'[Full-disclosure] US military & motd files... Re: Supporters urge'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [Full-disclosure] US military & motd files... Re: Supporters urge
From:       Kyrian <kyrian () ore ! org>
Date:       2008-09-30 15:38:50
Message-ID: 48E2480A.7010102 () ore ! org
[Download RAW message or body]

Valdis.Kletnieks@vt.edu wrote:
> On Mon, 29 Sep 2008 21:44:22 BST, Kyrian said:
>
>   
>>>   A message left by him on a system:
>>>   
>>>       
>> Changing the /etc/motd file or equivalent is hardly costly, and hardly 
>> massive damage, no? Hypothetically speaking, if I wanted to do as little 
>> damage as possible and make someone get the message I'd been in there, 
>> that's probably what I'd do.
>>     
>
> Look at it from the other end.  You logon one day, and find that person or
> persons unknown have screwed with your /etc/motd file.
>   
You are quite right, of course. In that particular instance I wasn't 
seeking to make a technical argument per se,
I was more focused on any plausible intent, as that seems to be central 
to at least some people's arguments.

I apologise if that threw anyone with the context switching. This one's 
nearly back on topic to tech/security...

Personally on a server that I knew was meant to be secure, and had made 
an effort to secure for the long term , I would make sure that there 
were two separate checksum databases for every binary file on the 
system, and hence be able to verify anything "important" had not been 
tampered with, without having to rely on file timestamps, which I (like 
most on this list) know can be unreliable after a compromise.

I've not to date seen any server maliciously attacked where the binaries 
or files and processes involved were not either 'important' or 
'obvious'. Perhaps I have not run into a high enough calibre of hacker? 
(NOT an invitation ;-).

However. back to the point... One would have assumed that the US 
military would have taken explicit steps to secure their systems by 
default, perhaps until this very email thread??? The implications of 
them not even making such an effort are ludicrous on so very many levels.

K.

-- 
Kev Green, aka Kyrian. E: kyrian&#64;ore.org WWW: http://kyrian.ore.org/
Linux/Security Contractor/LAMP Coder/ISP, via http://www.orenet.co.uk/
                 DJ via http://www.hellnoise.co.uk/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic