[1792] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: Re: Checking remote servers

daemon@ATHENA.MIT.EDU (ArthaXerxes)
Wed May 27 10:17:46 1998

Date: Wed, 27 May 1998 13:17:56 +0200
From: ArthaXerxes <xerxes-axx@altern.org>
To: linux-security@redhat.com
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com

At 18:47 12/05/98 -0400, you wrote:

>With the number of insecure machines out there, unless you had some REALLY
>valuable data, I can't see a hacker going through enough trouble to
>rewrite parts of the kernel to cover their tracks.  I think it they would
>probably just go find a less secure machine.

I disagree, to an extend.
Hacking an insecure machine is not a challenge, experimented hackers like
difficulty. Furthermore, it is a good thing to experience on not sensible
servers some attack scheme to reproduce them on major servers, that do not
have the same sense of humor.


Anyway, if you are really hacked by a l33t hacker, he will not damage your
system, and he may even mail you a fix if he is in a good mood.
It is oubvious that if you are the keeper of valuable data, you cannot even
allow such intrusion.

Of course, those who just try /cgi-bin/php?/etc/passwd and classic holes
without really understanding what they are doing will not cause you problem
if you are doing your job seriously.

But, well, I have seen military servers that let the shadowed password file
accessible via anonymous ftp (and the passwords worked), so I suppose
everything is possible...

---

ArthaXerxes - network hacker/hunter
Evaluation of your security for free and without any prior request.

ArthaXerxes' Archive > http://altern.org/xerxes/
        SMI FAQ b=EAta > http://altern.org/xerxes/smi/

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
  mail -s unsubscribe linux-security-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post