[Tfug] OT: Predrag wants attention! WAS: Re: Server Compromise

Predrag Punosevac punosevac72 at gmail.com
Thu Sep 27 21:21:21 MST 2007 

My first letter to this list in almost a month hardly could be called the
attention request. Actually, one of the answers initiated by my "openly  
hostile
answer" did get him a real help. I am keeping my mouth shut.

On Thu, 27 Sep 2007 21:07:21 -0700, William Stott <WStott at ventanamed.com>  
wrote:

> Wow. I concur completely. I am a huge fan of BSD also, but everyone in  
> infosec knows that 0day is a reality. As far as openbsd, I believe a  
> remote exploit was introduced at the last blackhat / defcon convention.  
> Th firewall comment he made was a waste. If you allow a connection to a  
> public service, it has the established only or not, you chance the the  
> application to exploitation. It is naïve to think that a firewall and a  
> BSD system are the answers to security. If you are a sysadmin, defend  
> what you can, patch what you can, and pray. Predrag either has been a  
> lucky admin, or has no clue what he is talking about. Sysadmins are  
> overworked, underpaid, and have much less time to secure their systems  
> then hackers do downloading the next script that some hacker created  
> between lunch and wow.
>
> Good luck.
>
> Will
>
>
> ----- Original Message -----
> From: tfug-bounces at tfug.org <tfug-bounces at tfug.org>
> To: Tucson Free Unix Group <tfug at tfug.org>
> Sent: Thu Sep 27 19:48:27 2007
> Subject: [Tfug] OT: Predrag wants attention! WAS: Re:  Server Compromise
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I am calling shens. I sat quietly through what seemed like months of
> chatter about crossover cables... but this is too much!
>
> The response that Predrag Punosevac sent to Chris' e-mail asking for
> help is openly hostile and contains no helpful information. It could
> have been distilled down to "I am smarter than you, you deserved to be
> hacked."
>
> I can think of only one way to give him the attention he wants so much:
>
> Shamelessly annotating his e-mail, using exclamation marks to denote my
> distaste for reading unhelpful, judgemental spam in my inbox!!!!
>
> To Chris: Getting hacked sucks. I hope you get this straightened out
> without too much loss of sleep.
>
>> Predrag Punosevac wrote:
>>> What kind of server do you run? http, mail server, data base?
>>> What kind of firewall do you have? What is the kernel security level (
>>> I hope this exist in Linux world)
>
> Read: "I don't understand the context of the events that occurred.
> Prepare to receive my judgment!"
>
>>> How did they get into your server if
>>> all but few ports are closed?
>
> The open ones.
>
>>> The only way to block the BSDs is fake
>>> demands from the server that would completely block your ports but
>>> still there is no theoretical possibility that properly run BSD box
>>> gets hijacked.
>
> Bullshit! There may be no 'theoretical possibility', but there's damn
> sure an actual possibility. DOS attacks are not the only ones effective
> against BSD derived OSs. This is an ignorant thing to say.
>
> Plenty of BSD boxes have been cracked, plenty of them are run by
> competent sysadmins. How you might ask? Well, if you'd read Chris'
> e-mail you would have noticed that he suspects that it was a phishing
> scam. Perhaps one of his users freely gave away the passwords to a bogus
> site. Tell me how BSD prevents that? (Local privilege escalation bugs
> are found as frequently in the BSDs as the other *nixes...)
>
> Maybe a disgruntled coworker? There are a lot of bits of information I
> would look for before I indicted someones job performance in a public
> forum...
>
>>> If you are running mail server the content must be scanned by clamov
>>> or similar software.
>>> That is the sole source of security risk.
>
> What? E-mail viruses are the sole source of security risk of compromise
> on a mail server. Shit, we run a large number of mail servers, here at
> the U. (I think, you [Predrag], are a user of said system).
>
> Honestly... We check for viruses and spam purely for our clients
> benefit. The one problem I've never had on a production (*nix/bsd) mail
> server is a damn virus...
>
>>> Why is server running Ubuntu? You might want to switch to OpenBSD if
>>> the server content and services are so important.
>
> Nice pitch... Care to elaborate on OpenBSD's advantages? Perhaps in your
> next message you could add facts and/or helpful ideas into this
> worthless monologue of yours? Thanks.
>
> OpenBSD is always pitched by someone (*sigh*) as the perfect security
> solution. It's a small part of a large picture. I like OpenBSD and have
> deployed it for a few projects. I admire OpenBSD for the simplicity of
> its layout and the developers attention to auditing and detail. But, for
> the love of god, running OpenBSD does not make you a security expert, a
> good sysadmin, or a good dancer.
>
>>> Sounds to me that your troubles are home made.
>
> It sounds to me like you read a few articles on the Internet and are
> extrapolating wildly.
>
> Truth time: Every machine I run could be more secure, so could yours.
> Gasp! I've delivered mail using a UNIX domain socket... The server
> wasn't BSD... the socket wasn't in /var.... and I didn't encrypt the
> traffic! I am hosed!
>
> Seriously, I should just unplug our datacenter and go home, right?
> Security is important, but isn't the only concern/constraint people have
> to deal with. Performance, scalability and budget are also very common
> ones. Try to be more understanding, asserting your dominance does not
> impress us. A timely, helpful and informative post always impresses me.
>
> Predrag Punosevac, I wish you well. I'll buy you a beer at the next
> happy hour if you please promise to do better (be nicer) next time you  
> post.
>
> Thanks,
> Shawn
>
> - --
> Shawn Nock (OpenPGP: 0x5E377505)
> University of Arizona
> nock at email.arizona.edu
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (GNU/Linux)
>
> iD8DBQFG/Gt7PAYipF43dQURAmNgAJ9uDpFqM9wkz3Cgx7CmqlK8uiOsuQCeMBNE
> vkRDi4PsIx59R4ZvR2OWUWk=
> =vcEy
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
> _______________________________________________
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
> http://www.tfug.org/mailman/listinfo/tfug_tfug.org



-- 
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/

More information about the tfug mailing list