[NCLUG] how was I hacked?

Kevin Fenzi kevin at scrye.com
Sun Jun 1 15:54:00 MDT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>>>>> "jbass" == jbass  <jbass at dmsd.com> writes:

jbass> Older machines with open SSL services are actively searched for
jbass> and exploited and since Redhat is only providing security
jbass> updates for the last two current releases, all machines running
jbass> something prior to 8.0 are targets.

Just worth noting that currently RedHat is supporting: 
7.1, 7.2, 7.3, 8.0, and 9

On 2003-12-31 all of those except 9 expire and become unsupported. 
So, right now, you can keep older releases up to date. 
After the end of the year you should expect to be running 9 (or 9.x or
10 or whatever). 
(see: http://www.redhat.com/apps/support/errata/)

jbass> Heck I net installed one machine this month that was scanned
jbass> and hacked in the hour or so before I got the updates
jbass> installed.

yeah, thats one reason we started making KRUD 
(http://www.tummy.com/krud/). 
<plug>
Since it has the updates already on the cd's for the install, the
machine is up to date as of the last cd right from install. 
</plug>

jbass> If your web server isn't very complex, you might consider using
jbass> TUX to serve it instead .... much less code, much easier to
jbass> security verify. Ditto for ftp. I will note that TUX ftp has a
jbass> 14 char password limit/bug that breaks apt-get and several
jbass> other things.

Yeah, moving to a more secruable application is great if you can do
it. 

kevin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8 <http://mailcrypt.sourceforge.net/>

iD8DBQE+2nX83imCezTjY0ERAs1zAJ9fKwCNnVpWjtevcNhbDGG0mo7XaQCfZDEO
tqx60JGapaeA87umklXYRDM=
=1WvM
-----END PGP SIGNATURE-----



More information about the NCLUG mailing list