You wouldn't actually imply that hackers are out their providing a welcome
service do you? I can see if you asked for your network to be stress
tested, but to go as far as saying they provide a welcome service? Come on!
Yeah, they might have found a security whole, but oops, now the firewall
admin is out of a job. People should constantly strive to secure their own
boxen, we don't need hackers to do it for us.
>From: "A. L. Meyers" <[EMAIL PROTECTED]>
>To: Steve Rudd <[EMAIL PROTECTED]>
>CC: [EMAIL PROTECTED]
>Subject: Benign crackers?
>Date: Wed, 21 Feb 2001 08:21:02 +0100 (CET)
>
>-----BEGIN PGP SIGNED MESSAGE-----
>
>On Tue, 20 Feb 2001, Steve Rudd wrote:
>
> > Daniel Stark asked:
> >
> > At 01:53 PM 2/20/01 -0800, you wrote:
> > >How exactly did you get hacked? Did you leave security wholes large
> > >enough for a bus to drive through open? Open your inetd.conf file and
>#
> > >out everything! The only thing you need open is port 22. Others will
> > >disagree, but depending on what you server is used for, this should be
> > >your first step for security.
> >
> > Steve here,
> >
> > Several have voiced an interest in the hack. Well here is a guess and
>some
> > facts:
> >
> > THE HACK:
> > For those interested in the hack, I think it was the "Dameon worm" but
> > could not find any evidence of the trace files on my system. Here is
>what
> > happened:
> >
> > 1. I get a letter from "[EMAIL PROTECTED]" saying: "Urgent! Security
> > incident on your machine! Attrition.org is a non-profit, hobby web site
> > that monitors
> > computer crime on the internet. In the past few minutes, we
> > have been notified that your domain was hacked, and your web
> > page defaced. This means that the intruder has edited your
> > web page in some way. Due to this, it is quite likely that
> > one or all of the machines on your network are compromised.
> > You may wish to take immediate action to correct this problem
> > and respond to the intrusion."
> >
> > 2, I noticed my clock went forward maybe a day and had to reset it via
> > "date" command.
> >
> > 3. I notice a single page was changed: "index.html"
> >
> > Here is the code from that page:
> >
> >
> > <!-- BEGIN Naviscope Javascript -->
> > <script language='javascript'>
> > NS_ActualOpen=window.open;
> > function NS_NullWindow(){this.window;}
> > function NS_NewOpen(url,nam,atr){return(new
>NS_NullWindow());}
> > window.open=NS_NewOpen;
> > </script>
> > <!-- END Naviscope Javascript -->
> >
> > <html>
> > <head>
> > <title>..:: Quit Crew ::..</title>
> > </head>
> > <body bgcolor="#FFFFFF">
> > <center>
> > <OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"
> >
>codebase="http://active.macromedia.com/flash2/cabs/swflash.cab#version=4,0,0,0"
> > ID=devil WIDTH=731 HEIGHT=562>
> > <PARAM NAME=movie VALUE="qc.swf">
> > <PARAM NAME=loop VALUE=false>
> > <PARAM NAME=quality VALUE=high>
> > <PARAM NAME=bgcolor VALUE=#FFFFFF>
> >
> >
> > </OBJECT>
> > </center>
> > </body>
> > </html>
> >
> > =========
> > end code
> >
> > 4. I have noticed nothing other than these changes.
> >
> > So there you have it. I didn't even ever get to see what the flash was
>all
> > about it just loaded forever without anything. You know for all my
>trouble,
> > I should have at least got some free artwork!
> >
> > Steve
> >
> >
> > --
> > To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> > with a subject of "unsubscribe". Trouble? Contact
>[EMAIL PROTECTED]
> >
> >
>Dear fellow debianites,
>
>To dispel any doubts, I would not even know how to start a crack
>attempt.
>
>There seem to be more and more "benign" hackers and crackers on the web
>who might even be a "blessing in disguise". If all they do it crack
>sites without damaging anything and afterwards inform the sites, they
>might just be performing a very valuable service.
>
>My own experience is that no one believes he is vulnerable until he has
>experienced a real security breach or worse. People in general seem to
>prefer to remain blissfully unaware of internet security risks. Even
>pursuading clients to download pgp and use it to transfer confidential
>information encrypted is not easy.
>
>Best regards,
>
>Lucien Meyers
>
>-----BEGIN PGP SIGNATURE-----
>Version: 2.6.3ia
>Charset: noconv
>
>iQCVAwUBOpNsZYsavovzoIkNAQGLbAQAgjvixxb5CZuEQaso96iNTJCne9t3rVkN
>52r7aHqfvGSzHcA64KDWBMv/59aNLDa/OqggJrTdPVIwXAyXTjFbc2jpPEmLD3fk
>bsChFH3Zb0xAz537BBbpMRLeCcdvCHqQEyEDQB+WJz4mFt+8ET9N9xqnMIFCJ3Xn
>TsLjeB2SlhM=
>=XOB8
>-----END PGP SIGNATURE-----
>
>
>--
>To UNSUBSCRIBE, email to [EMAIL PROTECTED]
>with a subject of "unsubscribe". Trouble? Contact
>[EMAIL PROTECTED]
>
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
