what type of security patches should be installed on default installation as mentioned in question 2 ?
-------It's almost never the $100k router/switch/firewall.------ -------It's the $2 cable that some bozo unplugged. ------ Gaurav Understanding and falling in love - with Linux ----- Original Message ----- From: "Raju Mathur" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, August 31, 2002 7:00 PM Subject: [LIH] Re:Linux hacking Demo > >>>>> "Pankaj" == Pankaj Mishra <Pankaj> writes: > > Pankaj> Hi folks, Today I witnessed a demo by Microsoft gang of > Pankaj> hacking Linux (RH 7.3) Thru browser on a windows client , > Pankaj> a php file was sent to Linux thru browser and then > Pankaj> executed. After that a page appeared thru which command > Pankaj> can be executed on Linux. They copied the whole > Pankaj> /etc/shadow and tried to break the root password and > Pankaj> demonstrated breaking of root password within a minute. I > Pankaj> asked them how they are doing it and under what account > Pankaj> Apache was running. But they gave evasive replies. IS THIS > Pankaj> POSSIBLE !! I want to again get back to them and seek > Pankaj> their response. BUT PLEASE TELL ME FIRST IS THIS POSSIBLE > Pankaj> ? I want to do my homework first and then confront them. > Pankaj> IS IT POSSIBLE TO WRITE A FILE ON LINUX BY GIVING SIMPLE > Pankaj> PHP COMMANDS THRU URL? IS IT POSSIBLE TO EXECUTE THAT PHP > Pankaj> SCRIPT AND GET ACCESSS TO /etc/shadow. > > 1. Who had installed and configured the box? If MS, then this is just > a big joke. > > 2. Had security patches been installed? > > 3. Why was PHP running? What application? Was it the newest verion > of the application? > > 4. Basically sounds like lots of MS cra^H^H^H FUD to me. > > And to answer your question, yes, anything is possible. If you have > time, resources and intelligence you can crack into just about any box > in the world. MS just makes it a bit easier for people to get into > their own boxes. They are probably believers in open systems -- wide > open. > > -- Raju > > Pankaj> Please reply fast. Punkuz > > -- > Raju Mathur [EMAIL PROTECTED] http://kandalaya.org/ > It is the mind that moves > > > ------------------------------------------------------- > This sf.net email is sponsored by: OSDN - Tired of that same old > cell phone? Get a new here for FREE! > https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 > _______________________________________________ > linux-india-help mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/linux-india-help > ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ linux-india-help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/linux-india-help
