[wellylug] Re: Why security for home PCs could be more important than you realise

Grant McLean grantm at web.co.nz
Fri Nov 1 11:15:50 NZDT 2002 

And also don't assume that just because there are no
published hyperlinks to services running on your machine
that no one will find you.  The script kiddies routinely
scan ip addresses selected completely at random looking
for common vulnerabilities.

This interesting paper about the Honeynet project describes
how a system was

   "scanned, probed, and exploited within 15 minutes of
    connecting to the Internet"

    http://project.honeynet.org/papers/stats/

Regards
Grant

===============================================================
Grant McLean        BearingPoint Inc - formerly The Web Limited
+64 4 495 9026           Level 6, 20 Customhouse Quay, Box 1195
gmclean at bearingpoint.biz                Wellington, New Zealand




 > -----Original Message-----
 > From: Damon Lynch [mailto:damon at dev-zone.org]
 > Sent: Friday, November 01, 2002 10:51 AM
 > To: NZOSS OpenChat; wlug
 > Subject: [wellylug] Why security for home PCs could be more important
 > than you realise
 >
 >
 > Hi,
 >
 > I must confess I used to have the attitude of "no one would want to
 > crack into my home PC"--until I read the explanation below!
 > A Mandrake
 > user with a machine at home who had not bothered to apply security
 > patches got cracked.  Mandrake asked him why he did not bother.  His
 > explanation and the further response of Mandrake are below.
 > Interesting
 > reading, especially for users on cable or dsl!!
 >
 > Damon
 >
 > -----Forwarded Message-----
 >
 > From: Vincent Danen <vdanen at mandrakesoft.com>
 > To: expert at linux-mandrake.com
 > Subject: Re: [expert] Ive been hacked!
 > Date: 31 Oct 2002 14:04:33 -0700
 >
 >
 > On Thursday, October 31, 2002, at 01:26 PM, Bill Beauchemin wrote:
 >
 > > I wasa running a much older version of apache and openssl that i
 > > thought
 > > were ok but nooooooooo I guess this hack works with even
 > the old stuff.
 > > I also didnt think somebody would be interested in my little private
 > > home email and web server. Oh well I learned my lesson. Now
 > I ogts to
 > > go
 > > and get the apache, openssl, and the modssl patches.
 >
 > A few tips.  First, the updates are there to fix problems in older
 > versions.  Chances are, if there is an update for it, it's
 > because you
 > *need* it.  We don't make updates just for kicks, and we
 > don't provide
 > updates for software that isn't vulnerable.  IIRC, if you
 > were running
 > apache 1.0, you would need the update.
 >
 > Secondly, your private home email/web server is a preferred target.
 > Why?  Because of exactly your thinking.  "No one will be
 > interested in
 > it".  It is much easier to hack into someone's machine with a
 > laxidazy(sp?) attitude towards security.  It also helps to hide the
 > trail.  If someone can hack into your machine, and then use it as a
 > springboard to the machine they *really* want, the better for
 > them.  To
 > the end victim, it looks like the attack is coming from you, which it
 > is.  That means they will attempt to deal with *you*, rather than the
 > real perpetrator.  To that end, yes, it's more appealing to someone
 > wanting to break into amazon.com, to break into your machine
 > first.  Or
 > four machines, similar to yours, springboarding from one
 > machine to the
 > next, hiding their trail, until the end of the line machine (after
 > having accomplished four hops or so) is used to attack the
 > real target.
 >
 > The short and long of it is:  Never *ever* assume you will not be a
 > target.  They may not be interested in your data, but they may be
 > interested in your connection, CPU, etc.  And update update
 > *update*!
 > Updates are done for your benefit, not ours.
 >
 > I know it sucks to have this happen to you, but hopefully this will
 > serve as a lesson both to yourself and many other people who have had
 > the same attitude as you.  =)
 >
 > --
 > MandrakeSoft Security; http://www.mandrakesecure.net/
 > "lynx - source http://linsec.ca/vdanen.asc | gpg --import"
 > {FE6F2AFD: 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}


------------------------ Yahoo! Groups Sponsor ---------------------~-->
Get 128 Bit SSL Encryption!
http://us.click.yahoo.com/JjlUgA/vN2EAA/kG8FAA/0XFolB/TM
---------------------------------------------------------------------~->

  .-.   Wellington
  /V\   Linux
 // \\  Users       
/(   )\ Group
 ^^-^^
        http://wlug.paradise.net.nz/

To unsubscribe from this group, send an email to:
wellylug-unsubscribe at egroups.com
  

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

More information about the wellylug mailing list