[Tfug] OT: Predrag wants attention! WAS: Re: Server Compromise

[William Stott]

Wow. I concur completely. I am a huge fan of BSD also, but everyone in infosec knows that 0day is a reality. As far as openbsd, I believe a remote exploit was introduced at the last blackhat / defcon convention. Th firewall comment he made was a waste. If you allow a connection to a public service, it has the established only or not, you chance the the application to exploitation. It is naïve to think that a firewall and a BSD system are the answers to security. If you are a sysadmin, defend what you can, patch what you can, and pray. Predrag either has been a lucky admin, or has no clue what he is talking about. Sysadmins are overworked, underpaid, and have much less time to secure their systems then hackers do downloading the next script that some hacker created between lunch and wow.

Good luck.

Will


----- Original Message -----
From: tfug-bounces at tfug.org <tfug-bounces at tfug.org>
To: Tucson Free Unix Group <tfug at tfug.org>
Sent: Thu Sep 27 19:48:27 2007
Subject: [Tfug] OT: Predrag wants attention! WAS: Re:  Server Compromise

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I am calling shens. I sat quietly through what seemed like months of
chatter about crossover cables... but this is too much!

The response that Predrag Punosevac sent to Chris' e-mail asking for
help is openly hostile and contains no helpful information. It could
have been distilled down to "I am smarter than you, you deserved to be
hacked."

I can think of only one way to give him the attention he wants so much:

Shamelessly annotating his e-mail, using exclamation marks to denote my
distaste for reading unhelpful, judgemental spam in my inbox!!!!

To Chris: Getting hacked sucks. I hope you get this straightened out
without too much loss of sleep.

> Predrag Punosevac wrote:
>> What kind of server do you run? http, mail server, data base?
>> What kind of firewall do you have? What is the kernel security level (
>> I hope this exist in Linux world) 

Read: "I don't understand the context of the events that occurred.
Prepare to receive my judgment!"

>>How did they get into your server if
>> all but few ports are closed?

The open ones.

>> The only way to block the BSDs is fake
>> demands from the server that would completely block your ports but
>> still there is no theoretical possibility that properly run BSD box
>> gets hijacked.

Bullshit! There may be no 'theoretical possibility', but there's damn
sure an actual possibility. DOS attacks are not the only ones effective
against BSD derived OSs. This is an ignorant thing to say.

Plenty of BSD boxes have been cracked, plenty of them are run by
competent sysadmins. How you might ask? Well, if you'd read Chris'
e-mail you would have noticed that he suspects that it was a phishing
scam. Perhaps one of his users freely gave away the passwords to a bogus
site. Tell me how BSD prevents that? (Local privilege escalation bugs
are found as frequently in the BSDs as the other *nixes...)

Maybe a disgruntled coworker? There are a lot of bits of information I
would look for before I indicted someones job performance in a public
forum...

>> If you are running mail server the content must be scanned by clamov
>> or similar software.
>> That is the sole source of security risk.

What? E-mail viruses are the sole source of security risk of compromise
on a mail server. Shit, we run a large number of mail servers, here at
the U. (I think, you [Predrag], are a user of said system).

Honestly... We check for viruses and spam purely for our clients
benefit. The one problem I've never had on a production (*nix/bsd) mail
server is a damn virus...

>> Why is server running Ubuntu? You might want to switch to OpenBSD if
>> the server content and services are so important.

Nice pitch... Care to elaborate on OpenBSD's advantages? Perhaps in your
next message you could add facts and/or helpful ideas into this
worthless monologue of yours? Thanks.

OpenBSD is always pitched by someone (*sigh*) as the perfect security
solution. It's a small part of a large picture. I like OpenBSD and have
deployed it for a few projects. I admire OpenBSD for the simplicity of
its layout and the developers attention to auditing and detail. But, for
the love of god, running OpenBSD does not make you a security expert, a
good sysadmin, or a good dancer.

>> Sounds to me that your troubles are home made.

It sounds to me like you read a few articles on the Internet and are
extrapolating wildly.

Truth time: Every machine I run could be more secure, so could yours.
Gasp! I've delivered mail using a UNIX domain socket... The server
wasn't BSD... the socket wasn't in /var.... and I didn't encrypt the
traffic! I am hosed!

Seriously, I should just unplug our datacenter and go home, right?
Security is important, but isn't the only concern/constraint people have
to deal with. Performance, scalability and budget are also very common
ones. Try to be more understanding, asserting your dominance does not
impress us. A timely, helpful and informative post always impresses me.

Predrag Punosevac, I wish you well. I'll buy you a beer at the next
happy hour if you please promise to do better (be nicer) next time you post.

Thanks,
Shawn

- --
Shawn Nock (OpenPGP: 0x5E377505)
University of Arizona
nock at email.arizona.edu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFG/Gt7PAYipF43dQURAmNgAJ9uDpFqM9wkz3Cgx7CmqlK8uiOsuQCeMBNE
vkRDi4PsIx59R4ZvR2OWUWk=
=vcEy
-----END PGP SIGNATURE-----

_______________________________________________
Tucson Free Unix Group - tfug at tfug.org
Subscription Options:
http://www.tfug.org/mailman/listinfo/tfug_tfug.org