[cobalt-users] Security Curiosity

[Goetz Lohmann <goetz.lohmann@xxxxxx>]

Quite a time I watching this list and its funny ... most people scared about
being hacked and try to log anything ... ssh logins, telnet logins, this and
that. Today if you were hacked by a Script Kiddy its finished within seconds !
No email of SSH login will help nor it will ever be listed in such logs.
Most of this are made through an buffer overflow, which drops a direct shell
acces or run a script. A buffer overflow means by the way that this program
smashes and might not log further things happen. So what do you think you
get in the logs ? By the way some scripts do a "rm -f" at the /var/log dir
... nothing left. Most scriptkiddys today don't care even if something is
locked, it's just rooted with changed passwords an unavailable to the admin.

Maybe it's good to know what's going on ... so logs are neccessary ... but
don't think it would help you in any way if you where hacked. Even if you got
an IP, maybe this could be facked. Or even this Kid couldn't made responsible
for what it does.

try read this: http://grc.com/dos/grcdos.htm

So what I try to tell you ? ... take care of system updates, cause in 99% of
all cases the reason of being rooted is that someone forgot to run the
recent patches. Scan for bugs and exploitds, only install the minimum which
is neccessary and close open ports. Prevent an exploitd, everything after
is mostly a waste of time and money.

maybe just read
http://archive.infoworld.com/articles/hn/xml/02/05/02/020502hngartner.xml
http://grc.com/su-danger.htm
http://www.securityfocus.com/
...

take care of you !

regards

-- 

¸,ø¤°`°¤ø,¸_¸,ø¤°`°¤ø,¸_¸,ø¤°°¤ø,¸_¸,ø¤°`°¤ø,¸_¸,ø¤°°¤ø,¸

Götz Lohmann  |  D-Mannheim  |  Web-Developer & Sys-Admin
---------------------------------------------------------
He's the fellow that people wonder what he does and why
the company needs him, until he goes on vacation.
¸,ø¤°`°¤ø,¸_¸,ø¤°`°¤ø,¸_¸,ø¤°°¤ø,¸_¸,ø¤°`°¤ø,¸_¸,ø¤°°¤ø,¸