lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.GSO.4.43.0401200903460.10946-100000@tundra.winternet.com>
From: dufresne at winternet.com (Ron DuFresne)
Subject: Re: January 15 is Personal Firewall Day,help
 the cause


Brenda,

Here's a strong clue;

If you do not allow other users on the system, do have services open for
public consumption, keep patched and block the nasites, your risk has been
trivialised.  perhaps as much as 75% of the risk on a linux or unix
systesm comes from insiders, users taking advantage of weaknesses in apps
and packages under the hood.  If you have a httpd running and open to
public consumption, or an ftpd or another public service then your risk
goes up again drmatically <httpd is far more serious an endeavor in threat
level then many would have one believe these days, damned near
everythingcan be pushed through and over it, and is>.

On Fri, 16 Jan 2004, brenda wrote:

> question on this?
> maybe i am more disillusioned than i thought but if i patch and update how can
> i be as vuknerable as on windows?
> i run a program called killerwall as my firewall
> it is a script that uses ipchains or iptables .i chose iptables because of my
> reading and thinking this was safer.
> i dont understand how rootkits work tho and my reading has not helped my
> understanding of this very much.
> i dont do downloads except with acceptable ftp sites .no music/movies stuff.in
> fact my only downloads have have been with urpmi?
> can rootkits be used this way?
> apologizing for my ignorance ahead of time but i am hoping to learn
> br3n
>
> > That's true. I just want to remember about the guy with the rootkit
> > which I asked about. Running SuSE Linux, patching regularly and thought
> > he was safe while running an unpatched PHPNuke installation. Ouch. :-)
>
>

This fellows problem was enabling php <well enabling apache and letting
http past his firewall, without understanding the risk>, and having a lack
of understanding of what php is and can do.  Dynamic content is not
something joe everyday user should be engaging in except on a trough away
system, even with iptable enabled.  And phpnuke has perhaps the worst
recond for all the php modules that folks are playing with like those in
the past played with matt's old cgi's.



Thanks,

Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
	***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ