a black person) gave an exact copy of his thesis statement to a white student a year later to see how the professor would mark it. The exact same paper netted a lot more marks for the white student. The Dean's office continued to ignore it.
The fire and resultant damage were accidental, and stemmed from the police charging the fairly friendly protest. ---
That happened at the University in Quebec. AFAIK, the reason for the protest was to spur the separation of Quebec from Canada. I can't seem to find any specific information on the web, but I only tried google.
Remember, outside of the US and Vietnam, no one really was all that involved in what was essentially a small bush fight:) ---
As you can see, it saves you from doing the usual solution (calling another function, either passing it the variables or adding to the global variable namespace). This is desireable when performance is critical, or when the recovery is so trivial it does not justify the expense of a function call (ie: you just rewind a stream by one byte). Also, if this code is specific to one function, why make two?
As another example, any try { }.. catch { } code in C++ is just another example of a goto -- except that it's more structured around specifically handling error conditions within a block of code. The same concept can be applied to C very successfully.
Of course, this doesn't mean you should go and used hundreds of gotos. That's like using hundreds of for() statements, or while() loops when there is no reason to. And no one really knows what will happen if you goto something in another function (C has no ret instruction equivalent):-)
"since when is being able to set a computer up to display applications running on another computer by default a bad thing? "
"Gee, boss, I don't know why that dialog with porn popped up in front of our CEO. Must've been some nasty vandals or something.."
There's a reason why things should be secure by default. OpenBSD is the only distribution of a free OS that I've seen that takes this into account (3 years without a remote root hole in the default setup, 2 years without a local root hole in the default setup, and audited applications all around!). ---
I disagree. Encryption, even non-hardware assisted, is easy to have setup.
Look at theTEA project (Transparent Encryption Agent), or look at the methods for transparent PGP of mail I outlined in Gnu Privacy Guard tutorial, part 2 towards the end of the document.
So, unlike your tank cars, this can be implemented easyily and quickly -- with no extra material cost. Replication of software and data through computers is essentially cost free, which how the GNU project can get away with giving away free [libre, beer] software:-)
I'd prefer constant, perversive encryption to having someone listen into even the most insignificant private conversation I hold any day. ---
See, they called it episode 3-A, but then they went and named it episode 31........ The problem is that now GiS has almost exhausted the 2^5-2 namespace.
The solution? Mail "episode31.mp3" to kurt@thepope.org, and he will happily rename the file and return it to you.
With his help, as the unrecognised head of catholocism in Michigan, we might all be spared the problems of a small name space.. ---
"Have you considered suing slashdot, or perhaps andover for compensation for the bandwidth that it took to download the banner ad at the top of the page you're seeing now? if not...why? you didn't ask for the banner ad. It's a blantant infringement of your rights as an internet user."
Wrong, buddy. I do nothing, and I receive spam. It's completely passive on my part. It's like a telemarketting call: they initiate it, and enter my private space. With telemarketters, I can just ask them to never call again lest I persue legal action against them. I can't do the same with spam.
With banner ads on slashdot and the like: that's accepted when I choose to load the website. Being a proactive person, I installed Internet Junkbuster years ago, and continue to reap the benefits today. Again, a completely easy and legal way of avoiding unwanted advertisements -- something spam does not provide.
Perhaps you'll also claim Kuro5hin is somehow evil, too. When we do bring in ads (eventually), anyone with a user account has to opt in. If you don't have an account, you get a mixed-bag of ads. But I will personally (as an admin of the site) ensure that IJB has an updated blocklist containing the URL for the K5 ads so people can opt out even without an account. Something which Spammers don't even think of providing.
And if you do choose to opt-in for ads (supporting K5), you get to choose the advertisement classes you see. No more adverts for random things you don't want!
So before you paint everyone who doesn't like advertisements as some sort of evil person who wants to freeload: realise that they probably (like myself) dislike advertisements you cannot opt out of, like those wonderful advertisements positioned right above urinals. Captive audience, anyone? ---
The really interesting thing is that of the four links mentioned in "Comments Containing A Copy of the Specification:" 2 were links to a copy, 1 was the actual thing (ACed, of course), and one was talking about possible legal repurcussions to the Samba team if they "unzip ~/ms_kerberos.exe"ed and developed! Ha!
Is this some sort of legal chaf released to make their "non-case" look like it has a leg to stand on?
Does this mean I've become one of the "Comments Containing A Copy of the Specification:" ? No, not to anyone who understands links;-)
And considering I used a Unix unzip on a file downloaded from MS, it's even from official sources! Hopefully some opensource/free software project will incorporate the changes, to allow interoperability (which is legal under the DMCA). Hooray for legality. ---
"There does exist a prgram that is supposed to convert RPMs to a.tar.gz file that you can simply unzip (in your root directory?) to install the files."
I think you mean rpm2tgz, a nice little script that converts rpms to tgz format.. Authored by one Patrick Volkerding, and available with your friendly Slackware distro;-) Once it's a tgz, you can use installpkg on it. ---
If you'd read an elengant discourse on the subject, you'd find that without scripting, or similar, you've doomed the user to do multiple, repetitive tasks. Have you ever had to rename 50 files before? That's either a lot of time clicking, typing, and clicking again in an interface (such as the Macintosh's finder, or Windows Explorer), or a few seconds writing a shell script (once you get the hang of shell scripts, of course).
If your interface can't free the user form the original hard work you intended to eliminate (the whole reason to use a GUI in the first place), you're back on square 0. True, a newbie won't know about it, but when they do need it -- it's there. ---
Speed vs. stability. I like to have both, which is why I use Linux. If you want pure speed, I hear Win98 SE is good at crashing rapidly;)
Sarcasm aside, as a BeOS user, I'd expect you'd be in agreement with the "OSS fanatics" about having drivers and specs for hardware. I can tell you, the main reason I don't use BeOS on workstations around my house is because the driver support level is at OS/2 levels. OpenBSD, Linux, and Windows are the only OSes that support all my hardware. I don't think OpenBSD and Linux support the hardware because companies released binaries, like they do for Windows. >:) ---
"I have NEVER had support like that from any other company."
Except for Matrox, 3Dfx, and ATI who can release drivers with source. Sigh. Sorry, but I'm rather disillusioned with companies that can't give away the software equivelant of the owners manual.:-( ---
Slashdot Mirror
As others have said, you should always reinstall after noticing your boxes have been cracked (you'll also want to check on things to see if you can determine the point of entry and person(s) responsible).
The better solution is to just not be cracked in the first place. The way to do this is to be known-secure. How do you do that? Audited code, such as OpenBSD provides peace of mind. Secure logging (i.e.: logging to another internal machine whose job it is to accept log reports) -- this gives you a nice write-only log target, making it easier to trace intitial probes and attacks.
Next, you'll want to check existing services, and review any services you want to add. I discussed this in Securing the Border, parts 1, 2, 3, and 4.
You might also want to read "Auditing Kuro5hin" where I found a root compromise on Kuro5hin.org when reviewing the system with Rusty, the site owner and creator. It has tips on how to recover cleanly.
---
NFS mounted home dirs solved this for me (as I have a home LAN, and I needed to consolidate my file access).
:-)
However, over the internet that's not really safe. Cron syncing with scp is a potential solution.
I'm sure we'll eventually have a "home space" system whereby people can access their home stuff via a public-key/encryption based authentication/transfer system.
---
"Finally, only accept connections from hosts with a valid IDENT response."
/proc/sys/net/ipv4/conf/*/rp_filter; do
How exaclty are people who use Win32 supposed to send mail through the SMTP server then? What about machines which have been rooted, or otherwise have identd installed to fake responces?
Relying on the client to provide valid data is a trivial security flaw. Perhaps you mean to say, "only accept mail to a non-local domain from an explicit set of IP addresses," and make sure that your machine has anti-spoofing enabled to its highest level via
echo -n "Setting up IP spoofing protection..."
for f in
echo 2 > $f
done
echo "done."
You'll also want to use the Postfix mailer, as you have to misconfigure that to relay spam.
---
- An ISP whose mail server goes down because of the sudden rush of out going mail
- An unfortunate user whose valuable paid-for connection time is used downloading spam (think European telecom costs)
- The unfortunate ISP who receives a half-million bounce messages.
Spamming is criminal, or should be. Anyone who does it deserves the full penality of law. Since law seems to not be able to deal with it, vigilantism is our only recourse.---
"You never think about "connecting to the internet", you just work with data that happens to be located somewhere else "
:-/
I think you're thinking of DSL/Cable connections. At least in my neck of the woods, there is no PPPoE evil on the DSL side, and the Cable systems are also 24/7. I never "think" about connecting, I just work with non-local data. Of course, the rare few times such a connection is removed, it's very annoying because I'm forced to work locally, and cannot use the Internet to look up reference information
So get a highspeed/reliability connection, and enjoy it.
---
"30 Episodes aughta be enough for anyone" - Jeff Bates, upon the release of episode 3a...
I can't wait to see what the GiS crew does next week >:-)
---
"I think the client should always pay for the bandwidth."
:-)
Currently, most people do pay for bandwidth. It's the backbone providers who are making the money from the scheme -- they charge somesite.dom so many dollars per gigabyte, and then charge the people loading the page (inderectly via the ISP) for the same gigabytes.
If the backbone providers had more competition, and there was a standard way of paying for site useage (anonymously, of course), your idea could work. But I'm not holding my breath
---
This shows the problem with special optimizations. People often talk of their "cool ASM hacks" which give them another 5 to 10% on some piece of hardware. The problem is that a year or so later, when that hardware is dreadfully obsolete and we all have new hardware, the software performs worse, or not much better at all because of the hack. This is why clean coding would be good.
If all software was written in a general way for a "generic" x86 processor, we'd see how truly nice the Althon does compared to the PIII (which would stall out constantly, I'm guessing)
Although on a static platform (console unit which can never be upgraded), such performance hacks make sense.
---
"Without the only man who keeps this company alive, Id goes under."
..
John Carmack is good. John Carmack is not god.
To work at iD software, you have to be the "best of the best" -- and be proven at what you do. Not just any joe-schmoe walks off the street and gets in because "the company can rely on the one guy who does all the work"
John does engine work with 2 other programmers. There are also 3 level mappers and 3 character animators. This is a balanced company, even if one of the guys happens to be so skilled at one thing he does that he is revered as a god.
---
Thank you for refreshing my memory :-)
It was indeed over the racism charges against a professor (or medicine IIRC). The forward thinking people on campus protested this to the Dean, who ignored. It led to the whole studen protest.
The "proof" was when a person (a black person) gave an exact copy of his thesis statement to a white student a year later to see how the professor would mark it. The exact same paper netted a lot more marks for the white student. The Dean's office continued to ignore it.
The fire and resultant damage were accidental, and stemmed from the police charging the fairly friendly protest.
---
That happened at the University in Quebec. AFAIK, the reason for the protest was to spur the separation of Quebec from Canada. I can't seem to find any specific information on the web, but I only tried google.
:)
Remember, outside of the US and Vietnam, no one really was all that involved in what was essentially a small bush fight
---
MySQL kept segfautling.. Otherwise, K5 seems alright now :-)
---
Actually, the goto is not a bad thing.
.. catch { } code in C++ is just another example of a goto -- except that it's more structured around specifically handling error conditions within a block of code. The same concept can be applied to C very successfully.
:-)
Not when used correctly, that is. As unconditional jump within a function body, it allows you to handle all exceptions in one place easily.
For example:
if(!connect("site"))
goto error;
if(!send("string"))
goto error;
....
error:
handle_error();
(Yes, this is simplified)
As you can see, it saves you from doing the usual solution (calling another function, either passing it the variables or adding to the global variable namespace). This is desireable when performance is critical, or when the recovery is so trivial it does not justify the expense of a function call (ie: you just rewind a stream by one byte). Also, if this code is specific to one function, why make two?
As another example, any try { }
Of course, this doesn't mean you should go and used hundreds of gotos. That's like using hundreds of for() statements, or while() loops when there is no reason to. And no one really knows what will happen if you goto something in another function (C has no ret instruction equivalent)
---
"since when is being able to set a computer up to display applications running on another computer by default a bad thing? "
"Gee, boss, I don't know why that dialog with porn popped up in front of our CEO. Must've been some nasty vandals or something.."
There's a reason why things should be secure by default. OpenBSD is the only distribution of a free OS that I've seen that takes this into account (3 years without a remote root hole in the default setup, 2 years without a local root hole in the default setup, and audited applications all around!).
---
Who's to say that a cat couldn't be an NT admin? Although I hear that cats sometimes have problems understanding TCP/IP..
---
I disagree. Encryption, even non-hardware assisted, is easy to have setup.
:-)
Look at theTEA project (Transparent Encryption Agent), or look at the methods for transparent PGP of mail I outlined in Gnu Privacy Guard tutorial, part 2 towards the end of the document.
So, unlike your tank cars, this can be implemented easyily and quickly -- with no extra material cost. Replication of software and data through computers is essentially cost free, which how the GNU project can get away with giving away free [libre, beer] software
I'd prefer constant, perversive encryption to having someone listen into even the most insignificant private conversation I hold any day.
---
Hey, I'm not the only one in on this then..
See, they called it episode 3-A, but then they went and named it episode 31........ The problem is that now GiS has almost exhausted the 2^5-2 namespace.
The solution? Mail "episode31.mp3" to kurt@thepope.org, and he will happily rename the file and return it to you.
With his help, as the unrecognised head of catholocism in Michigan, we might all be spared the problems of a small name space..
---
Lee-nus and Lih-nus are bother better than LIE-nus..
:-)
I personally say lih-nus, unless stressing the "accent" it has
---
Please...
"Have you considered suing slashdot, or perhaps andover for compensation for the bandwidth that it took to download the banner ad at the top of the page you're seeing now? if not...why? you didn't ask for the banner ad. It's a blantant infringement of your rights as an internet user."
Wrong, buddy. I do nothing, and I receive spam. It's completely passive on my part. It's like a telemarketting call: they initiate it, and enter my private space. With telemarketters, I can just ask them to never call again lest I persue legal action against them. I can't do the same with spam.
With banner ads on slashdot and the like: that's accepted when I choose to load the website. Being a proactive person, I installed Internet Junkbuster years ago, and continue to reap the benefits today. Again, a completely easy and legal way of avoiding unwanted advertisements -- something spam does not provide.
Perhaps you'll also claim Kuro5hin is somehow evil, too. When we do bring in ads (eventually), anyone with a user account has to opt in. If you don't have an account, you get a mixed-bag of ads. But I will personally (as an admin of the site) ensure that IJB has an updated blocklist containing the URL for the K5 ads so people can opt out even without an account. Something which Spammers don't even think of providing.
And if you do choose to opt-in for ads (supporting K5), you get to choose the advertisement classes you see. No more adverts for random things you don't want!
So before you paint everyone who doesn't like advertisements as some sort of evil person who wants to freeload: realise that they probably (like myself) dislike advertisements you cannot opt out of, like those wonderful advertisements positioned right above urinals. Captive audience, anyone?
---
The really interesting thing is that of the four links mentioned in "Comments Containing A Copy of the Specification:" 2 were links to a copy, 1 was the actual thing (ACed, of course), and one was talking about possible legal repurcussions to the Samba team if they "unzip ~/ms_kerberos.exe"ed and developed! Ha!
;-)
Is this some sort of legal chaf released to make their "non-case" look like it has a leg to stand on?
Does this mean I've become one of the "Comments Containing A Copy of the Specification:" ? No, not to anyone who understands links
And considering I used a Unix unzip on a file downloaded from MS, it's even from official sources! Hopefully some opensource/free software project will incorporate the changes, to allow interoperability (which is legal under the DMCA). Hooray for legality.
---
Yeah, but you'll have to get some monster fans to cover the noise of the grad students...
:)
Although I think this machine would be the first to pass a turing test
---
"There does exist a prgram that is supposed to convert RPMs to a .tar.gz file that you can simply unzip (in your root directory?) to install the files."
;-) Once it's a tgz, you can use installpkg on it.
I think you mean rpm2tgz, a nice little script that converts rpms to tgz format.. Authored by one Patrick Volkerding, and available with your friendly Slackware distro
---
If you'd read an elengant discourse on the subject, you'd find that without scripting, or similar, you've doomed the user to do multiple, repetitive tasks. Have you ever had to rename 50 files before? That's either a lot of time clicking, typing, and clicking again in an interface (such as the Macintosh's finder, or Windows Explorer), or a few seconds writing a shell script (once you get the hang of shell scripts, of course).
If your interface can't free the user form the original hard work you intended to eliminate (the whole reason to use a GUI in the first place), you're back on square 0. True, a newbie won't know about it, but when they do need it -- it's there.
---
"Doesn't anyone care about SPEEEED!?? :) "
;)
Speed vs. stability. I like to have both, which is why I use Linux. If you want pure speed, I hear Win98 SE is good at crashing rapidly
Sarcasm aside, as a BeOS user, I'd expect you'd be in agreement with the "OSS fanatics" about having drivers and specs for hardware. I can tell you, the main reason I don't use BeOS on workstations around my house is because the driver support level is at OS/2 levels. OpenBSD, Linux, and Windows are the only OSes that support all my hardware. I don't think OpenBSD and Linux support the hardware because companies released binaries, like they do for Windows. >:)
---
"I have NEVER had support like that from any other company."
:-(
Except for Matrox, 3Dfx, and ATI who can release drivers with source. Sigh. Sorry, but I'm rather disillusioned with companies that can't give away the software equivelant of the owners manual.
---