[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [[cobalt-users] Server Hacked?]

Subject: Re: [[cobalt-users] Server Hacked?]
From: Kris Dahl <kris@xxxxxxxxxxxxx>
Date: Mon Feb 14 14:05:15 2000

Back in my younger days (read: 5 years ago) a local university university
had several digital unix machines that we used to be able to waltz in, snag
the password file, crack a couple hundred passwords.  It was more of a
exercise in security than anything, but it wasn't hard to do.

They didn't have a security problem then, really, either, but it doesn't
mean that their system was secure.  I know that a lot of people were using
cracked accounts on that machine.  Most of the people in that day an age
were stoked just to have a shell account on a decent connect, so they kept
it on the down low.  But nowadays, that isn't as rare as it used to be, so I
think the effects are more disastrous.  Its the difference between us back
then and the script kiddies now days.  But whatever.

If that machine is on the Internet--it can be cracked.  Regardless of
weather it has telnet access or not.  But by limiting the telnet access you
certainly plug a lot of wholes.  Its the nature of the beast--Linux has
excellent remote control abilities--but that also means it can be remote
controlled for harm as well as good.

-k

on 2/14/00 1:38 PM, Jeff Lasman at jblists@xxxxxxxxxxxxx wrote:

> Manuel,
> 
> Let me have a telnet account on any of your Cobalt servers.
> 
> Give me written permission to destruct-test your system for vulnerabilities.
> 
> Give me ten minutes.
> 
> I promise you'll have a system with a blank hard disk.
> 
> That's a promise.
> 
> Just because no one's done it yet doesn't mean it can't be done.
> 
> Jeff
> 
> At 08:14 AM 2/14/00 +0100, you wrote:
>> Hello all,
>> 
>> I still have some comments to the telnet discussion. I am at the
>> University of Saarbruecken (Germany) here. There are about 15.000 students
>> here and almost 75% have an internet account, private homepage, email
>> address and so on.
>> 
>> Moreover, ALL of them have a telnet account to the universities server and
>> as far as I know there was no security problem yet.
>> 
>> I don't know why but at it seems telnet isn't as insecure as we all are
>> afraid of...
>> 
>> Manuel
> 
> --
> Jeff Lasman <jblists@xxxxxxxxxxxxx>
> 
> 
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>

References:
- RE: [[cobalt-users] Server Hacked?]
  - From: Jeff Lasman

Prev by Date: [cobalt-users] Perl ERROR: 13 Permission denied
Next by Date: [cobalt-users] configuration files which are backuped via the cobalt backup
Previous by thread: RE: [[cobalt-users] Server Hacked?]
Next by thread: Re: [[cobalt-users] Server Hacked?]

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index