On Tue, Feb 19, 2002, Aviram Jenik wrote about "Re: I like a good challenge [was: sendmail relay problem]": > > easily. exploit one of the gazillion holes in explorer, spoof ips on ur > > network, sniff non-encrypted or low encrypted windows passwords, send u a > >greeting card with sub7 in it, so there u r. > > Ok, I love a good challenge. Lets see if you can break into the one I'm > using now.
What is this - a "whose is longer" contest? :) I know that both of you know a thing or two about computer security, but you're arguing now like children ;) Surely, if your windows computer simply blocks all packets sent to it (read: no open connections), there will be no way to crack it. But that is meaningless, Aviram, and you surely know it. The question is whether you can do useful stuff on your internet-connected Windows machine and still prevent it, with 100% certainty, from being cracked. Sure, the biggest and largest security holes come from running servers on your machine. So you don't run them. But even if you don't run *any* server, only clients, on your machine you're not scott free. Are you running an ICQ client on your machine? Then you should know that all versions of Mirabilis' ICQ except the last one had a remotely exploitable bug. Are you running an ssh client with X forwarding on your machine? If so, breaking into the remote machine will result in breaking into yours. You can also be sent an email with a virus and/or backdoor. And the list goes on, and on, and on. The more things you do on your machine, the more tricks a cracker can use against you. More tricks are discovered all the time. Some appear on bugtraq (which I'm sure you subscribe to), but some don't, or appear there after some delay. And if you *intentionally* run servers on your machine and let various people log in (which is what many of us low-budget people do on Internet-connected machines we don't have physical access to - we have no choice), the list of bases to cover is *huge*, and it's very hard to keep track of all of them. You'd have to be very cocky to claim that your system is 100% secure. Maybe it's 99% secure. Maybe it will take a team of 10 crackers a month to crack it. But why tempt fate - did you have a team of 10 security experts check that system for a month? I repeat: it's impossible to crack into a computer that is off and put, unconnected, in the middle of a room. This is the only A1 system I know. On the other extreme, it is trivial to crack into a computer that has a telnet server saying "login as 'bush' password 'devaluation' for a free root account!" and the matching account. Security is about a tradeoff between those two extreme. Letting legitimate users do as many as possible things and keeping ilegitimate users from doing all other things. Physical (non-computer) security is very similar. Nobody can assasinate a prime-minister if he's kept locked up in his apartment with a platoon of loyal guards. But the more this prime-minister wants to do things, mingle with the citizens, go places, and so on, the harder it is to provide 100% security. Nobody will even try to claim that the US Secret Service or Israeli Shabak can provide 100% security. Unfortunately, we have a few examples of their failures. By the way, one of the biggest mistake an amateur sysadmin can do regarding internet-connected computer security is to adopt the "ocean of computers" thinking. This thinking goes something like this: "I don't have interesting target on my machine. No credit card numbers, no secret data to steal, and not even good porn to copy. So nobody will intentionally crack my machine - it could only happen at random, and what are the chances of that happening, with the ocean of computers out there to choose from?" Why is this thinking wrong? Well, even though there's only a small number of very talented crackers, there's a large number of "script kiddies" running automatic scripts written by those crackers. I've seen these things in action - they can take over thousands of computers in one afternoon. In one famous case, a machine with a known hole was plugged into the Internet, and 8 minutes later it was cracked. I've caught breakins into Internet-connected machines 3 times already (plus a 4th unsucessful attempt which I stopped in the middle), and all of them were fully automated, and yet *very* sophisticated (to the point that most sysadmins would not even notice the breakins). In the first cracking I saw, around 1995, I thought that it was so sophisticated, there must be some government behind it. But later I realized that it wasn't that difficult, actually, once you have the right tools. And these tools evolve at an alarming pace. In 1995 they were already lightyears beyond what most sysadmins today know about. -- Nadav Har'El | Tuesday, Feb 19 2002, 8 Adar 5762 [EMAIL PROTECTED] |----------------------------------------- Phone: +972-53-245868, ICQ 13349191 |"[I'm] so full of action, my name should http://nadav.harel.org.il |be a verb" -- Big Daddy Kane ("Raw", 1987) ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
