hi list,
Forgive me for posting this on linux india help as it is more appropriate for
linux india general, but I feel that as an authorized user I have the right to
poke around in a system. In the course of poking around if I do find a
security hole/problem then it is my duty to contact the sysadmin and inform
him of it. There is a dividing line between poking around the system to see
the limits of what you are allowed and actually cracking into the system with
malice aforethought. for example the lynx exploit which was mentioned was
something which any authorized user should be allowed to try. it is the
sysadmin's fault if it succeeds, but it is also the user's duty to make the
sysadmin aware of this weakness. I feel that many people who found these
weaknesses shirked in that duty which caused VSNL to shutdown shell access.
If knowledgeable shell users had sent the sysadmins these exploits and also
detailed the means by which to plug the holes then I feel VSNL would not have
been able to so easily justify their arbitrary action in shutting down all
shell access.
What say you all
Please reply on linux-india-general if you are subscribed to it.
Cheerio
Robin
Suresh Ramasubramanian wrote:
> Thanks Manoj ... you put it succintly.
>
> Manoj Srivastava saw fit to inform LI that:
>
> > Appreciate how? I do marvel at his assumption that cracking
> > into someone elses machine would be condoned. And this was indeed
> > breaking and entry
>
> Besides which the hacks he most likely used are so old, they wouldn't have
> worked except that VSNL was running really outdated stuff. Plus, if this
> keeps going on, Linux will never shed the "script kiddies only" (not even
> "hackers only") image.
>
> Reminds me of what Chip mag wrote in their article on Linux (the issue in
> which the Redhat 6 cd came - was that Aug 99?)
>
> "You can recognize a linux user by his smelly jeans, rumpled hair and
> thick specs ....." - I won't say more, you can get the drift already.
>
> > UK> I am sure he never had any evil intentions and if he had any, he
> > UK> would never have come out in this forum sharing his
>
> Or rather he assumed that everyone does it to "learn about linux" and
> "become a sysadmin", and then requested me "not to throw him in
> jail". Funny, I didn't know I had any such powers - all I can do (and
> have done) is to fw the guy's post to VSNL (whose box he rooted) with a
> request to reprimand him (and get a written apology).
>
> > How can you be so sure? And just his presence was bad enough
> > -- did it (along with other intrusions like that) result in loss of a
> > shell account for lots of other people?)
>
> Plus the fact that a root shell is NOT the place for script kiddies to be
> in - the after effects are like letting an elephant into a rose garden
> sometimes.
>
> > machines, you join BUGTRAQ, you read books on security, and you look
> > at security related information on the net. You do not break into
>
> On the other hand, they read some of the kiddie warez and h4x0r sites, and
> get stupid ideas ... As an admin, I know about root shell exploits - and
> my only use of that knowledge is to prevent my boxes from being h4x0red.
> I don't go around breaking into every server I see (and have never done
> so - even when I first learnt about it).
--
_END_
Robin S Chatterjee Yahoo pager ID -Robinchatterjee
mailto:[EMAIL PROTECTED]
mailto:[EMAIL PROTECTED]
FAX 1-(815)550-6171
Robin's Poetry Pages
http://www.geocities.com/singerosongs
Robin's Perl Pages
http://www.geocities.com/robinchatterjee
-----------------------------------------------------------------------
For more information on the LIH mailing list see:
http://lists.linux-india.org/lists/LIH
