[1794] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: Re: Checking remote servers

daemon@ATHENA.MIT.EDU (Joey Mitchell Comeau)
Thu May 28 02:17:04 1998

Date: Wed, 27 May 1998 13:30:06 -0300 (ADT)
From: Joey Mitchell Comeau <aw096@chebucto.ns.ca>
In-reply-to: <1.5.4.32.19980527111756.006642a4@altern.org>
To: linux-security@redhat.com
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com


Hi there. just a quick note.

> Anyway, if you are really hacked by a l33t hacker, he will not damage your
> system, and he may even mail you a fix if he is in a good mood.

That is a gross generalization. Just because someon has (well, whatever 
it is that hackers have, be it talent or just technical knowledge.) does 
not mean that they will all fit the same moral profile. There are plenty 
of talented assholes out there. they may even outnumber your "l33t 
hacker" 's

> It is oubvious that if you are the keeper of valuable data, you cannot even
> allow such intrusion.

Nor can you stop it before it happens. New security holes and bugs are 
found all the time. Odds are that someone out there(leet's?) will know 
about them before it gets posted to bug-traq or linux-security.
	But you should take all the precautions you can if you are in 
charge of confidential valuble info.(or it shouldn't be available via the 
net. standalones are the only 100% unhackable computer types  i know.)

> Of course, those who just try /cgi-bin/php?/etc/passwd and classic holes
> without really understanding what they are doing will not cause you problem
> if you are doing your job seriously.

I believe that it is phf  :P
If you are doing your job seriously phf would not be there. and your 
/etc/passwd would be shadowed.


> But, well, I have seen military servers that let the shadowed password file
> accessible via anonymous ftp (and the passwords worked), so I suppose
> everything is possible...

Why wouldn't they?


Joey Comeau.
aw096@chebucto.ns.ca

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
  mail -s unsubscribe linux-security-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post