Uh... yep...

IWETHEY v. 0.3.0 | TODO

1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User

Welcome to IWETHEY!

Post #76,596

1/23/03 11:52:46 PM

Uh... yep...

That is what I always do.

You get a sandbox, to play in. Never will you ever get privileged access, unless specifically given. A combo of the tools that exist currently for UNIX in general gives the proper access. For one thing CVS pserver should NEVER be run as a "trusted" user... especially if it has public access. Not a single machine I have setup for production has been able to hammered by a user... except Oracle gobbling up all the Swap Space...

Now my personal machines, I really could care less if you hammer them. They aren't production... (BTW, Scott that rootkit and pr0n server works well...)

Testing machines are just that... testing to see whatif? In the whole time I have been doing this, I have only had 2 machines cracked into. Of the many I have setup. One was before anyone REALLY understood what non-Military firewalls *SHOULD* do... and one when I had just gotten done installing and updating the system... and had installed the base applications and forgot to turn off echo, daytime, etc... and rsh and rcp... oops. Classic exploits waiting to happen. Caught them *ON* the machine. With a root user named "aolsrv" which blended in with the "aolsrvr" untrusted user I was using. Of course, the network cord seemed to fall out of the machine at that point...

But, as the case may be, I call this way of thinking... "(l)usermode" therefore *I* can still get to the machine and fix it, with out it being *SO* hammered I can only hit the big red button. I believe others call it this too...

[link|mailto:curley95@attbi.com|greg] - Grand-Master Artist in IT

[link|http://www.iwethey.org/ed_curry/|REMEMBER ED CURRY!] [link|http://pascal.rockford.com:8888/SSK@kQMsmc74S0Tw3KHQiRQmDem0gAIPAgM/edcurry/1//|ED'S GHOST SPEAKS!]

Heimatland Geheime Staatspolizei reminds:
These [link|http://www.whitehouse.gov/pcipb/cyberstrategy-draft.html|Civilian General Orders], please memorize them.
"Questions" will be asked at safety checkpoints.

Major CVS security hole - (admin) - (35) - Jan. 23, 2003, 12:51:19 PM EST

Red Hat (at least RH8.0) had CVS fix yesterday. -NT - (a6l6e6x) - Jan. 23, 2003, 01:31:26 PM EST

Now who has the job of crawling thru the codebase? - (boxley) - (25) - Jan. 23, 2003, 02:02:53 PM EST

Re: Now who has the job of crawling thru the codebase? - (rickmoen) - (24) - Jan. 23, 2003, 04:42:41 PM EST

Subversion is not ready yet - (tuberculosis) - (23) - Aug. 21, 2007, 12:43:52 PM EDT

Suffer with CVS as long as you like - (rickmoen) - (22) - Jan. 23, 2003, 08:04:42 PM EST

You mean need - (tuberculosis) - (17) - Aug. 21, 2007, 12:44:06 PM EDT

Re: You mean need - (rickmoen) - (16) - Jan. 24, 2003, 01:01:08 AM EST

Re: You mean need - (tuberculosis) - (14) - Aug. 21, 2007, 12:46:47 PM EDT

Re: You mean need - (rickmoen) - (13) - Jan. 24, 2003, 04:25:07 AM EST

ObMyDickIsBiggerThanYours -NT - (Yendor) - (12) - Jan. 24, 2003, 05:07:35 AM EST

Re: ObMyDickIsBiggerThanYours - (rickmoen) - (11) - Jan. 24, 2003, 07:02:00 AM EST

What would I do? - (Yendor) - (6) - Jan. 24, 2003, 07:58:57 AM EST

no its not its Zlife :-) -NT - (boxley) - Jan. 24, 2003, 09:04:51 AM EST

Re: What would I do? - (rickmoen) - (4) - Jan. 24, 2003, 12:01:23 PM EST

Difference of opinion == intellectual dishonesty? - (tuberculosis) - (3) - Jan. 24, 2003, 02:30:19 PM EST

Wow better than hockey -NT - (deSitter) - (2) - Jan. 24, 2003, 02:32:39 PM EST

I went to the fights the other night... - (ChrisR) - (1) - Jan. 24, 2003, 02:35:25 PM EST

ROFL! -NT - (Silverlock) - Jan. 24, 2003, 04:31:45 PM EST

You ought to reread the thread - (tuberculosis) - (3) - Jan. 24, 2003, 09:48:18 AM EST

lrpadism of the year nominee - (drewk) - Jan. 24, 2003, 10:46:02 AM EST

Re: You ought to reread the thread - (rickmoen) - (1) - Jan. 24, 2003, 01:19:38 PM EST

Your post is off topic and should have been moved to... (new thread) - (tuberculosis) - Jan. 24, 2003, 02:27:00 PM EST

Re: You mean need - (deSitter) - Jan. 24, 2003, 11:42:30 AM EST

I would not touch arch with a 10' pole - (ben_tilly) - (3) - Jan. 24, 2003, 03:16:28 PM EST

Re: I would not touch arch with a 10' pole - (rickmoen) - Jan. 25, 2003, 06:34:12 AM EST

Mr. Bad fan club - (rickmoen) - (1) - Jan. 30, 2003, 03:27:31 PM EST

Why doesn't this surprise me? :-/ -NT - (ben_tilly) - Jan. 30, 2003, 07:56:07 PM EST

It's official: UNIX sucks just like Windows - (deSitter) - (7) - Jan. 23, 2003, 04:55:14 PM EST

"Trowelled". -NT - (pwhysall) - (2) - Jan. 23, 2003, 05:11:10 PM EST

Allowed - (deSitter) - (1) - Jan. 23, 2003, 10:51:43 PM EST

Yes... but... - (folkert) - Jan. 23, 2003, 11:13:02 PM EST

Its the services - (tuberculosis) - (2) - Aug. 21, 2007, 12:43:45 PM EDT

Have to disagree - (deSitter) - (1) - Jan. 23, 2003, 11:13:45 PM EST

Uh... yep... - (folkert) - Jan. 23, 2003, 11:52:46 PM EST

OK, get on that and get back to us. -NT - (tseliot) - Jan. 24, 2003, 02:02:20 AM EST

Little fluffy clouds.
69 ms