On Thu, 11 May 2000, Miss Yvette Seifert Hirth, CCP, CDP wrote:
> Our technical contact called me this morning and told me that we were
> hacked. Our news server was sending out some Hindu newspaper. Apparently,
> some Indian nationals hijacked our news port.
>
> Does anyone know of any news port susceptibilities? We're BSD Unix,
> methinks I'll keep our versions and such private for now.
Using Netwin DNEWS? INN hasn't had a vulnerability listed since 1999.
This depends on whether or not they compromised your news daemon. What
other services/open ports are on the system?
> BTW, we ran that free script, "Shields Up" GRC.COM, not more than a month
> ago. It gave us flying colors; it said we were "very secure". With all due
> respect to the author, "ya get what ya pay for".
You should be aware of what your vulnerability assessment software is
assessing, before you blithely accept its results.
--
-- John E. Jasen ([EMAIL PROTECTED])
-- You can have it: right; cheap; now. Pick any two.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
