[plug] incase anyone wasnt aware..CERT advisory [ BIND ]

Bernard Blackham bernard at blackham.com.au
Tue Nov 14 22:02:31 WST 2000


On Tue, 14 Nov 2000, Christian wrote:
> No one should be using any program they don't need.  That would seem
> pretty obvious and not just from a security perspective!  But your

Well some would think... My machine has logged some people attempting to
tap into it (on port 137 - 'doze of course...). With one of these attempts
tonight I returned the favour back to the originating machine...

-- case study --
It had about 20 services all running open to attack, and even worse was
one of the user accounts had (has) the domain name as the username and
password... Open sesame.

Even worse still is the database system (MySQL) used root passwords to
access it, and had the root password embedded in the web script (not
visable by just executing it). The password for MySQL and the machine
don't have to be the same, but by how lame the security appears to be I
assume it would be! Open wider sesame.

It's security is so lame it's suspicious... They're a Korean car reseller,
from their website, and one would think they'd have a little more
security. Machine seems to be the stock standard installation of ALZZA
linux (Korean-ised version?) which appears to be based upon RH, although I
could be, and most probably am, wrong.
-- end case study --

Wouldn't it have been common sense to design Linux distros to have the
extra inet services that were included, but you had to enable them to use
them, rather than having them enabled unknowingly and then having finding
how to disable them when you realise you dont need it?



Bernard.

--
 Bernard Blackham
 bernard at blackham.com.au




More information about the plug mailing list