[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] URGENT Hacking
- Subject: RE: [cobalt-security] URGENT Hacking
- From: Gossi The Dog <gossi@xxxxxxxxxxxxxx>
- Date: Fri, 8 Sep 2000 21:53:52 +0100 (BST)
On Fri, 8 Sep 2000, Chris Weiss wrote:
> -----Original Message-----
>
> [Snipped]
>
> It would be nice if Cobalt hadn't removed ipchains from their
> distribution, as this would aid greatly in blocking things like this.
> --------------------------------------------------------------------
>
> You can install ipchains very easily. I have on my machines. You can also
> download and install the 2.2.14c11 kernel from Cobalt and compile it with
> whatever options you want or need (you should remove some of the default
> crap and other options).
<snip>
Where from?
Also, are there any issues to watch out for?
And finally (this is beginning to sound like a Q&A session), have you
tried moving a Cobalt up to a non-specific Cobalt kernel manually (eg
2.2.18 or 2.4.0-testX or whatever).
This are all things that'd very much like to try, but at the same time
don't want to shaft our Cobalt.
Cheers for any answers here...
> On another note.... all of your objections to my original post were correct.
> It is hard not to write a dissertation on security. When you get into the
> special case of writing trojans and using buffer overflow exploits, the
> whole idea of protecting access on a service level goes out the window. Any
> general rule you write will have exceptions.
Well, I agree. I admit I went into rant mode (again) a bit...
> I disagree with the statement that Linux security is crap because you make
> it sound like Linux is especially easy to hack. I believe all operating
> systems have crappy security out of the box. I have yet to work with a
> platform or an OS that was simply turn on the box and sleep easy. My NT box
> before I put it behind my firewall had been hacked multiple times in spite
> of implementing every patch and trick I could find. Without a proxy or a
> firewall, NT is very vulnerable. At least Linux can be hardened without an
> intervening box.
Heh, I've never made the statement that NT is secure :)) I still consider
things like the automatic locking of accounts as 'basic security',
however.