Re: [[cobalt-users] Server Hacked?]

["Richard E. Perlotto II" <richard@xxxxxxxxxxxx>]

If you are truly interested in having the security of your machine tested,
there are a lot of different scan tools available (nmap is one of the better).
If you have bucks, pay someone to review your configuration or attempt
penetration tests.  There are many consulting groups that do this for a living.
If you need some name, let me know, but none of them are cheap.  Expect $250/hour
for this type of work.


Richard

Joe Kerns wrote:
> 
> > From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
> >
> > In case anyone's planning to take me up on the offer, it was actually made
> > tongue-in-cheek; I don't want to try to break into anyone else's
> > system(s).  The liability is too great.
> >
> > Jeff
> 
> Come on, please, we want a play-by-play!
> 
> I think it would be wise of us all to take note of security issues that are raised and do what we can to implement
> a fix or protect against these risks, a laissez-faire (sp?) attitude of "Well, 15 GaBillion people had my root
> password, but they were all cool enough not to F&*( with my machine so it must be OK" is not a wise decision. Too
> many of those script-kiddies everyone refers to.
> 
> If this many people say telnet is bad, then log into your machine as one of your users and see what you can do. I
> guess by giving telnet access your essentially letting someone sit down at your computer and saying have at it.
> Even if the person that you give access to has the most integrity and is your best-friend, was highly competent,
> and would never screw you, it doesn't matter because anyone that knows anything can listen for your best bud to
> login via telnet, swipe the username/pw and their off. Maybe all these people have a point...
> 
> Joe
> 
> BTW, I turned off telnet a long time ago after installing ssh 1.22.27 (I think)
> 
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-users