Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Fedora User (http://www.linux-archive.org/fedora-user/)
-   -   Seeing input on Securing the Linux system from intrusions and attacks. (http://www.linux-archive.org/fedora-user/25022-seeing-input-securing-linux-system-intrusions-attacks.html)

Tim 12-30-2007 08:55 AM

Seeing input on Securing the Linux system from intrusions and attacks.
 
On Sun, 2007-12-30 at 16:08 +0900, John Summerfield wrote:
> A little while ago, I bought a Thinkpad R40 at auction. It had Windows
> XP SP2 professional more-or-less installed, ready for me to provide a
> few personal details.

How confident were you that it wasn't trojaned already for you? It's
not the sort of thing I'd have much trust in.

--
[tim@bigblack ~]$ uname -ipr
2.6.23.1-10.fc7 i686 i386

Using FC 4, 5, 6 & 7, plus CentOS 5. Today, it's FC7.

Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.



--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

Craig White 12-30-2007 11:44 AM

Seeing input on Securing the Linux system from intrusions and attacks.
 
On Sun, 2007-12-30 at 17:53 +0800, Ed Greshko wrote:
> Tim wrote:
> > On Sun, 2007-12-30 at 08:03 +0800, Ed Greshko wrote:
> >> It was more than a year ago when I attempted to install a Windows 2000
> >> system directly connected to the internet. In fact, before the system
> >> was fully updated with security patches it had been compromised. I
> >> didn't time it, but it certainly was less than 30 minutes.
> >
> > That happened to a friend of mine. It was something like four seconds
> > after connecting to his ISP he got infected, despite my warnings about
> > putting a firewall on first. He didn't think he'd need it, he had
> > anti-virus software installed, and thought nothing could happen that
> > quickly, despite my assurances to the contrary.
> >
> > To make matters worse, he couldn't remove the infection - his anti-virus
> > software didn't stop the infection, and wouldn't remove it. So he
> > reformatted and re-installed. An hour or so later he reconnected, and
> > got infected just the same way, and in just a few seconds, and couldn't
> > undo the damage (the virus was better at protecting itself than Windows
> > was). I nearly fell off the chair laughing at him.
>
> As a side note, the damage was irreversible here as well. Reformat,
> reinstall. Interesting exercise nonetheless. I'm not sure why anyone sane
> person would have done it a second time. :-)
----
Actually, anyone who has set up Windows 2003 Server in the last year has
noticed that this shouldn't happen anymore because the firewall is
automatic during initial setup phase and user is clearly aware that
during initial setup phase, this firewall remains until updates are all
installed or the user opts out. Let's give Microsoft a little credit
(not much, but a little).

Craig

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

Ed Greshko 12-30-2007 11:49 AM

Seeing input on Securing the Linux system from intrusions and attacks.
 
Craig White wrote:
> On Sun, 2007-12-30 at 17:53 +0800, Ed Greshko wrote:
>> Tim wrote:
>>> On Sun, 2007-12-30 at 08:03 +0800, Ed Greshko wrote:
>>>> It was more than a year ago when I attempted to install a Windows 2000
>>>> system directly connected to the internet. In fact, before the system
>>>> was fully updated with security patches it had been compromised. I
>>>> didn't time it, but it certainly was less than 30 minutes.
>>> That happened to a friend of mine. It was something like four seconds
>>> after connecting to his ISP he got infected, despite my warnings about
>>> putting a firewall on first. He didn't think he'd need it, he had
>>> anti-virus software installed, and thought nothing could happen that
>>> quickly, despite my assurances to the contrary.
>>>
>>> To make matters worse, he couldn't remove the infection - his anti-virus
>>> software didn't stop the infection, and wouldn't remove it. So he
>>> reformatted and re-installed. An hour or so later he reconnected, and
>>> got infected just the same way, and in just a few seconds, and couldn't
>>> undo the damage (the virus was better at protecting itself than Windows
>>> was). I nearly fell off the chair laughing at him.
>> As a side note, the damage was irreversible here as well. Reformat,
>> reinstall. Interesting exercise nonetheless. I'm not sure why anyone sane
>> person would have done it a second time. :-)
> ----
> Actually, anyone who has set up Windows 2003 Server in the last year has
> noticed that this shouldn't happen anymore because the firewall is
> automatic during initial setup phase and user is clearly aware that
> during initial setup phase, this firewall remains until updates are all
> installed or the user opts out. Let's give Microsoft a little credit
> (not much, but a little).

Just to reiterate, my experience was with Win2K.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

Tim 12-30-2007 12:28 PM

Seeing input on Securing the Linux system from intrusions and attacks.
 
On Sun, 2007-12-30 at 17:53 +0800, Ed Greshko wrote:
> As a side note, the damage was irreversible here as well. Reformat,
> reinstall. Interesting exercise nonetheless. I'm not sure why anyone
> sane person would have done it a second time. :-)

Like moths to a flame... Some of us understand that bad things happen
when you do stupid things, and try not to repeat the same mistakes. But
the world is full of Windows users who think that if they keep on doing
the same things, perhaps Windows will do something different on the next
attempt. Maybe if I just reboot again...

--
[tim@bigblack ~]$ uname -ipr
2.6.23.1-10.fc7 i686 i386

Using FC 4, 5, 6 & 7, plus CentOS 5. Today, it's FC7.

Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.



--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

Tim 12-30-2007 12:36 PM

Seeing input on Securing the Linux system from intrusions and attacks.
 
Craig White:
> Actually, anyone who has set up Windows 2003 Server in the last year has
> noticed that this shouldn't happen anymore because the firewall is
> automatic during initial setup phase and user is clearly aware that
> during initial setup phase, this firewall remains until updates are all
> installed or the user opts out.

That's hardly an OS for a user. In this case, it would have been 2000
or XP, most likely.

> Let's give Microsoft a little credit (not much, but a little).

Only as being a successful software *pusher*, not for being a good
software creator.

My laptop came with Vista, there was virtually no avoiding it. Not
unless I wanted to mail order in some computer that I'd never been able
to physically inspect in a shop before purchase. And that's not
something I'll do with a purchase of that price.

I can see they've smartened up a bit, but only a bit. Yes, at long
last, you don't have to login as the admin to do some admin tasks. Just
give an admin password at the right moment, just like when we try to use
one of the various system-config- whatever GUIs. But it doesn't give
you an option to keep that authentication for the next one, you're
forever typing in the password. Eventually users are going to turn off
the security, in one way or another.

It doesn't always work, either. Not everything will run as a user, or
let the user run it as an admin. For example, I thought I'd have a look
at the BBC's / Patrick Moore's "Sky at Night" [1]. There's no way that
I can make use of the view on-line feature. It wants to install some
Real Media software, and I can't. It fails, because the run-as an admin
doesn't work, and you can't actually log in as an admin (well you
probably can, but I can't find a way to do it). And why did I try this
in Vista? Because I couldn't get it to work in Linux. The on-line
thing was a no-goer. I used mplayer to stream-dump, but that gives me
audio-only playback.

1: http://www.bbc.co.uk/science/space/spaceguide/skyatnight/

--
[tim@bigblack ~]$ uname -ipr
2.6.23.1-10.fc7 i686 i386

Using FC 4, 5, 6 & 7, plus CentOS 5. Today, it's FC7.

Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.



--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

Tim 12-30-2007 01:01 PM

Seeing input on Securing the Linux system from intrusions and attacks.
 
On Sun, 2007-12-30 at 05:44 -0700, Craig White wrote:
> Let's give Microsoft a little credit (not much, but a little).

Oh, I forgot the other big stupidity: They still haven't got out of the
"you need to reboot, now" mindset. Sometimes you don't even have the
option to not do it now but later.

--
[tim@bigblack ~]$ uname -ipr
2.6.23.1-10.fc7 i686 i386

Using FC 4, 5, 6 & 7, plus CentOS 5. Today, it's FC7.

Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.



--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

Gene Heskett 12-30-2007 02:50 PM

Seeing input on Securing the Linux system from intrusions and attacks.
 
On Sunday 30 December 2007, Tim wrote:
>Craig White:
>> Actually, anyone who has set up Windows 2003 Server in the last year has
>> noticed that this shouldn't happen anymore because the firewall is
>> automatic during initial setup phase and user is clearly aware that
>> during initial setup phase, this firewall remains until updates are all
>> installed or the user opts out.
>
>That's hardly an OS for a user. In this case, it would have been 2000
>or XP, most likely.
>
>> Let's give Microsoft a little credit (not much, but a little).
>
>Only as being a successful software *pusher*, not for being a good
>software creator.
>
>My laptop came with Vista, there was virtually no avoiding it. Not
>unless I wanted to mail order in some computer that I'd never been able
>to physically inspect in a shop before purchase. And that's not
>something I'll do with a purchase of that price.
>
>I can see they've smartened up a bit, but only a bit. Yes, at long
>last, you don't have to login as the admin to do some admin tasks. Just
>give an admin password at the right moment, just like when we try to use
>one of the various system-config- whatever GUIs. But it doesn't give
>you an option to keep that authentication for the next one, you're
>forever typing in the password. Eventually users are going to turn off
>the security, in one way or another.
>
>It doesn't always work, either. Not everything will run as a user, or
>let the user run it as an admin. For example, I thought I'd have a look
>at the BBC's / Patrick Moore's "Sky at Night" [1]. There's no way that
>I can make use of the view on-line feature. It wants to install some
>Real Media software, and I can't. It fails, because the run-as an admin
>doesn't work, and you can't actually log in as an admin (well you
>probably can, but I can't find a way to do it). And why did I try this
>in Vista? Because I couldn't get it to work in Linux. The on-line
>thing was a no-goer. I used mplayer to stream-dump, but that gives me
>audio-only playback.
>
>1: http://www.bbc.co.uk/science/space/spaceguide/skyatnight/
>
FWIW Tim, it is all working for me right now. Numerous clicks to actually get
to the mplayer, and the video's aspect ratio is squeezed somewhat, but its
working.

>--
>[tim@bigblack ~]$ uname -ipr
>2.6.23.1-10.fc7 i686 i386
>
>Using FC 4, 5, 6 & 7, plus CentOS 5. Today, it's FC7.
>
>Don't send private replies to my address, the mailbox is ignored.
>I read messages from the public lists.



--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Questionable day.

Ask somebody something.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

Carroll Grigsby 12-30-2007 04:09 PM

Seeing input on Securing the Linux system from intrusions and attacks.
 
On Sunday 30 December 2007 8:36:34 am Tim wrote:

>>> snip

> I thought I'd have a look
> at the BBC's / Patrick Moore's "Sky at Night" [1]. There's no way that
> I can make use of the view on-line feature. It wants to install some
> Real Media software, and I can't. It fails, because the run-as an admin
> doesn't work, and you can't actually log in as an admin (well you
> probably can, but I can't find a way to do it). And why did I try this
> in Vista? Because I couldn't get it to work in Linux. The on-line
> thing was a no-goer. I used mplayer to stream-dump, but that gives me
> audio-only playback.
>
> 1: http://www.bbc.co.uk/science/space/spaceguide/skyatnight/
>
> --
> [tim@bigblack ~]$ uname -ipr
> 2.6.23.1-10.fc7 i686 i386

Tim:
Since you're a Roger Moore fan, here is something that my grandchildren enjoy:
http://www.gamegarage.co.uk/cartoons/patrick-moore/
(Warnings: [1] Javascript and flash required. [2] It will loop forever. [3]
Continued exposure will lower your IQ -- the kids can afford it, but I can't.
[4] The same site has other similar annoyances.)

-- cmg

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

John Summerfield 12-30-2007 08:00 PM

Seeing input on Securing the Linux system from intrusions and attacks.
 
Tim wrote:

Craig White:

Actually, anyone who has set up Windows 2003 Server in the last year has
noticed that this shouldn't happen anymore because the firewall is
automatic during initial setup phase and user is clearly aware that
during initial setup phase, this firewall remains until updates are all
installed or the user opts out.


That's hardly an OS for a user. In this case, it would have been 2000
or XP, most likely.


Let's give Microsoft a little credit (not much, but a little).


Only as being a successful software *pusher*, not for being a good
software creator.

My laptop came with Vista, there was virtually no avoiding it. Not
unless I wanted to mail order in some computer that I'd never been able
to physically inspect in a shop before purchase. And that's not
something I'll do with a purchase of that price.

I can see they've smartened up a bit, but only a bit. Yes, at long
last, you don't have to login as the admin to do some admin tasks. Just


That's true on XP Professional (I don't use unprofessional, can't say
about that) and on Server 2003...



give an admin password at the right moment, just like when we try to use
one of the various system-config- whatever GUIs. But it doesn't give
you an option to keep that authentication for the next one, you're
forever typing in the password. Eventually users are going to turn off
the security, in one way or another.


as we did on out Windows 2003 Server course a while back. I really can't
imagine anyone typing p@ssw0rd a few hundred times in the course of the
course.


Server allows two concurrent logins; presumably one can login as a mere
mortal and use RDP to connect as an administrator; I simply connect as
an administrator from my Linux box.





--

Cheers
John

-- spambait
1aaaaaaa@coco.merseine.nu Z1aaaaaaa@coco.merseine.nu
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375

You cannot reply off-list:-)

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

John Summerfield 12-30-2007 08:05 PM

Seeing input on Securing the Linux system from intrusions and attacks.
 
Tim wrote:

On Sun, 2007-12-30 at 05:44 -0700, Craig White wrote:
Let's give Microsoft a little credit (not much, but a little).


Oh, I forgot the other big stupidity: They still haven't got out of the
"you need to reboot, now" mindset. Sometimes you don't even have the
option to not do it now but later.

I had the joy(?) of installing 2000 Prof the other day. Went something
like this:

Install 2000.
Update
reBoot
Update (two fixes would only install separately)
reboot
update (the other fix)
reboot
update (more fixes, some optional bits)
reboot
install new IE, Not that one, clutz. The old one's all you get
reboot
update (more IE6 fixes)
and finally
reboot
update
reboot

I don't think it was anything less than that.

--

Cheers
John

-- spambait
1aaaaaaa@coco.merseine.nu Z1aaaaaaa@coco.merseine.nu
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375

You cannot reply off-list:-)

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list


All times are GMT. The time now is 03:16 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.