IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

IWETHEY Home / IWETHEY Board / Security Forum / Its the services
Post #76,494
by tuberculosis
Picture of tuberculosis
1/23/03 7:05:09 PM
8/21/07 12:43:45 PM
Reply
New Its the services
Not the system architecture.

Some services weren't designed with security in mind. A good unix uses secure shell, not rlogin, scp, not rcp, sftp, not ftp, and no telnet.

Pserver is just another service - thats not secure. So don't use it if you're on the outside. CVS works equally well over ssh.



I think that it's extraordinarily important that we in computer science keep fun in computing. When it started out, it was an awful lot of fun. Of course, the paying customer got shafted every now and then, and after a while we began to take their complaints seriously. We began to feel as if we really were responsible for the successful, error-free perfect use of these machines. I don't think we are. I think we're responsible for stretching them, setting them off in new directions, and keeping fun in the house. I hope the field of computer science never loses its sense of fun. Above all, I hope we don't become missionaries. Don't feel as if you're Bible salesmen. The world has too many of those already. What you know about computing other people will learn. Don't feel as if the key to successful computing is only in your hands. What's in your hands, I think and hope, is intelligence: the ability to see the machine as more than when you were first led up to it, that you can make it more.

--Alan Perlis
Expand Edited by tuberculosis Aug. 21, 2007, 12:43:45 PM EDT
Expand All History
Post #76,576
by deSitter
Picture of deSitter
1/23/03 11:13:45 PM
Reply
New Have to disagree
There should never be a way to simply drop into an administrative mode. The implementation of user context is broken in the context of networks. You can't blame the inventors for not foreseeing these things. The only workable solution is to give every user a VM, not a shell.

-drl
Post #76,596
by folkert
Picture of folkert
1/23/03 11:52:46 PM
Reply
New Uh... yep...
That is what I always do.

You get a sandbox, to play in. Never will you ever get privileged access, unless specifically given. A combo of the tools that exist currently for UNIX in general gives the proper access. For one thing CVS pserver should NEVER be run as a "trusted" user... especially if it has public access. Not a single machine I have setup for production has been able to hammered by a user... except Oracle gobbling up all the Swap Space...

Now my personal machines, I really could care less if you hammer them. They aren't production... (BTW, Scott that rootkit and pr0n server works well...)

Testing machines are just that... testing to see whatif? In the whole time I have been doing this, I have only had 2 machines cracked into. Of the many I have setup. One was before anyone REALLY understood what non-Military firewalls *SHOULD* do... and one when I had just gotten done installing and updating the system... and had installed the base applications and forgot to turn off echo, daytime, etc... and rsh and rcp... oops. Classic exploits waiting to happen. Caught them *ON* the machine. With a root user named "aolsrv" which blended in with the "aolsrvr" untrusted user I was using. Of course, the network cord seemed to fall out of the machine at that point...

But, as the case may be, I call this way of thinking... "(l)usermode" therefore *I* can still get to the machine and fix it, with out it being *SO* hammered I can only hit the big red button. I believe others call it this too...
[link|mailto:curley95@attbi.com|greg] - Grand-Master Artist in IT
[link|http://www.iwethey.org/ed_curry/|REMEMBER ED CURRY!]   [link|http://pascal.rockford.com:8888/SSK@kQMsmc74S0Tw3KHQiRQmDem0gAIPAgM/edcurry/1//|ED'S GHOST SPEAKS!]
Heimatland Geheime Staatspolizei reminds:
These [link|http://www.whitehouse.gov/pcipb/cyberstrategy-draft.html|Civilian General Orders], please memorize them.
"Questions" will be asked at safety checkpoints.
     Major CVS security hole - (admin) - (35) - Jan. 23, 2003, 12:51:19 PM EST
         Red Hat (at least RH8.0) had CVS fix yesterday. -NT - (a6l6e6x) - Jan. 23, 2003, 01:31:26 PM EST
         Now who has the job of crawling thru the codebase? - (boxley) - (25) - Jan. 23, 2003, 02:02:53 PM EST
             Re: Now who has the job of crawling thru the codebase? - (rickmoen) - (24) - Jan. 23, 2003, 04:42:41 PM EST
                 Subversion is not ready yet - (tuberculosis) - (23) - Aug. 21, 2007, 12:43:52 PM EDT
                     Suffer with CVS as long as you like - (rickmoen) - (22) - Jan. 23, 2003, 08:04:42 PM EST
                         You mean need - (tuberculosis) - (17) - Aug. 21, 2007, 12:44:06 PM EDT
                             Re: You mean need - (rickmoen) - (16) - Jan. 24, 2003, 01:01:08 AM EST
                                 Re: You mean need - (tuberculosis) - (14) - Aug. 21, 2007, 12:46:47 PM EDT
                                     Re: You mean need - (rickmoen) - (13) - Jan. 24, 2003, 04:25:07 AM EST
                                         ObMyDickIsBiggerThanYours -NT - (Yendor) - (12) - Jan. 24, 2003, 05:07:35 AM EST
                                             Re: ObMyDickIsBiggerThanYours - (rickmoen) - (11) - Jan. 24, 2003, 07:02:00 AM EST
                                                 What would I do? - (Yendor) - (6) - Jan. 24, 2003, 07:58:57 AM EST
                                                     no its not its Zlife :-) -NT - (boxley) - Jan. 24, 2003, 09:04:51 AM EST
                                                     Re: What would I do? - (rickmoen) - (4) - Jan. 24, 2003, 12:01:23 PM EST
                                                         Difference of opinion == intellectual dishonesty? - (tuberculosis) - (3) - Jan. 24, 2003, 02:30:19 PM EST
                                                             Wow better than hockey -NT - (deSitter) - (2) - Jan. 24, 2003, 02:32:39 PM EST
                                                                 I went to the fights the other night... - (ChrisR) - (1) - Jan. 24, 2003, 02:35:25 PM EST
                                                                     ROFL! -NT - (Silverlock) - Jan. 24, 2003, 04:31:45 PM EST
                                                 You ought to reread the thread - (tuberculosis) - (3) - Jan. 24, 2003, 09:48:18 AM EST
                                                     lrpadism of the year nominee - (drewk) - Jan. 24, 2003, 10:46:02 AM EST
                                                     Re: You ought to reread the thread - (rickmoen) - (1) - Jan. 24, 2003, 01:19:38 PM EST
                                                         Your post is off topic and should have been moved to... (new thread) - (tuberculosis) - Jan. 24, 2003, 02:27:00 PM EST
                                 Re: You mean need - (deSitter) - Jan. 24, 2003, 11:42:30 AM EST
                         I would not touch arch with a 10' pole - (ben_tilly) - (3) - Jan. 24, 2003, 03:16:28 PM EST
                             Re: I would not touch arch with a 10' pole - (rickmoen) - Jan. 25, 2003, 06:34:12 AM EST
                             Mr. Bad fan club - (rickmoen) - (1) - Jan. 30, 2003, 03:27:31 PM EST
                                 Why doesn't this surprise me? :-/ -NT - (ben_tilly) - Jan. 30, 2003, 07:56:07 PM EST
         It's official: UNIX sucks just like Windows - (deSitter) - (7) - Jan. 23, 2003, 04:55:14 PM EST
             "Trowelled". -NT - (pwhysall) - (2) - Jan. 23, 2003, 05:11:10 PM EST
                 Allowed - (deSitter) - (1) - Jan. 23, 2003, 10:51:43 PM EST
                     Yes... but... - (folkert) - Jan. 23, 2003, 11:13:02 PM EST
             Its the services - (tuberculosis) - (2) - Aug. 21, 2007, 12:43:45 PM EDT
                 Have to disagree - (deSitter) - (1) - Jan. 23, 2003, 11:13:45 PM EST
                     Uh... yep... - (folkert) - Jan. 23, 2003, 11:52:46 PM EST
             OK, get on that and get back to us. -NT - (tseliot) - Jan. 24, 2003, 02:02:20 AM EST

A vacation you’ll talk about for years to come, at AA meetings.
154 ms