Re: lighting---hacked!

From: Clayton D. Strand (cdstrand@lazotech.com)
Date: 05/10/02


From: Clayton D. Strand <cdstrand@lazotech.com>
Date: Fri, 10 May 2002 17:21:29 GMT

On Fri, 10 May 2002 01:24:30 +0000 (UTC), anderson@facstaff.wisc.edu
(Jess Anderson) wrote:

(( cuts ))

>still less removing ones you had in place, *is* irresponsible,
>from a system-administration point of view.

We actually took several countermeasures, I think. Ipchains are not
the only possible security measure one might take. I would agree
that "irresponsible" is a better description of the conscious decision
I made to turn off ipchains which we have only been running for about
six months previous without recent security breaches, than
"inadequate", but I have never defended the decsion. I originally
posted my article as a warning and, if I might note, for advice on
what the heck was the problem (which I think I have found myself).

(( cuts ))

>>Linux has gotten worse and worse to install with every new
>>release, from my experience.
>
>By any reasonable standard, this claim is patently untrue. On
>the contrary, installation of Linux systems has very likely
>never been easier than it is now; each new release of the major
>distributions in recent years has included installer
>improvements, some of them major. Maintaining the system with
>with security updates has also gotten easier, as has the task
>of being informed about new exploits as they are discovered.

Well, I appreciate your opinion, but, as I said, "from my experience".
Yours, of course, may differ. Each time I have installed it though,
using a text based install...it has gotten more difficult. I'd like
to point out that a GUI interface without documentation can be
difficult, if not downright misleading.

Take, in particular, the installation of ipchains, which is what
started all this (I think I have reconstructed what occurred...)

1. type setup from root
2. select firewall configuration with an arrow key; enter
3 tab to the button which says something about changing the service;
    enter
4. tab to the customize button, enter
5. select the services you want to allow
     from the list,
6. tab to OK and enter
7 tab to OK and enter

And hitting the button to save (entitled "ok", I think), exit setup.

>From the GUI interface and what documentation I had (the instructions)
all seems well...but, is it?

This is what is annoying and was at the root of the problem we had,
which I have finally discovered. This is really the first time I've
had something like this occur during installation, and it is part of
what has made this, so far, a bad experience.

Where is this documented? Actually, some kind soul who read what I
was writing here on this very newsgroup pointed me in a direction from
which, after searching, I found what had occurred. I still haven't
seen any real documentation on it, or what I would call real
documentation. (Select this option to do that, etc. etc. etc.),
rather I was able to see what occurred by following the rote
instructions written on the web without real explanation why one
should do what is said, and noting how they differed from what I
(logically, I think) did.

(( cuts ))

>It's especially unfortunate, I think, that your response to
>valid criticisms has tended to put you in a defensive posture.
>It's perhaps understandable, but it works against your own
>interests, ultimately.

You and I generally differ regarding what constitutes a valid
criticism, I think, but that's ok.

(( cuts ))

>Then one day, I don't know why, but for some reason I looked at
>my passwd file and -- oh no -- there was a user account I
>hadn't created. "This cannot be," I thought, but it was. What a
>sinking feeling that is. It was dumb luck that I found it only
>a couple hours after it happened.

Oh, I'm generally pretty easy going about this sort of thing. I could
regale you with stories about security breaches over the years.
Personally, I think hacking is part of being in public, rather like,
in medieval times, when walking down a public street at one time or
another, one might have a bucket of this or that dropped on you,
purposefully or not.

(( cuts ))

>That woke me up, because now I knew that the only seriously
>effective remedy is scrupulous examination of data files from
>trusted backups to make *sure* they're not infected with
>anything and otherwise to reformat all writeable drives and
>reinstall the operating system from CD-ROM, using no binaries
>of any kind from the previous installation, then adding all
>updates and recompiling from source anything you've added to
>the base operating system, not with source code you had already
>but rather newly obtained from trustworthy places.

This is what we have done twice now, which is annoying but mostly the
price of being on the internet.

(( cuts ))

>People here have been on your case *primarily*, I believe, on
>account of your too-relaxed attitude about these matters. It's
>hard to take criticism, but it helps to be receptive to it,
>because it can be such a powerful learning experience.

Well, I try to be, but, as I have shown above, perhaps you can
understand what I have written.

(( cuts ))

Thanks for listening...and, oh yeah, there's another guy on this very
newsgroup who thinks installing software from the original disks after
something like this is, if I may paraphrase his words, "lazy and
stupid"...I am glad to see that some people do it the way I do...not
that his comment would have had any influence whatever on what I think
is probably a good idea, rather that I know some people know what good
procedures are all about.

Regards,

Dave
cdstrand@lazotech.com
http://www.cdstrand.com



Relevant Pages

  • Re: Finding installed package files
    ... for making installation information more easily accessible? ... >> somewhere where more information about the key parts of the package ... >> As an example I installed the latest Python on Fedora 3. ... what one would expect is a form of help documentation much more integrated ...
    (alt.os.linux.redhat)
  • Re: Finding installed package files
    ... > you appear to want is a file that lists executables and documentation. ... contains links to the most important information about the installation. ... > doubt others could finesse the command. ... I do understand that rpm has many options that tell me about a package. ...
    (alt.os.linux.redhat)
  • Re: Can extra processing threads help in this case?
    ... computers installed in the White House. ... after the installation, hordes of NSA-types descended on the White House to track down the ... This is yet a different form of physical security: the early "smart cards" had encryption ... Bandwidth for connected servers, the path of the data, ...
    (microsoft.public.vc.mfc)
  • Re: Software Distribution Service 3
    ... to a checkpoint prior to that installation. ... to restore prior to the checkpoint before this Windows Update was applied I ... your best bet would be to open a free support incident. ... security updates. ...
    (microsoft.public.windowsupdate)
  • Re: Idea to make package vulnerabilities not matter, along with third party software
    ... but they seem arrogant about security, ... FreeBSD contains such mechanisms, but as memory access ... The server doesn't run a GUI. ... installation won't continue. ...
    (freebsd-questions)