| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: JDossey at deltahealthgroup.com (Jon Dossey) Subject: Is www.sco.com hacked Ethical? > This bodes well for the Cyberguard Stock which depends on > SCO UNIX as it's engine for the firewall. Well again a prank, > as such, but this helps destroy the reputation of many companies. I think they did a pretty good job of destroying their reputation all by themselves. > The person(s) if and when they're found and they will be(sociopath), feels > no > responsibility. Ok well, how was this an ethical attack? It attacks > the stock holders, people who work for the companies affected and the > persons > responsible deserve whatever legal recourse the company has when they find > this clown(s). You sure do know a lot about this person, considering at this point they're completely anonymous. Maybe they take complete responsibility, but believe its for the greater good? Maybe they're completely ready to face criminal charges. Maybe they'll turn themselves in tomorrow and apologize for their grievous mistake? Neither you or I have any idea. The difference is that I don't assume to know. > It is rather amusing, as was the RSA web attack, CIA etc. but the broader > implications are that the companies involved are a security risk, though > they are not, they will be perceived as one. Those aren't security risks? Are you familiar with the internal design of SCO's network? If their web servers are vulnerable, what else is? You've got no factual basis for any of your claims. > Again, I don't agree with SCO and their lawsuits, though some of them > may have some basis for patent or copyright infringement. I do believe > they give > a useful alternative for UNIX. I think Linux and BSD make much better UNIX alternatives, don't you? > For certain smaller companies they provide > a valuable service to > the community. This will only help put a nail in the coffin in a > struggling company that does > provide an alternative. I have no SCO stock, ok. I do believe the > alternatives are needed to > check the megaliths like our friendly M$, Apple and others. How many small companies can afford SCO's Unixware? Not many I'd guess. Do you realize in how few arenas SCO competes directly with M$ and Apple? > Oh well the fun continues in the absurd world of data security or > insecurity. And how did they hack it > did someone just leave the permissions on the files open or some other > mischief. *blank stare* Regardless of whether or not they "leave the permissions on the files open" or not, the machine still had to be compromised. Look I just chmod 777 a suid root copy of the bash shell! Come root my webserver! > Anyone have a clue on this? Or was a DNS redirection? At this point, I assume your guess is as good as anyone (outside of SCO and the attacker). .jon __________________________________________________________________________ "The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential, proprietary, and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers."
Powered by blists - more mailing lists