[Tfug] OT: Predrag wants attention! WAS: Re: Server Compromise

Chris Hill ubergeek at ubergeek.tv
Fri Sep 28 10:37:55 MST 2007


OMG This thread is out of control!

I can't leave you all alone for one minute. Get in the car! No Wally 
World for you!

:P
C

Sean Warburton wrote:
> To each, according to his own, as predrag's hero would say, but I should do
> that course you mentioned. I do not want to help fund his paycheck. Thanks
> for the suggestion, I appreciate that!
>      Sean
>
> On 9/27/07, William Stott <WStott at ventanamed.com> wrote:
>   
>> I do not mean to stereotype, so I will leave that comment out. I did not
>> realize that Predrag was an instructor at the U (U of A?). That would just
>> add to a great list of instructors that I give no professional respect. On
>> the contrast, I have found that the instructors in the infosec program at
>> JMU (http://www.infosec.jmu.edu) are VERY knowledgable in both instruction
>> and real life experience.
>>
>> Will
>>
>>
>> ----- Original Message -----
>> From: tfug-bounces at tfug.org <tfug-bounces at tfug.org>
>> To: Tucson Free Unix Group <tfug at tfug.org>
>> Sent: Thu Sep 27 22:17:38 2007
>> Subject: Re: [Tfug] OT: Predrag wants attention! WAS: Re: Server
>> Compromise
>>
>> Just leave him alone. Some Russians aren't completely sure of how
>> everything
>> works here in America. For example: I joined this community and began
>> playing with linux and unix OSes, something I have never done before. God
>> forbid I make the mistake of not knowing about super user permissions (the
>> whole -su then password). Unfortunately, I did and I received the
>> following
>> message: "You have been using PCBSD for two days now and you do not know
>> how
>> to use SU privileges? This shows a lack of willingness to learn" and more
>> shit like that. But hey, whatever. I must admit, I got a nice laugh over
>>     
>>>> How did they get into your server if
>>>> all but few ports are closed?
>>>>         
>> The open ones.
>>
>> That's good. I actually had my firewall monitoring the closed ones, but
>> this
>> new idea is upsetting to my closed mind. I am sure to warn all my friends
>> at
>> the U of taking his math classes, because they may be unfortunate enough
>> to
>> not understand the material and ask him a question, and we all know where
>> that downward spiral leads...
>>      Sean
>>
>> On 9/27/07, Predrag Punosevac <punosevac72 at gmail.com> wrote:
>>     
>>> My first letter to this list in almost a month hardly could be called
>>>       
>> the
>>     
>>> attention request. Actually, one of the answers initiated by my "openly
>>> hostile
>>> answer" did get him a real help. I am keeping my mouth shut.
>>>
>>> On Thu, 27 Sep 2007 21:07:21 -0700, William Stott <WStott at ventanamed.com
>>>
>>> wrote:
>>>
>>>       
>>>> Wow. I concur completely. I am a huge fan of BSD also, but everyone in
>>>> infosec knows that 0day is a reality. As far as openbsd, I believe a
>>>> remote exploit was introduced at the last blackhat / defcon
>>>>         
>> convention.
>>     
>>>> Th firewall comment he made was a waste. If you allow a connection to
>>>>         
>> a
>>     
>>>> public service, it has the established only or not, you chance the the
>>>> application to exploitation. It is naïve to think that a firewall and
>>>>         
>> a
>>     
>>>> BSD system are the answers to security. If you are a sysadmin, defend
>>>> what you can, patch what you can, and pray. Predrag either has been a
>>>> lucky admin, or has no clue what he is talking about. Sysadmins are
>>>> overworked, underpaid, and have much less time to secure their systems
>>>> then hackers do downloading the next script that some hacker created
>>>> between lunch and wow.
>>>>
>>>> Good luck.
>>>>
>>>> Will
>>>>
>>>>
>>>> ----- Original Message -----
>>>> From: tfug-bounces at tfug.org <tfug-bounces at tfug.org>
>>>> To: Tucson Free Unix Group <tfug at tfug.org>
>>>> Sent: Thu Sep 27 19:48:27 2007
>>>> Subject: [Tfug] OT: Predrag wants attention! WAS: Re:  Server
>>>>         
>> Compromise
>>     
>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>> Hash: SHA1
>>>>
>>>> I am calling shens. I sat quietly through what seemed like months of
>>>> chatter about crossover cables... but this is too much!
>>>>
>>>> The response that Predrag Punosevac sent to Chris' e-mail asking for
>>>> help is openly hostile and contains no helpful information. It could
>>>> have been distilled down to "I am smarter than you, you deserved to be
>>>> hacked."
>>>>
>>>> I can think of only one way to give him the attention he wants so
>>>>         
>> much:
>>     
>>>> Shamelessly annotating his e-mail, using exclamation marks to denote
>>>>         
>> my
>>     
>>>> distaste for reading unhelpful, judgemental spam in my inbox!!!!
>>>>
>>>> To Chris: Getting hacked sucks. I hope you get this straightened out
>>>> without too much loss of sleep.
>>>>
>>>>         
>>>>> Predrag Punosevac wrote:
>>>>>           
>>>>>> What kind of server do you run? http, mail server, data base?
>>>>>> What kind of firewall do you have? What is the kernel security level
>>>>>>             
>> (
>>     
>>>>>> I hope this exist in Linux world)
>>>>>>             
>>>> Read: "I don't understand the context of the events that occurred.
>>>> Prepare to receive my judgment!"
>>>>
>>>>         
>>>>>> How did they get into your server if
>>>>>> all but few ports are closed?
>>>>>>             
>>>> The open ones.
>>>>
>>>>         
>>>>>> The only way to block the BSDs is fake
>>>>>> demands from the server that would completely block your ports but
>>>>>> still there is no theoretical possibility that properly run BSD box
>>>>>> gets hijacked.
>>>>>>             
>>>> Bullshit! There may be no 'theoretical possibility', but there's damn
>>>> sure an actual possibility. DOS attacks are not the only ones
>>>>         
>> effective
>>     
>>>> against BSD derived OSs. This is an ignorant thing to say.
>>>>
>>>> Plenty of BSD boxes have been cracked, plenty of them are run by
>>>> competent sysadmins. How you might ask? Well, if you'd read Chris'
>>>> e-mail you would have noticed that he suspects that it was a phishing
>>>> scam. Perhaps one of his users freely gave away the passwords to a
>>>>         
>> bogus
>>     
>>>> site. Tell me how BSD prevents that? (Local privilege escalation bugs
>>>> are found as frequently in the BSDs as the other *nixes...)
>>>>
>>>> Maybe a disgruntled coworker? There are a lot of bits of information I
>>>> would look for before I indicted someones job performance in a public
>>>> forum...
>>>>
>>>>         
>>>>>> If you are running mail server the content must be scanned by clamov
>>>>>> or similar software.
>>>>>> That is the sole source of security risk.
>>>>>>             
>>>> What? E-mail viruses are the sole source of security risk of
>>>>         
>> compromise
>>     
>>>> on a mail server. Shit, we run a large number of mail servers, here at
>>>> the U. (I think, you [Predrag], are a user of said system).
>>>>
>>>> Honestly... We check for viruses and spam purely for our clients
>>>> benefit. The one problem I've never had on a production (*nix/bsd)
>>>>         
>> mail
>>     
>>>> server is a damn virus...
>>>>
>>>>         
>>>>>> Why is server running Ubuntu? You might want to switch to OpenBSD if
>>>>>> the server content and services are so important.
>>>>>>             
>>>> Nice pitch... Care to elaborate on OpenBSD's advantages? Perhaps in
>>>>         
>> your
>>     
>>>> next message you could add facts and/or helpful ideas into this
>>>> worthless monologue of yours? Thanks.
>>>>
>>>> OpenBSD is always pitched by someone (*sigh*) as the perfect security
>>>> solution. It's a small part of a large picture. I like OpenBSD and
>>>>         
>> have
>>     
>>>> deployed it for a few projects. I admire OpenBSD for the simplicity of
>>>> its layout and the developers attention to auditing and detail. But,
>>>>         
>> for
>>     
>>>> the love of god, running OpenBSD does not make you a security expert,
>>>>         
>> a
>>     
>>>> good sysadmin, or a good dancer.
>>>>
>>>>         
>>>>>> Sounds to me that your troubles are home made.
>>>>>>             
>>>> It sounds to me like you read a few articles on the Internet and are
>>>> extrapolating wildly.
>>>>
>>>> Truth time: Every machine I run could be more secure, so could yours.
>>>> Gasp! I've delivered mail using a UNIX domain socket... The server
>>>> wasn't BSD... the socket wasn't in /var.... and I didn't encrypt the
>>>> traffic! I am hosed!
>>>>
>>>> Seriously, I should just unplug our datacenter and go home, right?
>>>> Security is important, but isn't the only concern/constraint people
>>>>         
>> have
>>     
>>>> to deal with. Performance, scalability and budget are also very common
>>>> ones. Try to be more understanding, asserting your dominance does not
>>>> impress us. A timely, helpful and informative post always impresses
>>>>         
>> me.
>>     
>>>> Predrag Punosevac, I wish you well. I'll buy you a beer at the next
>>>> happy hour if you please promise to do better (be nicer) next time you
>>>> post.
>>>>
>>>> Thanks,
>>>> Shawn
>>>>
>>>> - --
>>>> Shawn Nock (OpenPGP: 0x5E377505)
>>>> University of Arizona
>>>> nock at email.arizona.edu
>>>> -----BEGIN PGP SIGNATURE-----
>>>> Version: GnuPG v1.4.7 (GNU/Linux)
>>>>
>>>> iD8DBQFG/Gt7PAYipF43dQURAmNgAJ9uDpFqM9wkz3Cgx7CmqlK8uiOsuQCeMBNE
>>>> vkRDi4PsIx59R4ZvR2OWUWk=
>>>> =vcEy
>>>> -----END PGP SIGNATURE-----
>>>>
>>>> _______________________________________________
>>>> Tucson Free Unix Group - tfug at tfug.org
>>>> Subscription Options:
>>>> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>>>> _______________________________________________
>>>> Tucson Free Unix Group - tfug at tfug.org
>>>> Subscription Options:
>>>> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>>>>         
>>>
>>> --
>>> Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
>>>
>>> _______________________________________________
>>> Tucson Free Unix Group - tfug at tfug.org
>>> Subscription Options:
>>> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>>>
>>>       
>>
>> --
>> FreeBSD v.1.4 (beta)
>> ASUS P5N32-SLI Premium
>> Intel Core 2 Duo 6600
>> dual eVGA 7900 GT OCs (full x16 SLI)
>> 2 gigs DDR2 PC2-6400 (OCd to 866MHz)
>> 250 gig RAID 1 (mirroring)
>> custom Liquid cooling :)
>> four 17" CRTs (uber widescreen)
>> 7.1 surround sound (296 watts)
>> one happy gamer
>> _______________________________________________
>> Tucson Free Unix Group - tfug at tfug.org
>> Subscription Options:
>> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>> _______________________________________________
>> Tucson Free Unix Group - tfug at tfug.org
>> Subscription Options:
>> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>>
>>     
>
>
>
>   





More information about the tfug mailing list