[Tfug] OT: Predrag wants attention! WAS: Re: Server Compromise

Sean Warburton hl2addict at gmail.com
Thu Sep 27 22:55:44 MST 2007 

To each, according to his own, as predrag's hero would say, but I should do
that course you mentioned. I do not want to help fund his paycheck. Thanks
for the suggestion, I appreciate that!
     Sean

On 9/27/07, William Stott <WStott at ventanamed.com> wrote:
>
> I do not mean to stereotype, so I will leave that comment out. I did not
> realize that Predrag was an instructor at the U (U of A?). That would just
> add to a great list of instructors that I give no professional respect. On
> the contrast, I have found that the instructors in the infosec program at
> JMU (http://www.infosec.jmu.edu) are VERY knowledgable in both instruction
> and real life experience.
>
> Will
>
>
> ----- Original Message -----
> From: tfug-bounces at tfug.org <tfug-bounces at tfug.org>
> To: Tucson Free Unix Group <tfug at tfug.org>
> Sent: Thu Sep 27 22:17:38 2007
> Subject: Re: [Tfug] OT: Predrag wants attention! WAS: Re: Server
> Compromise
>
> Just leave him alone. Some Russians aren't completely sure of how
> everything
> works here in America. For example: I joined this community and began
> playing with linux and unix OSes, something I have never done before. God
> forbid I make the mistake of not knowing about super user permissions (the
> whole -su then password). Unfortunately, I did and I received the
> following
> message: "You have been using PCBSD for two days now and you do not know
> how
> to use SU privileges? This shows a lack of willingness to learn" and more
> shit like that. But hey, whatever. I must admit, I got a nice laugh over
> >>How did they get into your server if
> >> all but few ports are closed?
>
> The open ones.
>
> That's good. I actually had my firewall monitoring the closed ones, but
> this
> new idea is upsetting to my closed mind. I am sure to warn all my friends
> at
> the U of taking his math classes, because they may be unfortunate enough
> to
> not understand the material and ask him a question, and we all know where
> that downward spiral leads...
>      Sean
>
> On 9/27/07, Predrag Punosevac <punosevac72 at gmail.com> wrote:
> >
> > My first letter to this list in almost a month hardly could be called
> the
> > attention request. Actually, one of the answers initiated by my "openly
> > hostile
> > answer" did get him a real help. I am keeping my mouth shut.
> >
> > On Thu, 27 Sep 2007 21:07:21 -0700, William Stott <WStott at ventanamed.com
> >
> > wrote:
> >
> > > Wow. I concur completely. I am a huge fan of BSD also, but everyone in
> > > infosec knows that 0day is a reality. As far as openbsd, I believe a
> > > remote exploit was introduced at the last blackhat / defcon
> convention.
> > > Th firewall comment he made was a waste. If you allow a connection to
> a
> > > public service, it has the established only or not, you chance the the
> > > application to exploitation. It is naïve to think that a firewall and
> a
> > > BSD system are the answers to security. If you are a sysadmin, defend
> > > what you can, patch what you can, and pray. Predrag either has been a
> > > lucky admin, or has no clue what he is talking about. Sysadmins are
> > > overworked, underpaid, and have much less time to secure their systems
> > > then hackers do downloading the next script that some hacker created
> > > between lunch and wow.
> > >
> > > Good luck.
> > >
> > > Will
> > >
> > >
> > > ----- Original Message -----
> > > From: tfug-bounces at tfug.org <tfug-bounces at tfug.org>
> > > To: Tucson Free Unix Group <tfug at tfug.org>
> > > Sent: Thu Sep 27 19:48:27 2007
> > > Subject: [Tfug] OT: Predrag wants attention! WAS: Re:  Server
> Compromise
> > >
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > > I am calling shens. I sat quietly through what seemed like months of
> > > chatter about crossover cables... but this is too much!
> > >
> > > The response that Predrag Punosevac sent to Chris' e-mail asking for
> > > help is openly hostile and contains no helpful information. It could
> > > have been distilled down to "I am smarter than you, you deserved to be
> > > hacked."
> > >
> > > I can think of only one way to give him the attention he wants so
> much:
> > >
> > > Shamelessly annotating his e-mail, using exclamation marks to denote
> my
> > > distaste for reading unhelpful, judgemental spam in my inbox!!!!
> > >
> > > To Chris: Getting hacked sucks. I hope you get this straightened out
> > > without too much loss of sleep.
> > >
> > >> Predrag Punosevac wrote:
> > >>> What kind of server do you run? http, mail server, data base?
> > >>> What kind of firewall do you have? What is the kernel security level
> (
> > >>> I hope this exist in Linux world)
> > >
> > > Read: "I don't understand the context of the events that occurred.
> > > Prepare to receive my judgment!"
> > >
> > >>> How did they get into your server if
> > >>> all but few ports are closed?
> > >
> > > The open ones.
> > >
> > >>> The only way to block the BSDs is fake
> > >>> demands from the server that would completely block your ports but
> > >>> still there is no theoretical possibility that properly run BSD box
> > >>> gets hijacked.
> > >
> > > Bullshit! There may be no 'theoretical possibility', but there's damn
> > > sure an actual possibility. DOS attacks are not the only ones
> effective
> > > against BSD derived OSs. This is an ignorant thing to say.
> > >
> > > Plenty of BSD boxes have been cracked, plenty of them are run by
> > > competent sysadmins. How you might ask? Well, if you'd read Chris'
> > > e-mail you would have noticed that he suspects that it was a phishing
> > > scam. Perhaps one of his users freely gave away the passwords to a
> bogus
> > > site. Tell me how BSD prevents that? (Local privilege escalation bugs
> > > are found as frequently in the BSDs as the other *nixes...)
> > >
> > > Maybe a disgruntled coworker? There are a lot of bits of information I
> > > would look for before I indicted someones job performance in a public
> > > forum...
> > >
> > >>> If you are running mail server the content must be scanned by clamov
> > >>> or similar software.
> > >>> That is the sole source of security risk.
> > >
> > > What? E-mail viruses are the sole source of security risk of
> compromise
> > > on a mail server. Shit, we run a large number of mail servers, here at
> > > the U. (I think, you [Predrag], are a user of said system).
> > >
> > > Honestly... We check for viruses and spam purely for our clients
> > > benefit. The one problem I've never had on a production (*nix/bsd)
> mail
> > > server is a damn virus...
> > >
> > >>> Why is server running Ubuntu? You might want to switch to OpenBSD if
> > >>> the server content and services are so important.
> > >
> > > Nice pitch... Care to elaborate on OpenBSD's advantages? Perhaps in
> your
> > > next message you could add facts and/or helpful ideas into this
> > > worthless monologue of yours? Thanks.
> > >
> > > OpenBSD is always pitched by someone (*sigh*) as the perfect security
> > > solution. It's a small part of a large picture. I like OpenBSD and
> have
> > > deployed it for a few projects. I admire OpenBSD for the simplicity of
> > > its layout and the developers attention to auditing and detail. But,
> for
> > > the love of god, running OpenBSD does not make you a security expert,
> a
> > > good sysadmin, or a good dancer.
> > >
> > >>> Sounds to me that your troubles are home made.
> > >
> > > It sounds to me like you read a few articles on the Internet and are
> > > extrapolating wildly.
> > >
> > > Truth time: Every machine I run could be more secure, so could yours.
> > > Gasp! I've delivered mail using a UNIX domain socket... The server
> > > wasn't BSD... the socket wasn't in /var.... and I didn't encrypt the
> > > traffic! I am hosed!
> > >
> > > Seriously, I should just unplug our datacenter and go home, right?
> > > Security is important, but isn't the only concern/constraint people
> have
> > > to deal with. Performance, scalability and budget are also very common
> > > ones. Try to be more understanding, asserting your dominance does not
> > > impress us. A timely, helpful and informative post always impresses
> me.
> > >
> > > Predrag Punosevac, I wish you well. I'll buy you a beer at the next
> > > happy hour if you please promise to do better (be nicer) next time you
> > > post.
> > >
> > > Thanks,
> > > Shawn
> > >
> > > - --
> > > Shawn Nock (OpenPGP: 0x5E377505)
> > > University of Arizona
> > > nock at email.arizona.edu
> > > -----BEGIN PGP SIGNATURE-----
> > > Version: GnuPG v1.4.7 (GNU/Linux)
> > >
> > > iD8DBQFG/Gt7PAYipF43dQURAmNgAJ9uDpFqM9wkz3Cgx7CmqlK8uiOsuQCeMBNE
> > > vkRDi4PsIx59R4ZvR2OWUWk=
> > > =vcEy
> > > -----END PGP SIGNATURE-----
> > >
> > > _______________________________________________
> > > Tucson Free Unix Group - tfug at tfug.org
> > > Subscription Options:
> > > http://www.tfug.org/mailman/listinfo/tfug_tfug.org
> > > _______________________________________________
> > > Tucson Free Unix Group - tfug at tfug.org
> > > Subscription Options:
> > > http://www.tfug.org/mailman/listinfo/tfug_tfug.org
> >
> >
> >
> > --
> > Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
> >
> > _______________________________________________
> > Tucson Free Unix Group - tfug at tfug.org
> > Subscription Options:
> > http://www.tfug.org/mailman/listinfo/tfug_tfug.org
> >
>
>
>
> --
> FreeBSD v.1.4 (beta)
> ASUS P5N32-SLI Premium
> Intel Core 2 Duo 6600
> dual eVGA 7900 GT OCs (full x16 SLI)
> 2 gigs DDR2 PC2-6400 (OCd to 866MHz)
> 250 gig RAID 1 (mirroring)
> custom Liquid cooling :)
> four 17" CRTs (uber widescreen)
> 7.1 surround sound (296 watts)
> one happy gamer
> _______________________________________________
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
> _______________________________________________
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>



-- 
FreeBSD v.1.4 (beta)
ASUS P5N32-SLI Premium
Intel Core 2 Duo 6600
dual eVGA 7900 GT OCs (full x16 SLI)
2 gigs DDR2 PC2-6400 (OCd to 866MHz)
250 gig RAID 1 (mirroring)
custom Liquid cooling :)
four 17" CRTs (uber widescreen)
7.1 surround sound (296 watts)
one happy gamer

More information about the tfug mailing list