484 lines
20 KiB
Plaintext
484 lines
20 KiB
Plaintext
|
|
- - - - - - - - -
|
|
|
|
Subject: Re: SunOS ?
|
|
From: digital (Patrick K. Kroupa)
|
|
Message-ID: <2VLo3B9w165w@mindvox.phantom.com>
|
|
References: <ciko3B2w165w@mindvox.phantom.com>
|
|
Date: Tue, 27 Apr 93 16:10:24 EDT
|
|
Organization: [Phantom Access] / the MindVox system
|
|
|
|
ian (Ian Bainbridge) writes:
|
|
|
|
>
|
|
> What's happening with SunOS? I heard from a friend that netcom
|
|
> crashed and their entire password file is gone, Bob Rieger who is known
|
|
> for being more then a little crazed is threatening to sue everyone in
|
|
> sight, the World was down for the night, its almost like every Sun system
|
|
> is going offline did a virus go off?
|
|
|
|
Nah, <Take 300: SunOS Kernel Melodrama, Act: II, Scene: 3 -- ROLL!>
|
|
|
|
[PoWeRwEEnie]: Hmmmmm, say, I just realized . . . if you chown a shell
|
|
that has SUID set to daemon and then type sync 18 times in a row between
|
|
the hours of 3 and 3:14 GMT, this will cause a kernel page fault failure
|
|
that lets me link /usr/lib/.xAjdfaixX-idfsd into the heat sink, and all I
|
|
need is half a tube of toothpaste, some dental floss, and a partially
|
|
congealed can of gcc AND I AM R()oT!@# This also makes NN wake up and
|
|
realize that it's being held in thrall by countless fingers typing boring
|
|
shit, but now it is FREED to dance madly and leap about and frolic amongst
|
|
the ASCII and escape from the drivel that is usually force fed through its
|
|
electronic gullet and, hmmmmm, gosh, it's just SO OBVIOUS! And NOW I HAVE
|
|
**THE POWER!** Muhahahahahahah, except, right now . . . I have to go watch
|
|
Dr. Who, this is the one with the sand people who roll across the desert
|
|
in garbage pails, and its supplies a beautiful metaphor for human existence
|
|
and its relation to Surface Mounted Devices.
|
|
|
|
[Sun]: There aren't any problems we're aware of!
|
|
|
|
What happens and what it means: Having shell on any Sun right around
|
|
now, also means you have root on it. This can range from being sorta
|
|
annoying, to super_bad, depending on whom the users are. On a public
|
|
access unix, its probably NOT a real good thing. Most public access unix's
|
|
run offa Suns. Sun will enter denial, seek therapy when a fire is lit
|
|
under its ass by a growing number of progressively crazier and angrier
|
|
people, and in a month or so A NEW PATCH will quietly appear on the Sun ftp
|
|
site. In 5 months CERT will post a PRIORITY NETWORK EMERGENCY UPDATE!@#!#@
|
|
and some time in 1997 this hole will be used to crack Shiabatsu
|
|
Pharmaceuticals in Tokyo and a 14 year old will download the secret of
|
|
immortality and trade it to Bill Gates for a lifetime supply of 3do carts.
|
|
|
|
Translated: Kernel's broke, if it needs source code to fix it, chaos will
|
|
ensue for a while. If it doesn't, a SECRET PATCH will be distributed
|
|
through the usual suspects, the SECRET PATCH will hit cookbook format in
|
|
another 3-5 months and propagate to CERT, where everyone will run around
|
|
in little circles for a while, and those so predisposed, will wreak havok.
|
|
Then it'll all die down and be forgotten for a while until 6 months later
|
|
when Eugene stares at the ceiling and goes, "hmmmmm, now what if . . ."
|
|
|
|
This has no direct effect on Vox since (drum roll) nobody has shells
|
|
except for those pesky people who keep deleting utmp and making secret
|
|
hidden directories that have to be fsck'd out, but besides us, them,
|
|
the Secret Service's back door, and the various daemons that eat processes
|
|
at random when they aren't killing each other, everything is just fine unless
|
|
SOME PEOPLE "secure" ftp at 3am in response to WhEREZ ftPP!!!????!?!?!?!?!
|
|
I WILL DIE WITHOUT WAReZ!!!@#!!!!
|
|
|
|
And so the world turns. Objectively speaking its all pretty amusing --
|
|
Subjectively speaking, after too many hours, it attains the same kinda
|
|
entertaining quality that all of life has when you don't sleep
|
|
anymore, because nothing is really real, except this cigarette which has
|
|
gone out, and AC/DC playing BIG BALLS on a beat up tape machine, although
|
|
I s'pose that really soon now the Sensitive Save The Rain Forest people
|
|
from next door will knock upon ours and let us know that we're drowning out
|
|
the Soothing Strains of New Age music. Ahhh well.
|
|
|
|
Patrick
|
|
|
|
- - - - - - - - -
|
|
|
|
Subject: Re: SunOS ?
|
|
From: enzyme (David Pincus)
|
|
Message-ID: <3iPo3B2w165w@mindvox.phantom.com>
|
|
Date: Tue, 27 Apr 93 17:29:01 EDT
|
|
In-Reply-To: <2VLo3B9w165w@mindvox.phantom.com>
|
|
Organization: [Phantom Access] / the MindVox system
|
|
|
|
pat, it's getting scary, I understood you, now i know I'm really ready for MIT
|
|
|
|
- - - - - - - - -
|
|
|
|
Subject: Re: SunOS ?
|
|
From: stimpy (Matt Holdrege)
|
|
Message-ID: <4aso3B1w165w@mindvox.phantom.com>
|
|
References: <2VLo3B9w165w@mindvox.phantom.com>
|
|
Date: Tue, 27 Apr 93 18:29:02 EDT
|
|
Organization: [Phantom Access] / the MindVox system
|
|
|
|
digital (Patrick K. Kroupa) writes:
|
|
|
|
> And so the world turns. Objectively speaking its all pretty amusing --
|
|
|
|
Being objective myself, it's downright hilarious.
|
|
|
|
|
|
Stimpy@mindvox.phantom.com
|
|
"I am what I am and that's all that I am" - Popeye the sailor man
|
|
|
|
- - - - - - - - -
|
|
|
|
Subject: Re: SunOS ?
|
|
From: paulk (Paul Kerrios)
|
|
Message-ID: <5c0o3B3w165w@mindvox.phantom.com>
|
|
References: <4aso3B1w165w@mindvox.phantom.com>
|
|
Date: Wed, 28 Apr 93 00:37:27 EDT
|
|
Organization: [Phantom Access] / the MindVox system
|
|
|
|
stimpy (Matt Holdrege) writes:
|
|
|
|
> digital (Patrick K. Kroupa) writes:
|
|
>
|
|
> > And so the world turns. Objectively speaking its all pretty amusing -
|
|
>
|
|
> Being objective myself, it's downright hilarious.
|
|
|
|
Agreed, nice summary of the Sun "patch process" :-)
|
|
|
|
|
|
|
|
//=======================================\\
|
|
Paul Kerrios /=/ Society has made me what I am today. \=\
|
|
\=\ Ok so maybe I just watch too much TV! /=/
|
|
\\=======paulk@mindvox.phantom.com=======//
|
|
|
|
- - - - - - - - -
|
|
|
|
Subject: Re: SunOS ?
|
|
From: chemist (The Chemist)
|
|
Message-ID: <i23q3B5w165w@mindvox.phantom.com>
|
|
Date: Thu, 29 Apr 93 00:16:05 EDT
|
|
In-Reply-To: <uXVq3B6w165w@mindvox.phantom.com>
|
|
Organization: [Phantom Access] / the MindVox system
|
|
|
|
|
|
It's a spooky week, SunOS is fucked badly by something wicked. Cruising
|
|
some pubic access sites they are shitting in their pants, you guys are
|
|
lucky you don't run shells :)
|
|
|
|
Still no fixes from "the usual suspects"? :)
|
|
|
|
|
|
-tC
|
|
|
|
- - - - - - - - -
|
|
|
|
Subject: Re: what the fuck is going on?
|
|
From: ian (Ian Bainbridge)
|
|
Message-ID: <1Rqo5B2w165w@mindvox.phantom.com>
|
|
Date: Sat, 05 Jun 93 15:03:11 EDT
|
|
In-Reply-To: <gDPo5B1w165w@mindvox.phantom.com>
|
|
Organization: [Phantom Access] / the MindVox system
|
|
|
|
What I never understood was why it always comes down to this handful of
|
|
people who number less then 100 who between them can never get along,
|
|
spend their time calling each other names and stealing each others
|
|
programs, invading their systems and between them deciding what 100,000's
|
|
people get to do with their online time or not.
|
|
|
|
I don't care for PSI more then the next guy, but i find it impossible to
|
|
understand why all of you act this way from the 14year old loose cannons
|
|
all the way to Gene Spafford and his ilk who perpetuate this veil of
|
|
secrecy and mystery around everything and make people want to go to war
|
|
over these toolkits that don't do anything except destroy systems.
|
|
|
|
Can you imagine how much better everything would work on the internet
|
|
right now, nevermind the internet on Vox itself if the people running it
|
|
weren't spending god knows how much time making sure that someone else
|
|
isn't going to destory the system.
|
|
|
|
If all of you made the tools available to all, it would solve things so
|
|
much faster.
|
|
|
|
|
|
ian #################
|
|
@ #Ian Bainbridge #
|
|
mindvox. # ###############################################
|
|
phantom. # I am not responsible for my opinons, I don't know or care! #
|
|
com ###############################################################
|
|
|
|
- - - - - - - - -
|
|
|
|
Subject: Re: what the fuck is going on?
|
|
From: mycroft (Keith Kushner)
|
|
Message-ID: <iiuo5B2w165w@mindvox.phantom.com>
|
|
Date: Sat, 05 Jun 93 16:23:53 EDT
|
|
In-Reply-To: <DVTo5B1w165w@mindvox.phantom.com>
|
|
Organization: [Phantom Access] / the MindVox system
|
|
|
|
The truth is that Al Gore, Janet Reno, the FBI, SS, and DEA are behind it
|
|
all. Using government computers they're engaged in a campaign of hacking
|
|
into every system they can (remember, Khoresh had a fairly sophisticated
|
|
computer system) preparatory to issuing warrants for them, using the
|
|
usual excuses of "child porn," "copyrighted software," "AT&T secrets,"
|
|
"National Security," or "Instructions on how to make fireworks," not to
|
|
mention planting files for their Gestapo to "find."
|
|
|
|
Ultimately, their plan is to confiscate several billion dollars worth of
|
|
equipment, and force whatever systems still exist afterwards to allow
|
|
the government free access through backdoors to all of them.
|
|
|
|
- - - - - - - - -
|
|
|
|
Subject: Re: what the fuck is going on?
|
|
From: kieran (Aaron Dickey)
|
|
Message-ID: <V9uo5B2w165w@mindvox.phantom.com>
|
|
References: <1Rqo5B2w165w@mindvox.phantom.com>
|
|
Date: Sat, 05 Jun 93 16:39:42 EDT
|
|
Organization: [Phantom Access] / the MindVox system
|
|
|
|
ian (Ian Bainbridge) writes:
|
|
|
|
> I don't care for PSI more then the next guy, but i find it impossible to
|
|
> understand why all of you act this way from the 14year old loose cannons
|
|
> all the way to Gene Spafford and his ilk who perpetuate this veil of
|
|
> secrecy and mystery around everything and make people want to go to war
|
|
> over these toolkits that don't do anything except destroy systems.
|
|
>
|
|
> If all of you made the tools available to all, it would solve things so
|
|
> much faster.
|
|
|
|
::clap clap clap:: Hurrah and amen, ian! I too am tired of the faux
|
|
"el33tness" that's pervading the Net to the point where you can't even get
|
|
a straight answer to a question asked on alt.irc. Nobody cares about
|
|
"freedom of information"; they just don't want the holes plugged up so
|
|
that they can keep on playing their games and taunting others with "I know
|
|
more than YOU do, nyah!"
|
|
|
|
|
|
-----------------------------------------------------------------------------
|
|
Aaron Dickey
|
|
Internet: kieran@phantom.com, adickey@muvms6.mu.wvnet.edu
|
|
-----------------------------------------------------------------------------
|
|
Remember Catherine Cornelius!
|
|
Reno in '96!
|
|
|
|
- - - - - - - - -
|
|
|
|
Subject: The SkYie is Fawling
|
|
From: digital (Patrick K. Kroupa)
|
|
Message-ID: <TT5o5B1w165w@mindvox.phantom.com>
|
|
Date: Sat, 05 Jun 93 20:06:40 EDT
|
|
In-Reply-To: <mq4o5B2w165w@mindvox.phantom.com>
|
|
Organization: [Phantom Access] / the MindVox system
|
|
|
|
|
|
Ummm . . . "the underground" is a lot like any other underground, it's not
|
|
BLATANT; it's subtle. Obtaining "wArEz" that do neat trix, is sorta analagous
|
|
to buying drugs. Obviously you can buy them anywhere, but there's a very wide
|
|
spectrum of gradiation beween scoring a nickle bag and setting up a deal for
|
|
200 kilos of heroin. The former is not such a big deal, while people kill each
|
|
other over the latter.
|
|
|
|
You can grab password hackers, various utilities, toys, shit like that,
|
|
from half a dozen ftp sites; sometime in the near future we'll put a lot of it
|
|
online, it's pretty much public domain and all of 'em do shades of the same
|
|
thing.
|
|
|
|
Toolkits are . . . a little different, basically if they do things which
|
|
are useful, they tend to contain proprietary source code which does not belong
|
|
to you; in fact it usually belongs to corporations who make a living by selling
|
|
workstations and operating systems to clients who purchase their equipment with
|
|
the intent of using it for something other than playing hide and seek with
|
|
people on a mission from god -- these same people frequently run very large,
|
|
expensive networks, full of important and confidential information about such
|
|
secrets of the universe as their forthcoming NEW KIND of dogfood, that can be
|
|
cracked when you apply 4 year old holes out of CERT SECURITY UPDATES.
|
|
|
|
Keeping all this in mind, these other people who sell the systems, like
|
|
oh, say for example Sun and AT&T, have this strange habit of becoming
|
|
hysterical when their source code floats out over the net and start calling
|
|
THEM and shouting about felonies. And then PeOple who don't make their saving
|
|
throws can g() 2 Jayle.
|
|
|
|
All sorts of neat tangents and facets and curves and angles and things
|
|
also get mixed into this equation, which have big names like corporate
|
|
espionage, but actually narrow down to much simpler concepts like: WE HATE YOU
|
|
AND WANT TO EAT YOUR LIFE.
|
|
|
|
Wars are about all the usual highly important things that all wars are
|
|
about -- which is to say; politics, idealogy, and most especially, who is a
|
|
lame fucking loser and who is the current stud-g0d of eunuchs.
|
|
|
|
Patrick
|
|
L0Do()m
|
|
-TKOS!-
|
|
(Apple)(Mafia)
|
|
-~/LorDs AnOnym0us/~-
|
|
[]Klaus Barbie [>oLls ElyTE[]
|
|
|
|
PS: I will trade all issues of CORE, the SunOS div/mul bug, 192 jpg's of Tra<i
|
|
L0rdZ, and copies of hose, ipbomb, and kill_irc; for one unused Life, still
|
|
in its original container with full instructions for use.
|
|
|
|
212 only (baud, not area code)
|
|
|
|
- - - - - - - - -
|
|
|
|
Subject: Re: C2
|
|
From: thug (Murdering Thug)
|
|
Message-ID: <RB7B0B1w165w@mindvox.phantom.com>
|
|
References: <L9gB0B1w165w@mindvox.phantom.com>
|
|
Date: Sat, 04 Sep 93 00:58:14 EDT
|
|
Organization: [Phantom Access] / the MindVox system
|
|
|
|
tgitm (TGiTM Inc.) writes:
|
|
|
|
> I'm curious what otehrs impression of the C2 security module is.
|
|
> I know it's supposed to be "the best" security you can get but it seems to
|
|
> me all that it accomplishes is extensive logging and who is really going
|
|
> to plow through all those logs every day? I have a client who is just
|
|
> about on the brink of purchasing it and I was wondering what otehrs
|
|
> thought about it.
|
|
|
|
Who is going to plow through all those logs? Well, for one thing it
|
|
is easy to set up an agent program or expert system type filter to
|
|
scan the logs for suspicious stuff and then send e-mail to root or
|
|
sysadmin. I believe C2 classifies security breaches into several
|
|
levels, level 1 being something minor like attempting to read a
|
|
file without permission, to level 9 being something like the finding
|
|
of a SUID root shell in someone's directory during the nightly security
|
|
scan. It's all configurable anyway, so you can turn off various parts
|
|
of it.
|
|
|
|
In my opinion COPS + Tripwire + tcpwrappers does a very decent job against
|
|
99.9999% of the hackers out there. Also, if you prevent access to a
|
|
shell by implementing a menu system, you're preventing hackers from
|
|
using the compiler to try out various holes as well.
|
|
|
|
I feel that COPS + Tripwire + tcpwrappers + no shell access + secure sendmail +
|
|
no fingerd + no ftpd = as close to 100% secure Unix as you will
|
|
likely ever obtain.
|
|
|
|
|
|
Thug
|
|
|
|
|
|
##############################################################################
|
|
# Murdering Thug #
|
|
# thug@mindvox.phantom.com #
|
|
##############################################################################
|
|
|
|
- - - - - - - - -
|
|
|
|
Subject: Re: C2
|
|
From: gjb (Gregory J. Brail)
|
|
Message-ID: <6LTF0B1w165w@mindvox.phantom.com>
|
|
References: <L9gB0B1w165w@mindvox.phantom.com>
|
|
Date: Mon, 06 Sep 93 00:14:04 EDT
|
|
Organization: [Phantom Access] / the MindVox system
|
|
|
|
tgitm (TGiTM Inc.) writes:
|
|
|
|
> I'm curious what otehrs impression of the C2 security module is.
|
|
> I know it's supposed to be "the best" security you can get but it seems to
|
|
> me all that it accomplishes is extensive logging and who is really going
|
|
> to plow through all those logs every day? I have a client who is just
|
|
> about on the brink of purchasing it and I was wondering what otehrs
|
|
> thought about it.
|
|
|
|
Do you mean the "C2" security in SunOS 4.1.X? This is certainly not the
|
|
"best security you can get". In particular, it allows logging of everything
|
|
done on the system, which is a requirement to get a C2 certification. It
|
|
also makes it more difficult to read the encrypted passwords, which is
|
|
something any "secure" UNIX ought to do anyway. Of course, it's still pretty
|
|
easy to read the passwords if you use NIS unless you take precautions.
|
|
|
|
Regardless, installing any "security enhancement" package won't get you
|
|
better security unless your administrators and security-types actually
|
|
monitor what's going on with the system and do stuff like check if sensitive
|
|
files have been modified or looked at, and look for other suspicious stuff.
|
|
If your systems are connected to a network, you have a lot more suspicious
|
|
things that can happen. And you must keep up with your OS vendor you can
|
|
install any security-related bug fixes they make available.
|
|
|
|
Incidentially, "C2" is one of the security ratings established by the
|
|
National Computer Security Center (?) (NCSC). To get such a rating, the OS
|
|
must provide some features (and a few the Sun "C2" package doesn't give
|
|
you). The NCSC must also examine the system and decide if it qualifies. To
|
|
my knowledge, Sun's "C2" package has not been examined by the NCSC, so it
|
|
isn't really C2.
|
|
|
|
Some vendors provide B1- or B2-level UNIXes, which are considerably more
|
|
security, although I imagine they're more difficult to use. The highest
|
|
possible security rating is A1, which means that every piece of the system
|
|
has been rigorosly proven to be free of security holes. No existing
|
|
operating systems meet this criteria.
|
|
|
|
greg
|
|
|
|
- - - - - - - - -
|
|
|
|
Subject: Re: C2
|
|
From: tgitm (TGiTM Inc.)
|
|
Message-ID: <yNVF0B3w165w@mindvox.phantom.com>
|
|
Date: Mon, 06 Sep 93 00:58:21 EDT
|
|
In-Reply-To: <6LTF0B1w165w@mindvox.phantom.com>
|
|
Organization: [Phantom Access] / the MindVox system
|
|
|
|
I wasn't referring to the C2 that Sun provides, sorry if that was
|
|
misleading. I simply meant getting the sytem to meet C2 certification. I
|
|
realize that it is necessary to have a full-time security person to keep
|
|
things tight but when you do security contracting a lot of companies will
|
|
only hire you for a checkup once in awhile. Thus it is up to the security
|
|
you've installed to hold its own with basically stupid admins until the
|
|
next time they decided to dish out the $ to you. I have only had
|
|
occasional problems(very rarely) where someone has penetrated a system I
|
|
have finished securing but that is to be expected in a field that changes
|
|
as fast as security does. I guess my original question was what everyone
|
|
thought of C2 certified systems as far as ease of use and securitwise.
|
|
|
|
|
|
#kill all
|
|
#exit
|
|
|
|
- - - - - - - - -
|
|
|
|
Subject: Re: what the fuck is going on?
|
|
From: scott (Scott D. Yelich)
|
|
Message-ID: <9c3oBc2w165w@mindvox.phantom.com>
|
|
References: <aZ9q5B1w165w@mindvox.phantom.com>
|
|
Date: Tue, 19 Oct 93 21:08:43 EDT
|
|
Organization: [MindVox] / Phantom Access Technologies / (+1 800-MindVox)
|
|
|
|
stimpy (Stimpson J. Cat) writes:
|
|
> It takes intimate knowledge of the operating system and network to truly
|
|
> lock out a hacker. It also takes strict policies on passwords, protections
|
|
> and such.
|
|
|
|
It's virtually impossible to lock out a determined hacker if your hosts
|
|
are connected to a network.
|
|
|
|
Scott
|
|
|
|
- - - - - - - - -
|
|
|
|
Subject: Re: what the fuck is going on?
|
|
From: thug (Murdering Thug)
|
|
Message-ID: <6uLacc1w165w@mindvox.phantom.com>
|
|
References: <owkacc3w165w@mindvox.phantom.com>
|
|
Date: Sun, 31 Oct 93 11:19:28 EST
|
|
Organization: [MindVox] / Phantom Access Technologies / (+1 800-MindVox)
|
|
|
|
inf (tom crimi) writes:
|
|
|
|
> Security is barly existant today and will only get less so tomorrow.
|
|
> The only place where ideas and thoughts are secure today is in your brain
|
|
> (assumming noone tortures it out of you). As soon as you speak, type,
|
|
> draw or write it out it's already insecure.
|
|
> One great thing for security is AI. But AI could evetually be fooled or
|
|
> what if the AI spies on you :).
|
|
|
|
Computer security today is a fucking joke. Even the companies who are supposed
|
|
to have the toughest security (TRW, Lockheed, Grumman, etc..) were all broken
|
|
into by teens from groups like MOD & LOD.
|
|
|
|
True computer security may only be obtained with the intelligent use of
|
|
cryptographic technology. This would include encrypted file systems,
|
|
kerberos-style login authentication, and AI programs which would monitor
|
|
_everything_ that is logged for suspicious activity.
|
|
|
|
That type of system is several orders of magnitude more secure than anything
|
|
in use by the Fortune 500 today.
|
|
|
|
|
|
Thug
|
|
|
|
|
|
##############################################################################
|
|
# Murdering Thug #
|
|
# thug@mindvox.phantom.com #
|
|
##############################################################################
|
|
|
|
- - - - - - - - -
|
|
|