lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
From: JDossey at deltahealthgroup.com (Jon Dossey)
Subject: Is www.sco.com hacked Ethical?

> This bodes well for the Cyberguard Stock which depends on
> SCO UNIX as it's engine for the firewall.  Well again a prank,
> as such, but this helps destroy the reputation of many companies.

I think they did a pretty good job of destroying their reputation all by
themselves.

 
> The person(s) if and when they're found and they will be(sociopath),
feels
> no
> responsibility.   Ok well, how was this an ethical attack? It attacks
> the stock holders, people who work for the companies affected and the
> persons
> responsible deserve whatever legal recourse the company has when they
find
> this clown(s).

You sure do know a lot about this person, considering at this point
they're completely anonymous.  Maybe they take complete responsibility,
but believe its for the greater good?  Maybe they're completely ready to
face criminal charges.  Maybe they'll turn themselves in tomorrow and
apologize for their grievous mistake?  

Neither you or I have any idea.  The difference is that I don't assume
to know.
 
> It is rather amusing, as was the RSA web attack, CIA etc. but the
broader
> implications are that the companies involved are a security risk,
though
> they are not, they will be perceived as one.

Those aren't security risks?  Are you familiar with the internal design
of SCO's network?  If their web servers are vulnerable, what else is?
You've got no factual basis for any of your claims.
 
> Again, I don't agree with SCO and their lawsuits, though some of them
> may have some basis for patent or copyright infringement. I do believe
> they give
> a useful alternative for UNIX.  

I think Linux and BSD make much better UNIX alternatives, don't you?

> For certain smaller companies they provide
> a valuable service to
> the community.  This will only help put a nail in the coffin in a
> struggling company that does
> provide an alternative. I have no SCO stock, ok.   I do believe the
> alternatives are needed to
> check the megaliths like our friendly M$, Apple and others.

How many small companies can afford SCO's Unixware?  Not many I'd guess.
Do you realize in how few arenas SCO competes directly with M$ and
Apple?
 
> Oh well the fun continues in the absurd world of data security or
> insecurity. And how did they hack it
> did someone just leave the permissions on the files open or some other
> mischief.  

*blank stare*
Regardless of whether or not they "leave the permissions on the files
open" or not, the machine still had to be compromised.  

Look I just chmod 777 a suid root copy of the bash shell!  Come root my
webserver!

> Anyone have a  clue on this? Or was a DNS redirection?

At this point, I assume your guess is as good as anyone (outside of SCO
and the attacker).

 
.jon


__________________________________________________________________________

"The information transmitted is intended only for the person or entity to 
which it is addressed and may contain confidential, proprietary, and/or 
privileged material.  Any review, retransmission, dissemination or other 
use of, or taking of any action in reliance upon, this information by 
persons or entities other than the intended recipient is prohibited.  
If you received this in error, please contact the sender and delete 
the material from all computers."


Powered by blists - more mailing lists