* Al Sparks <[EMAIL PROTECTED]> writes:
> Actually he has a point.
No. A spot. And a very weak one, too.
> The SANS conference I attended last year included a demonstration of
> how sites are broken into.
Woah! Evil h4X0rs abound!!!1 I can almost see it here before me:
SANS: "Al, this is $SITE. $SITE, this is Al."
Al: "Hi, $SITE!!!"
SANS: "Now, now, let's not get overexcited. OK, so, here is $PORTSCANNER."
Al: "Ummmmmm..."
SANS: "Do you copy, Al?"
Al: "Errrrrrrrrr... Yeah, like, sure!"
SANS: "OK, so we take this portscanner and break into this site, OK."
Al: "Cool!!! Can /I/ do it?"
SANS: "Ummmmm... Errr..."
[...]
> The first thing the presenters did was give a talk about researching
> your target. One thing they like to do is do searches in technical
> lists (e.g. [EMAIL PROTECTED]) for the target�s domain name or even
> the name of a known sysadmin.
Gee, thanks, Al. Like, *REAL* news here. However, having read
http://www.securityfocus.com/templates/forum_message.html?forum=2&head=5144&id=5144
you might consider LARTing yourself and cease posting semi-digested
knowledge.
> They use this technique to get clues on the architecture of their
> target, and of course a lot of queries on this list will lay out
> exactly what the architecture is.
Here you go, Al: http://cr.yp.to/ - happy hacking... Who knows, being a
real serious security D00d3, you might even find a remote hole in qmail
and OpenBSD and get famous.
> I don�t use my employer�s hostname when sending email on this list for
> that reason; though that�s about the only obfuscation I�m using.
Al, do you know what a port scanner is? It's, like, you know, an EVIL
h4X0r t00!. I don't need your employer\222[1]s name. If I'm bored enough
(and given the situation of Joe Random Highschool Luser, I would be),
I'll find it sooner or later. man pingsweep.
> I�ve been around the net long enough (worked at a University when the
> net was run by DARPA; pre-web days) to bemoan the fact that finger
> daemons were having to be disabled because they were used as a way to
> collect spam targets.
Oh. I see. So you're one of the samples collected in
http://www.sans.org/newlook/resources/errors.htm that led to "Number
One".
> This is another example where people are having to be less open.
Yeah, right. If, however, you take a look at http://www.sans.org/topten.htm,
you'll see that your real problems lie elsewhere.
Footnotes:
[1] Hint: that "'" thingy is not an accent.
--
Robin S. Socha, Bastard Consultant From Hell <http://socha.net/>
