[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] how do the hackers find your Raq?

Subject: Re: [cobalt-users] how do the hackers find your Raq?
From: "APS - Security Consultants" <sculthorpe@xxxxxxxxxxxxx>
Date: Thu May 31 01:40:04 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

"
The dictionary disagrees, and so do I.

hack1 (hk)
v. hacked, hack·ing, hacks 
v. tr.
To cut or chop with repeated and irregular blows: hacked down the saplings. 
To break up the surface of (soil). 

Informal. To alter (a computer program): hacked her text editor to read HTML. 
To gain access to (a computer file or network) illegally or without authorization: hacked the firm's personnel database. "

---

You seem to be overstating the obvious, we all know the term hackers is
debatable, it is however still applicable and appropriate to use the term in
a negative light, after all there are good 'hackers' and bad 'hackers' right !

Anyway, to answer the question 'hackers / crackers' most often target, the
most vulnerable 'group' of operating systems and common applications and
services which run on them.

which for the most part is :-

1 Windows
2 UNIX / Linux

They usually don't care what kind of machine it is because a script can
simply go out and probe thousands of systems a night for the most popular
vulnerabilities at the given time.

If you think about it it makes a lot of sense for them to do this :-

1. Target the most popular O/S and Applications
2. Run script to scan IP blocks for easily exploitable vulnerabilities
3. Compromise vulnerable systems and set up camp for further attacks
4. Steal any valuable information asset

Therefore, it makes a LOT of sense to change default ports of running
services and to ensure all known security vulnerabilities on your system
are patched, regardless of being a Cobalt or not.

Even more unfortunate is the fact that a smart 5 year old could go out and
learn how to do the above, if you don't fix the 'common vulnerabilities' you
WILL be caught out at some point due to the nature of the most common
form of attack.

Regardless of script kiddies if someone is determined to gain access to your
system then I honestly believe they have a VERY good chance of doing so, in
fact I know it is the case from past experience.

Adam

Internet Security Consultant

*********** REPLY SEPARATOR  ***********

On 31/05/2001 at 11:31 Ryan J. Smith wrote:

>> <snip>
>> > > but how do the hackers find your
>> > > vunerable Raq?  Do they just scan a whole whack of IPs and hope
>some of
>> > > them are cobalt machines?
>> </snip>
>
>I believe we have our terms a bit confused.  *Hacking* is just
>programming, as in "hacking away at this program I'm writing".  A hacker
>is a programmer.  *Cracking* is the act of penetrating a system's
>security measures, as in "I cracked your box".  A hacker that breaks
>into other people's computers is also a cracker, but not since the early
>days of computing have most crackers been hackers.  In fact, most
>crackers I've known have no idea how to program, and are therefore *not*
>hackers, and calling them hackers is an insult to "real hackers"
>everywhere.
>
>We (the geek community, among which may include hackers and possibly
>crackers lurking about our discussions to find new ways to exploit a
>system) call those people "script kiddies", because they are usually
>just some punk kid running a script someone else (a real hacker who's
>evidently also a cracker) wrote and posted somewhere nefarious (like
>l0pht.com or somewhere accessible via astalavista.box.sk) for the
>would-be script kiddies to use to *crack* your box.  Unfortunately some
>script kiddies are so clueless, they actually do leave messages around
>on machines they cracked (by running a script someone else wrote...big
>deal) that say "this machine was _hacked_ by [insert silly gang-like
>name here]", because they, not knowing thing one about programming, have
>no idea that they're misusing a term as ancient as the UNIVAC.
>
>In fact, I've heard the otherwise benevolent term "hacker" extended into
>other things, such as the guy that works on your automobile being
>referred to as a car hacker.  I think it's like the difference between
>nerd and geek.  The common interpretation of the word nerd, as I have
>known it is "a person of an above-average intelligence who is socially
>inept".  A geek is an expert, possibly a guru at something.  You may be
>a computer geek (and not a nerd) as Margaret Thatcher is a geek of
>government or Alan Greenspan is a geek of economics.  Professor Frink
>(on The Simpsons) would be both nerd and geek, "what with the lab
>outfit, and the lack of social graces, and the pain and the hurting and
>the claven..." (my sincerest apologies to 20th Century Fox, Gracie
>Films, Matt Groening and Hank Azaria for that last bit).
>
>--
>Ryan J. Smith ("Rizzo")
>rizzo@xxxxxxxxxxxx
>
>
>_______________________________________________
>cobalt-users mailing list
>cobalt-users@xxxxxxxxxxxxxxx
>To Subscribe or Unsubscribe, please go to:
>http://list.cobalt.com/mailman/listinfo/cobalt-users

e

References:
- RE: [cobalt-users] how do the hackers find your Raq?
  - From: Jay Fesco
- Re: [cobalt-users] how do the hackers find your Raq?
  - From: Ryan J. Smith

Prev by Date: RE: [cobalt-users] how do the hackers find your Raq?
Next by Date: RE: [cobalt-users] how do the hackers find your Raq?
Previous by thread: Re: [cobalt-users] how do the hackers find your Raq?
Next by thread: RE: [cobalt-users] how do the hackers find your Raq?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index