OT, but FYI for Linux/Unix

From Internet Storm Center:
University Security Problems - Solaris and Linux



It was brought to my attention that several University environments have been
getting attacked and compromised in the past week. This is a daily occurrence
for most of us working in the academic world, except recently it has been
primarily tied to Microsoft based operating systems. The recent activity being
noted is that the trend has started to push toward Solaris and Linux based
systems. These systems tend be better connected on most academic networks and
are much more capable systems for launching larger scale attacks without
needing to distribute the Denial of Service attack vector of choice.
Additionally, many of these systems are connected to "instrumentation" machines
used in research and are not heavily patched due to patch clusters that
adversely affect research software. A security breach on one of these machines
can have numerous effects on the research, including loss of time and data,
potential leaks of confidential data and potential use of the systems for
causing more security problems locally or outside the local network.

Over the weekend, it came to my attention that Stanford University has had a
number of security incidents from these Unix systems, reversing the trend of
the recent past. From Stanford's security alert it appears that the attacks
have been local accounts being used for privilege escalation to root account.
And that the local exploits have included "do_brk() and mremap() exploits on
Linux and the sadmind, arbitrary kernel loading modules and passwd
vulnerabilities on Solaris."

It is highly recommended that everyone, especially those in academic settings,
take the time to audit your Unix based systems for rootkits, unnecessary
services, and prepare for a continued trend of hacker activity in the Unix
world. For more information on the Stanford security announcement please see
the following URL:

http://securecomputing.stanford.edu/...-6apr2004.html

I also recommend that those academic security people please participate in the
unisog mailing list hosted by SANS, or the Educause Security list
(http://www.educause.edu/security ).


Clear, Dark, Steady Skies!
(And considerate neighbors!!!)

Wfoley2 wrote:

From Internet Storm Center:
University Security Problems - Solaris and Linux

It was brought to my attention that several University environments have been
getting attacked and compromised in the past week. This is a daily occurrence
for most of us working in the academic world, except recently it has been
primarily tied to Microsoft based operating systems. The recent activity being
noted is that the trend has started to push toward Solaris and Linux based
systems. These systems tend be better connected on most academic networks and
are much more capable systems for launching larger scale attacks without
needing to distribute the Denial of Service attack vector of choice.
Additionally, many of these systems are connected to "instrumentation" machines
used in research and are not heavily patched due to patch clusters that
adversely affect research software. A security breach on one of these machines
can have numerous effects on the research, including loss of time and data,
potential leaks of confidential data and potential use of the systems for
causing more security problems locally or outside the local network.

Over the weekend, it came to my attention that Stanford University has had a
number of security incidents from these Unix systems, reversing the trend of
the recent past. From Stanford's security alert it appears that the attacks
have been local accounts being used for privilege escalation to root account.
And that the local exploits have included "do_brk() and mremap() exploits on
Linux and the sadmind, arbitrary kernel loading modules and passwd
vulnerabilities on Solaris."

It is highly recommended that everyone, especially those in academic settings,
take the time to audit your Unix based systems for rootkits, unnecessary
services, and prepare for a continued trend of hacker activity in the Unix
world. For more information on the Stanford security announcement please see
the following URL:

http://securecomputing.stanford.edu/...-6apr2004.html

I also recommend that those academic security people please participate in the
unisog mailing list hosted by SANS, or the Educause Security list
(http://www.educause.edu/security ).

Clear, Dark, Steady Skies!
(And considerate neighbors!!!)


Mo http://isc.incidents.org/top10.php
http://isc.incidents.org/

Wfoley2:
It is highly recommended that everyone, especially those in academic settings,
take the time to audit your Unix based systems for rootkits, unnecessary
services, and prepare for a continued trend of hacker activity in the Unix
world. For more information on the Stanford security announcement please see
the following URL:

http://securecomputing.stanford.edu/...-6apr2004.html

This very much on-topic for users of all Unix variants, including users
of Mac OS X (BSD Unix). The ref notes "...In most cases, the attacker
gets access to a machine by cracking or sniffing passwords."

Long live the non-trivial system password, e.g., w9#J3Px5b6L&2rMu, as
opposed to "mycomputer." And long-live the hardware firewall with
non-trivial password _and_ with remote administration disabled.

Davoud

--
usenet *at* davidillig dawt com