[96833] in RedHat Linux List

home help back first fref pref prev next nref lref last post

Re: RedHat bugs???

daemon@ATHENA.MIT.EDU (Joshua Levitsky)
Thu Oct 29 14:50:47 1998

Date: Thu, 29 Oct 1998 14:32:46 -0500
To: redhat-list@redhat.com
From: Joshua Levitsky <jlevitsk@mindspring.com>
In-Reply-To: <199810291725.KAA21700@mu.gsnet.com>
Resent-From: redhat-list@redhat.com
Reply-To: redhat-list@redhat.com

If there are administrators and they are putting a new OS on their network
shouldn't they read up on security concerns for that OS and consider
reading the howto/doc/readme files and such? There is plenty of
documentation out there. I could see joe-user setting up the OS and not
bothering with security, but an Admin should be a tad better than that.
Just my $0.02.

-Josh

At 12:35 PM 10/29/98 , you wrote:
>I've recently talked to about 10 or so administrators who were "trying out" 
>Linux on their sites and had their machines broken into by hackers.  All 
>of them were using unpatched distributions of RedHat 5.x, and most of 
>them were shocked by the experience and are wiping Linux off and 
>installing NT.  One guy told me he had a machine running RedHat 5.0 for 
>one day before someone hacked in and installed an IRC bot on it.  I think 
>this is a big concern- this is generating a bad reputation for RedHat and 
>Linux as an insecure environment.  
>
>I think it should really be part of the installation process to inform people 
>how important it is to go to the RedHat site and get the patches.  Then 
>they should be told to read the current security FAQ and subscribe to a 
>mailing list which will warn them of future security problems.  There are 
>lots and lots of people with lots and lots of time on their hands who take 
>advantage of these holes every day, and it's really bad for Linux's 
>reputation.
>
>-Mike
>
>
>
>
>Date sent:      	Thu, 29 Oct 1998 15:56:26 +0100
>From:           	Leo <leonardo@dinamicmultimedia.es>
>To:             	redhat-list@redhat.com, redhat-devel-list@redhat.com
>Subject:        	RedHat bugs???
>
>> Hi all,
>> 
>> I've been using redhat since release 4 (using 5.0 now).
>> Just recently, I was chatting about linux with an individual on an irc
>> channel. Suddenly he started telling me everything I was using on my
>> computer (from the window manager, to irc client --that's easy--,
>> etc...)... Apparently he got into my computer thanks to a bug in
>> redhat's linux distribution (or so he said)... He told me the bug in
>> question is in lpd (among others). He also said that, in order to
>> protect myself, I should disable the printing service, by commenting out
>> the line in /etc/services, but this leaves me without proper printing
>> environment (I have to manually run lpd as root every time I send a job
>> to print).
>> Also, he said redhat's distribution is among the buggiest... said suse
>> is the least.
>> He gave me a program (called strobe), which scans remote computer's open
>> ports, but not the program he used to get into my computer.
>> 
>> Does anybody know if this is true ???
>> If it is, it's very scary!!!
>> 
>> 
>> Thanks in advance,
>> Leo Zayas
>> 
>
>
>
>--
>Mike Bridge <mike@bridgecanada.com>      
>System Administrator
>Global Sourcing Network
>
>
>-- 
>  PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
>		http://www.redhat.com http://archive.redhat.com
>         To unsubscribe: mail redhat-list-request@redhat.com with 
>                       "unsubscribe" as the Subject.

--
Joshua Levitsky, EMTD, MCPS -- Service Desk x7777
Alpha Pager:    (888) 907-8446  /  Voicemail and Fax: (212) 656-1796
Help Desk Professional's visit: http://www.joshie.com/helpdesk/
Computer Sales: http://www.handtech.com/tcweb/jlevitsk/
----------------------------------------------------------------------
Windows 95: n. 32 bit extensions and a graphical shell for a 16 bit
patch to an 8 bit operating system originally coded for a 4 bit 
microprocessor, written by a 2 bit company.


-- 
  PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
		http://www.redhat.com http://archive.redhat.com
         To unsubscribe: mail redhat-list-request@redhat.com with 
                       "unsubscribe" as the Subject.


home help back first fref pref prev next nref lref last post