[96833] in RedHat Linux List
Re: RedHat bugs???
daemon@ATHENA.MIT.EDU (Joshua Levitsky)
Thu Oct 29 14:50:47 1998
Date: Thu, 29 Oct 1998 14:32:46 -0500
To: redhat-list@redhat.com
From: Joshua Levitsky <jlevitsk@mindspring.com>
In-Reply-To: <199810291725.KAA21700@mu.gsnet.com>
Resent-From: redhat-list@redhat.com
Reply-To: redhat-list@redhat.com
If there are administrators and they are putting a new OS on their network
shouldn't they read up on security concerns for that OS and consider
reading the howto/doc/readme files and such? There is plenty of
documentation out there. I could see joe-user setting up the OS and not
bothering with security, but an Admin should be a tad better than that.
Just my $0.02.
-Josh
At 12:35 PM 10/29/98 , you wrote:
>I've recently talked to about 10 or so administrators who were "trying out"
>Linux on their sites and had their machines broken into by hackers. All
>of them were using unpatched distributions of RedHat 5.x, and most of
>them were shocked by the experience and are wiping Linux off and
>installing NT. One guy told me he had a machine running RedHat 5.0 for
>one day before someone hacked in and installed an IRC bot on it. I think
>this is a big concern- this is generating a bad reputation for RedHat and
>Linux as an insecure environment.
>
>I think it should really be part of the installation process to inform people
>how important it is to go to the RedHat site and get the patches. Then
>they should be told to read the current security FAQ and subscribe to a
>mailing list which will warn them of future security problems. There are
>lots and lots of people with lots and lots of time on their hands who take
>advantage of these holes every day, and it's really bad for Linux's
>reputation.
>
>-Mike
>
>
>
>
>Date sent: Thu, 29 Oct 1998 15:56:26 +0100
>From: Leo <leonardo@dinamicmultimedia.es>
>To: redhat-list@redhat.com, redhat-devel-list@redhat.com
>Subject: RedHat bugs???
>
>> Hi all,
>>
>> I've been using redhat since release 4 (using 5.0 now).
>> Just recently, I was chatting about linux with an individual on an irc
>> channel. Suddenly he started telling me everything I was using on my
>> computer (from the window manager, to irc client --that's easy--,
>> etc...)... Apparently he got into my computer thanks to a bug in
>> redhat's linux distribution (or so he said)... He told me the bug in
>> question is in lpd (among others). He also said that, in order to
>> protect myself, I should disable the printing service, by commenting out
>> the line in /etc/services, but this leaves me without proper printing
>> environment (I have to manually run lpd as root every time I send a job
>> to print).
>> Also, he said redhat's distribution is among the buggiest... said suse
>> is the least.
>> He gave me a program (called strobe), which scans remote computer's open
>> ports, but not the program he used to get into my computer.
>>
>> Does anybody know if this is true ???
>> If it is, it's very scary!!!
>>
>>
>> Thanks in advance,
>> Leo Zayas
>>
>
>
>
>--
>Mike Bridge <mike@bridgecanada.com>
>System Administrator
>Global Sourcing Network
>
>
>--
> PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
> http://www.redhat.com http://archive.redhat.com
> To unsubscribe: mail redhat-list-request@redhat.com with
> "unsubscribe" as the Subject.
--
Joshua Levitsky, EMTD, MCPS -- Service Desk x7777
Alpha Pager: (888) 907-8446 / Voicemail and Fax: (212) 656-1796
Help Desk Professional's visit: http://www.joshie.com/helpdesk/
Computer Sales: http://www.handtech.com/tcweb/jlevitsk/
----------------------------------------------------------------------
Windows 95: n. 32 bit extensions and a graphical shell for a 16 bit
patch to an 8 bit operating system originally coded for a 4 bit
microprocessor, written by a 2 bit company.
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com http://archive.redhat.com
To unsubscribe: mail redhat-list-request@redhat.com with
"unsubscribe" as the Subject.