ampage Tube Amps / Music Electronics	For current discussions, please visit Music Electronics Forum.

ampage archive

Vintage threads from the first ten years

previous: Mark Buckingham Re: Hackers watching ebay like vultures!!! -- 7/22/2003 1:11 AM

Re: Misc ramblings from the overtired IT guy

7/23/2003 3:20 AM
sr	Re: Misc ramblings from the overtired IT guy Actually, there is reason to believe that if the source were open, there would be fewer, not more security holes. That's because if I'm a good guy, and I can find problems in your code, I'll tell you. I hear that POV from many black & grey hats; that they are doing everyone a favor. Call me cynical (get in line!) but I think they are only serving their own curiosity & egos.. (which is not nec a bad thing..) I puff up my chest and I get to go to BlackHat and talk about my exploits and feel like the fonz.. (in his Cartman voice) "Thank you Eric, you are popular and kewl.." - know what I mean? Ultimately IMHO it is outwitting the author - you found the thing that he/she missed.. that achilles heel, and now you possess Kryptonite. You Are Someone now. That's what it is really about, maybe not all the time, but a lot of the time. OTOH it is very educational to see the creative ways folks figure out to break stuff. Like Kevin Mitnick giving an ass whupping to Tsutomo whatshisname with the unhackable network... An attack so simple, it was brilliant. Anyhow, I kinda agree, I kinda don't. I guess it probably depends on who is doing it? This Cisco vulnerability that kept me at the office until 4am this morning is something I could have lived without. Any bozo who can read and has hping can whack a router. Lovely. Did I learn anything? Not really. Just that if you try enough wierd shit on a system, you will find something the author missed bc it was so improbable and silly there was no sense to write an extra case statement for it. Does it make you smarter than the author? I dont' think so. OTOH one could argue that good guys finding the holes first protect us all from the bad guys - in which case I agree with you 100%. Shoot, I am totally the wrong guy to respond to this.. All I know for sure is that at the end of the day it pisses me off that so much of my time is spent fixing security holes.. time I could spend doing something productive. Sleeping. Playing with my kids. Boxing up transformers! Patching stuff is a waste of time. What did I get from patching all of our routers last night? OK, I learned that Cisco is a great company that takes care of it's clients, I learned that routers are still the most reliable things I have in my datacenter, and I realized that OSPF is not taking my default route from iBGP and distributing it.. & now I have to figure out why.. it used to.. ?? hmmm. :/ re: Virus attacks on Linux - IMHO 'nix as a whole (incl Linux) has far less viral activity (alomst none really) and always has bc from the get go the authors understood file system rights. Ditto for Novell. (Ever see a Netware virus?) The fundamental issue in Windows is file system rights/permissions. You as a user in Win98 for ex, are the "super user" right out of the box. You can delete the registry, format the C: partition, rename system files.. And, consequently, so can any virus you get - bc it will run as you. In the 'nix world, root (the super user account) is the only one who can really do damage usually, and you nearly never log in as root. You create user accounts that have the permissions they need, and nothing else. The weakest part of unix has typically been the services that opened ports below 1024 as they traditionally have to run as root to open a 'known' port but there are workarounds for that flaw. Idea being you whack a service which is running as root and r00t the machine... Anyhow, MSFT made all users root basically which made major damage possible, and then in order to make things "easy" for users they set up ridiculous permissions (unlimited unauthenticated shares, remote registry editing, unathenticated RPC services, etc etc etc) and that basic mind set permeated the Outhouse..err, Outlook client. By integrating VBA with Office and an email client AND then further by having an all powerful user running the thing, they created a disaster waiting to happen. XP is starting to address this (finally!) and things will get better. Win2k can be made pretty secure quickly and consistently using server based group policies or just loading a template if you have a standalone machine. The CIS makes one available that takes care of many of the holes. You can import it in seconds. Using group policies you can also control which executables can run - so if a virus gets in and tries to execute it will be automatically shut down (assuming the author has not worked around the policy issue..) Hard to set up, but once it's in it's pretty solid. A bedtime virus story.. Back before we had our email proxy servers scrubbing and filtering, we got viruses.. The "I Love You" and maybe one or 2 others. Loose on our Novell network, they did only localized damage (overwriting gifs, bmp's etc owned by that user) and had no effect whatsoever on our Groupwise email system. You almost would not know the thing had gotten in. I remember one of the big virus outbreaks, FoMoCo was down, the German gov't was down.. Bear Stearns, Lehman, all down. We were up as if nothing had happened. That was the day my users "got it". Why I do that wierd stuff I do. Why I don't use what "everyone" uses. I was just lucky enough to have a mentor who beat this into me, it's certainly not bc I'm any smarter than anyone else. Anyhow, windows is getting there, 10 years late. At least they are getting there..

7/23/2003 3:20 AM

Re: Misc ramblings from the overtired IT guy

Actually, there is reason to believe that if the source were open, there would be fewer, not more security holes. That's because if I'm a good guy, and I can find problems in your code, I'll tell you.

I hear that POV from many black & grey hats; that they are doing everyone a favor. Call me cynical (get in line!) but I think they are only serving their own curiosity & egos.. (which is not nec a bad thing..) I puff up my chest and I get to go to BlackHat and talk about my exploits and feel like the fonz.. (in his Cartman voice) "Thank you Eric, you are popular and kewl.." - know what I mean?

Ultimately IMHO it is outwitting the author - you found the thing that he/she missed.. that achilles heel, and now you possess Kryptonite. You Are Someone now. That's what it is really about, maybe not all the time, but a lot of the time.

OTOH it *is* very educational to see the creative ways folks figure out to break stuff. Like Kevin Mitnick giving an ass whupping to Tsutomo whatshisname with the unhackable network... An attack so simple, it was brilliant. Anyhow, I kinda agree, I kinda don't. I guess it probably depends on who is doing it? This Cisco vulnerability that kept me at the office until 4am this morning is something I could have lived without. Any bozo who can read and has hping can whack a router. Lovely. Did I learn anything? Not really. Just that if you try enough wierd shit on a system, you will find something the author missed bc it was so improbable and silly there was no sense to write an extra case statement for it. Does it make you smarter than the author? I dont' think so. OTOH one could argue that good guys finding the holes first protect us all from the bad guys - in which case I agree with you 100%. Shoot, I am totally the wrong guy to respond to this..

All I know for sure is that at the end of the day it pisses me off that so much of my time is spent fixing security holes.. time I could spend doing something productive. Sleeping. Playing with my kids. Boxing up transformers!

Patching stuff is a waste of time. What did I get from patching all of our routers last night? OK, I learned that Cisco is a great company that takes care of it's clients, I learned that routers are still the most reliable things I have in my datacenter, and I realized that OSPF is not taking my default route from iBGP and distributing it.. & now I have to figure out why.. it *used* to.. ?? hmmm. :/

re: Virus attacks on Linux - IMHO 'nix as a whole (incl Linux) has far less viral activity (alomst none really) and always has bc from the get go the authors understood file system rights. Ditto for Novell. (Ever see a Netware virus?) The fundamental issue in Windows is file system rights/permissions. You as a user in Win98 for ex, are the "super user" right out of the box. You can delete the registry, format the C: partition, rename system files.. And, consequently, so can any virus you get - bc it will run as *you*.
In the 'nix world, root (the super user account) is the only one who can really do damage usually, and you nearly never log in as root. You create user accounts that have the permissions they need, and nothing else. The weakest part of unix has typically been the services that opened ports below 1024 as they traditionally have to run as root to open a 'known' port but there are workarounds for that flaw. Idea being you whack a service which is running as root and r00t the machine...

Anyhow, MSFT made all users root basically which made major damage possible, and then in order to make things "easy" for users they set up ridiculous permissions (unlimited unauthenticated shares, remote registry editing, unathenticated RPC services, etc etc etc) and that basic mind set permeated the Outhouse..err, Outlook client. By integrating VBA with Office and an email client AND then further by having an all powerful user running the thing, they created a disaster waiting to happen. XP is starting to address this (finally!) and things will get better. Win2k can be made pretty secure quickly and consistently using server based group policies or just loading a template if you have a standalone machine. The CIS makes one available that takes care of many of the holes. You can import it in seconds. Using group policies you can also control which executables can run - so if a virus gets in and tries to execute it will be automatically shut down (assuming the author has not worked around the policy issue..) Hard to set up, but once it's in it's pretty solid.
A bedtime virus story..
Back before we had our email proxy servers scrubbing and filtering, we got viruses.. The "I Love You" and maybe one or 2 others. Loose on our Novell network, they did only localized damage (overwriting gifs, bmp's etc owned by that user) and had no effect whatsoever on our Groupwise email system. You almost would not know the thing had gotten in. I remember one of the big virus outbreaks, FoMoCo was down, the German gov't was down.. Bear Stearns, Lehman, all down. We were up as if nothing had happened. That was the day my users "got it". Why I do that wierd stuff I do. Why I don't use what "everyone" uses. I was just lucky enough to have a mentor who beat this into me, it's certainly not bc I'm any smarter than anyone else.
Anyhow, windows is getting there, 10 years late. At least they are getting there..

Replies:

Mark Buckingham [QUOTE]I hear that POV from man... -- 7/23/2003 1:22 PM