|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
OT, but FYI for Linux/Unix
From Internet Storm Center:
University Security Problems - Solaris and Linux It was brought to my attention that several University environments have been getting attacked and compromised in the past week. This is a daily occurrence for most of us working in the academic world, except recently it has been primarily tied to Microsoft based operating systems. The recent activity being noted is that the trend has started to push toward Solaris and Linux based systems. These systems tend be better connected on most academic networks and are much more capable systems for launching larger scale attacks without needing to distribute the Denial of Service attack vector of choice. Additionally, many of these systems are connected to "instrumentation" machines used in research and are not heavily patched due to patch clusters that adversely affect research software. A security breach on one of these machines can have numerous effects on the research, including loss of time and data, potential leaks of confidential data and potential use of the systems for causing more security problems locally or outside the local network. Over the weekend, it came to my attention that Stanford University has had a number of security incidents from these Unix systems, reversing the trend of the recent past. From Stanford's security alert it appears that the attacks have been local accounts being used for privilege escalation to root account. And that the local exploits have included "do_brk() and mremap() exploits on Linux and the sadmind, arbitrary kernel loading modules and passwd vulnerabilities on Solaris." It is highly recommended that everyone, especially those in academic settings, take the time to audit your Unix based systems for rootkits, unnecessary services, and prepare for a continued trend of hacker activity in the Unix world. For more information on the Stanford security announcement please see the following URL: http://securecomputing.stanford.edu/...-6apr2004.html I also recommend that those academic security people please participate in the unisog mailing list hosted by SANS, or the Educause Security list (http://www.educause.edu/security ). Clear, Dark, Steady Skies! (And considerate neighbors!!!) |
#2
|
|||
|
|||
OT, but FYI for Linux/Unix
Wfoley2 wrote:
From Internet Storm Center: University Security Problems - Solaris and Linux It was brought to my attention that several University environments have been getting attacked and compromised in the past week. This is a daily occurrence for most of us working in the academic world, except recently it has been primarily tied to Microsoft based operating systems. The recent activity being noted is that the trend has started to push toward Solaris and Linux based systems. These systems tend be better connected on most academic networks and are much more capable systems for launching larger scale attacks without needing to distribute the Denial of Service attack vector of choice. Additionally, many of these systems are connected to "instrumentation" machines used in research and are not heavily patched due to patch clusters that adversely affect research software. A security breach on one of these machines can have numerous effects on the research, including loss of time and data, potential leaks of confidential data and potential use of the systems for causing more security problems locally or outside the local network. Over the weekend, it came to my attention that Stanford University has had a number of security incidents from these Unix systems, reversing the trend of the recent past. From Stanford's security alert it appears that the attacks have been local accounts being used for privilege escalation to root account. And that the local exploits have included "do_brk() and mremap() exploits on Linux and the sadmind, arbitrary kernel loading modules and passwd vulnerabilities on Solaris." It is highly recommended that everyone, especially those in academic settings, take the time to audit your Unix based systems for rootkits, unnecessary services, and prepare for a continued trend of hacker activity in the Unix world. For more information on the Stanford security announcement please see the following URL: http://securecomputing.stanford.edu/...-6apr2004.html I also recommend that those academic security people please participate in the unisog mailing list hosted by SANS, or the Educause Security list (http://www.educause.edu/security ). Clear, Dark, Steady Skies! (And considerate neighbors!!!) Mo http://isc.incidents.org/top10.php http://isc.incidents.org/ |
#3
|
|||
|
|||
OT, but FYI for Linux/Unix
Wfoley2:
It is highly recommended that everyone, especially those in academic settings, take the time to audit your Unix based systems for rootkits, unnecessary services, and prepare for a continued trend of hacker activity in the Unix world. For more information on the Stanford security announcement please see the following URL: http://securecomputing.stanford.edu/...-6apr2004.html This very much on-topic for users of all Unix variants, including users of Mac OS X (BSD Unix). The ref notes "...In most cases, the attacker gets access to a machine by cracking or sniffing passwords." Long live the non-trivial system password, e.g., w9#J3Px5b6L&2rMu, as opposed to "mycomputer." And long-live the hardware firewall with non-trivial password _and_ with remote administration disabled. Davoud -- usenet *at* davidillig dawt com |
Thread Tools | |
Display Modes | |
|
|