[plug] Fw: I am so sorry!Your hosts was hacked!

Simon Scott simon.scott at flexiplan.com
Mon Apr 9 10:22:45 WST 2001 

	Given enough time, any machine on the net could be compromised.

	Just how many machines do these people need? How likely is it that
if your box is compromised that it would be used for anything at all?

	Its a game for most hackers, just to see if they can... the result
of compromising your box is that they move on and try to compromise the
next. Mostly they do no damage, and if they do, it is a simple case of
ghosting your 'known-good' root image, restoring /home from tape and
upgrading the offending service. Then sit around waiting for the next hole
to be found.

	And if they were really serious about using your box, would they
alert you to the fact that its been compromised? Most peoples reaction would
be to drop the box off the breeze and reinstall with something newer. What
does this achieve? They lose access, until they compromise it next time.
Hell, Im at work most of the day and some days I dont even go downstairs to
use my boxen. My server could be compromised and used in a DOS attack in
between me being there. Does that make me liable? If I spend 24x7 trying to
maintain security and my box is still used for something sinister, am I
still liable? Is my liability level a direct relation to the versions of
stuff I had install at the time?

	I get 3-4 attacks on my machine a week, mostly an obvious buffer
overflow attempt on identd or some other service.

	I retain my stance of 10 years ago - if its important, it shouldnt
be on the net. There is no guarantee of security, and if nothing sensitive
is on the net then it doesnt matter if my box is compromised or not. Why do
NASA have anything on the net that may be sensitive? You are NEVER going to
be 100% secure. Someone will ALWAYS be able to compromise your box. So why
play the game?

	To me it is a bigger social issue of why these 14 yr olds have
nothing else to do with their time. One benefit I suppose is that they
probably get good training in unix/networking along the way. The bad
side-effect is that most people have an irrational over-reaction about
securing the magnetic bits on their harddrives. People are wasting their
lives staring at errata sites waiting for some security issue or another,
trying to stay ahead of the competition. SOOO much time is wasted that would
be better used constructively. So I refuse.

	Most people today, even experienced admins, dont have a clue about
security. Especially in MS circles, security is sold as a product (Firewall
XYZ) but in reality it is a long and hard process of trying to keep
up-to-date. And even then there are no guarantees. I would hazard a guess
that most sites on the net are run by some buffoon without a clue, and are
just waiting to be compromised.

	So why should I care about my little p100 sitting on an adsl link?






	From:	Matt Kemner <zombie at wasp.net.au> on 09-04-2001 09:54 AM
	Please respond to plug at plug.linux.org.au@SMTP at Exchange
	To:	plug at plug.linux.org.au@SMTP at Exchange
	cc:	 

	Subject:	Re: [plug] Fw: I am so sorry!Your hosts was hacked!

	On Mon, 9 Apr 2001, Simon Scott wrote:

	> 	Ask yourself 1 question..... do you really care?

	Simon, you had better care.
	The main reason for someone wanting to crack your box, no matter how
	pitiful it is, is to use it as a launchpad to either break into
somewhere
	else, or flood someone else's network (Denial of Service)

	You are responsible for anything that comes from a machine that is
	supposed to be under your control, so it is you that will be talking
to
	the authorities if it happens.

	Just a few days ago I got a notice from one of my suppliers saying
that
	someone on IP address such and such at such and such time attempted
to
	crack one of NASA's sites, and would I be so kind as to terminate
the
	customer's account immediately, but to keep their details and await
to be
	contacted by the appropriate authorities.

	As it was, I happen to know said customer really well, and I knew
there
	was no chance of them being responsible - and I also knew they were
using
	a very old version of RedHat on their gateway (not installed by me)
	and that the chances are very high it was broken into and use by
someone
	else - and my supplier was happy with my assurance that said machine
would
	be taken off-line immediately and formatted/installed an up-to-date
	version of Linux before being put back online.

	If I hadn't known the customer that well, they would have found
themselves
	without Internet access and with a whole lot of explaining to do.
	 
	Anyway, sorry for the rant, don't take it too personally, I'm just
	concerned that so many people are blasé about the whole security
thing
	when it should be a top priority for everyone.

	 - Matt




**********************************************************************
This email and any files transmitted with it are confidential and 
intended solely for the use of the individual or entity to whom they   
are addressed. If you have received this email in error please notify 
the system manager.

This footnote also confirms that this email message has been swept by 
MIMEsweeper for the presence of computer viruses.

www.mimesweeper.com
**********************************************************************

More information about the plug mailing list