[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] RE: 'On my Soap Box'
- Subject: Re: [cobalt-security] RE: 'On my Soap Box'
- From: "Norm Duncan" <norm@xxxxxxxxxxxxxxx>
- Date: Sun, 11 Mar 2001 13:47:26 -0800
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Please add me to the list of RAQ owners who are finding out that the buying of the box and initial setup is the easy part. After having my RAQ3 hacked twice in 11 months, I need help. Need to re-install OS on the 3 and and add some better protection to my RAQ4r as needed. Is there a wizard out there who is available for such work? I have neither the knowledge nor the time.
Norm D
*********** REPLY SEPARATOR ***********
On 3/6/2001 at 9:00 PM John Bailey wrote:
>On Tue, 6 Mar 2001, Mark Anderson wrote:
>
>> Infact the opposite is true - there is such
>> a wealth of information available that admins have no excuse
>> for having bad security. To be a good hacker/cracker (choose
>> your media buzzword)
>
>There is a difference between the widely accepted definition of 'hacker'
>and that of 'cracker', you know.
>
>> the attacker has to have a level of skill
>> and knowledge that exceeds that of the admin.
>
>There are other issues to take into account though. For example, after
>the bind problems came to light, it took Cobalt 3(?) days to get upgraded
>.pkg files out (please note I'm not having a go at Cobalt here). During
>those three days, many RaQs and Qubes all over the net remained
>vulnerable. More knowledgable(?) admins had compiled their own
>replacements the minute they heard about the problem, but many admins
>don't know how to wield a "./configure ; make install". I think that this
>problem is more widespread on Cobalt machines, as they're sold on a 'you
>can administer it all though this web interface' basis. I know of a lot
>of people who got a harsh lesson in reality during those days, either by
>getting their machines compromised, or by being forced to learn admin
>tasks they hadn't originally thought they'd need.
>
>> An attacker sees the same mail on Bugtraq and tries it on a few
>> machines to see what he can get with a little effort. Not only
>> is it likely that the exploit code will have been gutted and
>> cease to actually work, but the attacker would need an equal
>> skill level as the original coder to fix it.
>
>I'd say that that depends on how badly the code's been gutted ... but
>aside from that, I don't think that most script kiddies are in the habbit
>of collecting code from bugtraq. They let someone else do the hardwork
>(be it writing the exploit or correcting kludged code) then they just
>point and root.
>
>> What I'm trying to point out is that protecting a server is
>> fall-off-my-chair-laughing easy. However to be a remotely good
>> attacker, it takes time, skill, intellect and a few drops of
>> luck.
>
>I take issue with that point in it's entirity. For a start, not all bugs
>get posted to BugTraq straight away .. how can you patch against bugs
>you're unaware of ? Even given that you know that a vulnerability exists
>and needs patching, it's only easy to you because you're familiar with
>linux. As I think everyone on this list should be painfully aware, it
>can take no skill at all to be an effective cracker. Kits such as Ramen,
>which are self propogating are a case in point.
>
>The bottom line that is all comes down to is (and this is quoted from a
>source I don't remember) that the admin has to be lucky all the time, the
>cracker only once.
>
>To take a better known quote to finish .. "Your confidence is your
>weakness".
>
>John
>
>_______________________________________________
>cobalt-security mailing list
>cobalt-security@xxxxxxxxxxxxxxx
>http://list.cobalt.com/mailman/listinfo/cobalt-security
o