[wellylug] Why security for home PCs could be more important than you realise

Ilia Pavlenko ip at globe.net.nz
Fri Nov 1 21:17:44 NZDT 2002


Well - That's a nice topic for a meeting :)

First of all - FORGET TELNET, ONLY SSH !!! (i've been screwed for using
telnet - someone "sniffed" and rootkitted a SuSE-based server that i've
built...

Second - if you don't need it - disable it :) Thats why i always go for
"custom" installs, and leave what I don't need.

Third - read "alternative" news, even things like "slashdot.org" will
usually announce new vulnerabilities before major news companies.

Homo homini lupus est :)

Ilia

On 1 Nov 2002, Damon Lynch wrote:

> Hi,
>
> I must confess I used to have the attitude of "no one would want to
> crack into my home PC"--until I read the explanation below!  A Mandrake
> user with a machine at home who had not bothered to apply security
> patches got cracked.  Mandrake asked him why he did not bother.  His
> explanation and the further response of Mandrake are below.  Interesting
> reading, especially for users on cable or dsl!!
>
> Damon
>
> -----Forwarded Message-----
>
> From: Vincent Danen <vdanen at mandrakesoft.com>
> To: expert at linux-mandrake.com
> Subject: Re: [expert] Ive been hacked!
> Date: 31 Oct 2002 14:04:33 -0700
>
>
> On Thursday, October 31, 2002, at 01:26 PM, Bill Beauchemin wrote:
>
> > I wasa running a much older version of apache and openssl that i
> > thought
> > were ok but nooooooooo I guess this hack works with even the old stuff.
> > I also didnt think somebody would be interested in my little private
> > home email and web server. Oh well I learned my lesson. Now I ogts to
> > go
> > and get the apache, openssl, and the modssl patches.
>
> A few tips.  First, the updates are there to fix problems in older
> versions.  Chances are, if there is an update for it, it's because you
> *need* it.  We don't make updates just for kicks, and we don't provide
> updates for software that isn't vulnerable.  IIRC, if you were running
> apache 1.0, you would need the update.
>
> Secondly, your private home email/web server is a preferred target.
> Why?  Because of exactly your thinking.  "No one will be interested in
> it".  It is much easier to hack into someone's machine with a
> laxidazy(sp?) attitude towards security.  It also helps to hide the
> trail.  If someone can hack into your machine, and then use it as a
> springboard to the machine they *really* want, the better for them.  To
> the end victim, it looks like the attack is coming from you, which it
> is.  That means they will attempt to deal with *you*, rather than the
> real perpetrator.  To that end, yes, it's more appealing to someone
> wanting to break into amazon.com, to break into your machine first.  Or
> four machines, similar to yours, springboarding from one machine to the
> next, hiding their trail, until the end of the line machine (after
> having accomplished four hops or so) is used to attack the real target.
>
> The short and long of it is:  Never *ever* assume you will not be a
> target.  They may not be interested in your data, but they may be
> interested in your connection, CPU, etc.  And update update *update*!
> Updates are done for your benefit, not ours.
>
> I know it sucks to have this happen to you, but hopefully this will
> serve as a lesson both to yourself and many other people who have had
> the same attitude as you.  =)
>
> --
> MandrakeSoft Security; http://www.mandrakesecure.net/
> "lynx - source http://linsec.ca/vdanen.asc | gpg --import"
> {FE6F2AFD: 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
>
>
>
>
>
>   .-.   Wellington
>   /V\   Linux
>  // \\  Users
> /(   )\ Group
>  ^^-^^
>         http://wlug.paradise.net.nz/
>
> To unsubscribe from this group, send an email to:
> wellylug-unsubscribe at egroups.com
>
>
> Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
>
>
>


------------------------ Yahoo! Groups Sponsor ---------------------~-->
Get 128 Bit SSL Encryption!
http://us.click.yahoo.com/JjlUgA/vN2EAA/kG8FAA/0XFolB/TM
---------------------------------------------------------------------~->

  .-.   Wellington
  /V\   Linux
 // \\  Users       
/(   )\ Group
 ^^-^^
        http://wlug.paradise.net.nz/

To unsubscribe from this group, send an email to:
wellylug-unsubscribe at egroups.com
  

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 





More information about the wellylug mailing list