lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Tue, 30 Sep 2008 16:38:50 +0100
From: Kyrian <kyrian@....org>
To: Valdis.Kletnieks@...edu
Cc: full-disclosure@...ts.grok.org.uk
Subject: US military & motd files... Re: Supporters urge
 halt to, hacker's, extradition to US

Valdis.Kletnieks@...edu wrote:
> On Mon, 29 Sep 2008 21:44:22 BST, Kyrian said:
>
>   
>>>   A message left by him on a system:
>>>   
>>>       
>> Changing the /etc/motd file or equivalent is hardly costly, and hardly 
>> massive damage, no? Hypothetically speaking, if I wanted to do as little 
>> damage as possible and make someone get the message I'd been in there, 
>> that's probably what I'd do.
>>     
>
> Look at it from the other end.  You logon one day, and find that person or
> persons unknown have screwed with your /etc/motd file.
>   
You are quite right, of course. In that particular instance I wasn't 
seeking to make a technical argument per se,
I was more focused on any plausible intent, as that seems to be central 
to at least some people's arguments.

I apologise if that threw anyone with the context switching. This one's 
nearly back on topic to tech/security...

Personally on a server that I knew was meant to be secure, and had made 
an effort to secure for the long term , I would make sure that there 
were two separate checksum databases for every binary file on the 
system, and hence be able to verify anything "important" had not been 
tampered with, without having to rely on file timestamps, which I (like 
most on this list) know can be unreliable after a compromise.

I've not to date seen any server maliciously attacked where the binaries 
or files and processes involved were not either 'important' or 
'obvious'. Perhaps I have not run into a high enough calibre of hacker? 
(NOT an invitation ;-).

However. back to the point... One would have assumed that the US 
military would have taken explicit steps to secure their systems by 
default, perhaps until this very email thread??? The implications of 
them not even making such an effort are ludicrous on so very many levels.

K.

-- 
Kev Green, aka Kyrian. E: kyrian&#64;ore.org WWW: http://kyrian.ore.org/
Linux/Security Contractor/LAMP Coder/ISP, via http://www.orenet.co.uk/
                 DJ via http://www.hellnoise.co.uk/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ