[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-developers] Top Hacker Security Holes...

Subject: [cobalt-developers] Top Hacker Security Holes...
From: "Chief Executive Officer" <ceo@xxxxxxxxxxxxxxxxx>
Date: Tue Jul 4 12:03:53 2000
Organization: Worldwide Beauty Store, LLC

Hi All!

With all of the discussion on this list about BIND, CGI, RPC, SENDMAIL and
the such - I thought that I should point out the hacker vunerabilities and
weaknesses that are often ignored when using such programs.

The vast number of hacker attacks on the web can be attributed to a
realtively small number of security faults on some of the most popular
programs you will find on or will be adding to your Cobalt server.

The number #1 security threat is the Berkeley Internet Name Domain or BIND
for short. This is the most widely used implementation of Domain Name
Service (DNS) or the actual means by which systems are located on the
internet by name with out having to know the actual IP# address.  It has
been know for sometime that versions of BIND have weaknesses that hackers
can use to install back-door programs.  In fact, in 1999 over 50% of all DNS
servers connected to the web were running vunerable versions of BIND.

The #2 server weakness on the internet are those running Common Gateway
Interface or CGI progams - This is a standard that basically sets the rules
for running programs written in a wide variety of languages that provide
interactivity on your webpages. Servers come with sample CGI programs
pre-installed by default that the server admin are unaware of.  However, it
is these programs that the hackers delight in subverting  to break into your
server as they are aware you are not monitoring these programs.  They can
easily set backdoors  or steal proprietory information - email address or
credit card numbers, etc.

The #3 vunerability is Remote Proceedure Call or RPC weaknesses. RPCs allow
programs on one computer to execute programs on a second computer. The
majority of Denial-Of -Service attacks have been launched using this method.

The #4 vunerability is SENDMAIL buffer overflow.  Sendmail is the progrram
that sends, receives and forwards most electronic mail on Linux (Cobalt) and
Unix webservers.  The particular flaws in sendmail and other programs that
may directly afect the security of your Cobalt Linux/Apache  server can be
found at:

http://www.sans.org/topten.htm

I hope that this helps without causing undue paranoia,
Max

References:
- [cobalt-developers] setenv in RPMS?
  - From: Jason Frisch
- Re: [cobalt-developers] setenv in RPMS?
  - From: Tim Hockin
- [cobalt-developers] Raq 3 System Hacked via FTP or IMAPD (slice3)
  - From: Nils Koesters

Prev by Date: [cobalt-developers] list.config file ignored by html contained posts
Next by Date: Re: [cobalt-developers] Raq 3 System Hacked via FTP or IMAPD(slice3)
Previous by thread: Re: [cobalt-developers] Raq 3 System Hacked via FTP or IMAPD(slice3)
Next by thread: [cobalt-developers] iBill and RaQ2

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index