[Tfug] OT: Predrag wants attention! WAS: Re: Server Compromise

William Stott WStott at ventanamed.com
Thu Sep 27 22:35:28 MST 2007


I do not mean to stereotype, so I will leave that comment out. I did not realize that Predrag was an instructor at the U (U of A?). That would just add to a great list of instructors that I give no professional respect. On the contrast, I have found that the instructors in the infosec program at JMU (http://www.infosec.jmu.edu) are VERY knowledgable in both instruction and real life experience.

Will


----- Original Message -----
From: tfug-bounces at tfug.org <tfug-bounces at tfug.org>
To: Tucson Free Unix Group <tfug at tfug.org>
Sent: Thu Sep 27 22:17:38 2007
Subject: Re: [Tfug] OT: Predrag wants attention! WAS: Re: Server Compromise

Just leave him alone. Some Russians aren't completely sure of how everything
works here in America. For example: I joined this community and began
playing with linux and unix OSes, something I have never done before. God
forbid I make the mistake of not knowing about super user permissions (the
whole -su then password). Unfortunately, I did and I received the following
message: "You have been using PCBSD for two days now and you do not know how
to use SU privileges? This shows a lack of willingness to learn" and more
shit like that. But hey, whatever. I must admit, I got a nice laugh over
>>How did they get into your server if
>> all but few ports are closed?

The open ones.

That's good. I actually had my firewall monitoring the closed ones, but this
new idea is upsetting to my closed mind. I am sure to warn all my friends at
the U of taking his math classes, because they may be unfortunate enough to
not understand the material and ask him a question, and we all know where
that downward spiral leads...
     Sean

On 9/27/07, Predrag Punosevac <punosevac72 at gmail.com> wrote:
>
> My first letter to this list in almost a month hardly could be called the
> attention request. Actually, one of the answers initiated by my "openly
> hostile
> answer" did get him a real help. I am keeping my mouth shut.
>
> On Thu, 27 Sep 2007 21:07:21 -0700, William Stott <WStott at ventanamed.com>
> wrote:
>
> > Wow. I concur completely. I am a huge fan of BSD also, but everyone in
> > infosec knows that 0day is a reality. As far as openbsd, I believe a
> > remote exploit was introduced at the last blackhat / defcon convention.
> > Th firewall comment he made was a waste. If you allow a connection to a
> > public service, it has the established only or not, you chance the the
> > application to exploitation. It is naïve to think that a firewall and a
> > BSD system are the answers to security. If you are a sysadmin, defend
> > what you can, patch what you can, and pray. Predrag either has been a
> > lucky admin, or has no clue what he is talking about. Sysadmins are
> > overworked, underpaid, and have much less time to secure their systems
> > then hackers do downloading the next script that some hacker created
> > between lunch and wow.
> >
> > Good luck.
> >
> > Will
> >
> >
> > ----- Original Message -----
> > From: tfug-bounces at tfug.org <tfug-bounces at tfug.org>
> > To: Tucson Free Unix Group <tfug at tfug.org>
> > Sent: Thu Sep 27 19:48:27 2007
> > Subject: [Tfug] OT: Predrag wants attention! WAS: Re:  Server Compromise
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > I am calling shens. I sat quietly through what seemed like months of
> > chatter about crossover cables... but this is too much!
> >
> > The response that Predrag Punosevac sent to Chris' e-mail asking for
> > help is openly hostile and contains no helpful information. It could
> > have been distilled down to "I am smarter than you, you deserved to be
> > hacked."
> >
> > I can think of only one way to give him the attention he wants so much:
> >
> > Shamelessly annotating his e-mail, using exclamation marks to denote my
> > distaste for reading unhelpful, judgemental spam in my inbox!!!!
> >
> > To Chris: Getting hacked sucks. I hope you get this straightened out
> > without too much loss of sleep.
> >
> >> Predrag Punosevac wrote:
> >>> What kind of server do you run? http, mail server, data base?
> >>> What kind of firewall do you have? What is the kernel security level (
> >>> I hope this exist in Linux world)
> >
> > Read: "I don't understand the context of the events that occurred.
> > Prepare to receive my judgment!"
> >
> >>> How did they get into your server if
> >>> all but few ports are closed?
> >
> > The open ones.
> >
> >>> The only way to block the BSDs is fake
> >>> demands from the server that would completely block your ports but
> >>> still there is no theoretical possibility that properly run BSD box
> >>> gets hijacked.
> >
> > Bullshit! There may be no 'theoretical possibility', but there's damn
> > sure an actual possibility. DOS attacks are not the only ones effective
> > against BSD derived OSs. This is an ignorant thing to say.
> >
> > Plenty of BSD boxes have been cracked, plenty of them are run by
> > competent sysadmins. How you might ask? Well, if you'd read Chris'
> > e-mail you would have noticed that he suspects that it was a phishing
> > scam. Perhaps one of his users freely gave away the passwords to a bogus
> > site. Tell me how BSD prevents that? (Local privilege escalation bugs
> > are found as frequently in the BSDs as the other *nixes...)
> >
> > Maybe a disgruntled coworker? There are a lot of bits of information I
> > would look for before I indicted someones job performance in a public
> > forum...
> >
> >>> If you are running mail server the content must be scanned by clamov
> >>> or similar software.
> >>> That is the sole source of security risk.
> >
> > What? E-mail viruses are the sole source of security risk of compromise
> > on a mail server. Shit, we run a large number of mail servers, here at
> > the U. (I think, you [Predrag], are a user of said system).
> >
> > Honestly... We check for viruses and spam purely for our clients
> > benefit. The one problem I've never had on a production (*nix/bsd) mail
> > server is a damn virus...
> >
> >>> Why is server running Ubuntu? You might want to switch to OpenBSD if
> >>> the server content and services are so important.
> >
> > Nice pitch... Care to elaborate on OpenBSD's advantages? Perhaps in your
> > next message you could add facts and/or helpful ideas into this
> > worthless monologue of yours? Thanks.
> >
> > OpenBSD is always pitched by someone (*sigh*) as the perfect security
> > solution. It's a small part of a large picture. I like OpenBSD and have
> > deployed it for a few projects. I admire OpenBSD for the simplicity of
> > its layout and the developers attention to auditing and detail. But, for
> > the love of god, running OpenBSD does not make you a security expert, a
> > good sysadmin, or a good dancer.
> >
> >>> Sounds to me that your troubles are home made.
> >
> > It sounds to me like you read a few articles on the Internet and are
> > extrapolating wildly.
> >
> > Truth time: Every machine I run could be more secure, so could yours.
> > Gasp! I've delivered mail using a UNIX domain socket... The server
> > wasn't BSD... the socket wasn't in /var.... and I didn't encrypt the
> > traffic! I am hosed!
> >
> > Seriously, I should just unplug our datacenter and go home, right?
> > Security is important, but isn't the only concern/constraint people have
> > to deal with. Performance, scalability and budget are also very common
> > ones. Try to be more understanding, asserting your dominance does not
> > impress us. A timely, helpful and informative post always impresses me.
> >
> > Predrag Punosevac, I wish you well. I'll buy you a beer at the next
> > happy hour if you please promise to do better (be nicer) next time you
> > post.
> >
> > Thanks,
> > Shawn
> >
> > - --
> > Shawn Nock (OpenPGP: 0x5E377505)
> > University of Arizona
> > nock at email.arizona.edu
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.7 (GNU/Linux)
> >
> > iD8DBQFG/Gt7PAYipF43dQURAmNgAJ9uDpFqM9wkz3Cgx7CmqlK8uiOsuQCeMBNE
> > vkRDi4PsIx59R4ZvR2OWUWk=
> > =vcEy
> > -----END PGP SIGNATURE-----
> >
> > _______________________________________________
> > Tucson Free Unix Group - tfug at tfug.org
> > Subscription Options:
> > http://www.tfug.org/mailman/listinfo/tfug_tfug.org
> > _______________________________________________
> > Tucson Free Unix Group - tfug at tfug.org
> > Subscription Options:
> > http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>
>
>
> --
> Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
>
> _______________________________________________
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>



-- 
FreeBSD v.1.4 (beta)
ASUS P5N32-SLI Premium
Intel Core 2 Duo 6600
dual eVGA 7900 GT OCs (full x16 SLI)
2 gigs DDR2 PC2-6400 (OCd to 866MHz)
250 gig RAID 1 (mirroring)
custom Liquid cooling :)
four 17" CRTs (uber widescreen)
7.1 surround sound (296 watts)
one happy gamer
_______________________________________________
Tucson Free Unix Group - tfug at tfug.org
Subscription Options:
http://www.tfug.org/mailman/listinfo/tfug_tfug.org


More information about the tfug mailing list