Larry Osterman's WebLog

Confessions of an Old Fogey
Blog - Title

Somehow I don't think I'm going to see this story on slashdot any time soon :)

Somehow I don't think I'm going to see this story on slashdot any time soon :)

  • Comments 66

Michael Howard sent the following news article to one of our internal DL's this morning.  For some reason, I don't think it's going to hit the front page of Slashdot any time soon:

Serving as the latest reminder of that fact is Antioch University in Yellow Springs, Ohio, which recently disclosed that Social Security numbers and other personal data belonging to more than 60,000 students, former students and employees may have been compromised by multiple intrusions into its main ERP server.

The break-ins were discovered Feb. 13 and involved a Sun Solaris server that had not been patched against a previously disclosed FTP vulnerability, even though a fix was available for the flaw at the time of the breach, university CIO William Marshall said today.

                                                :

"When we went in and did a further investigation, we found that there was an IRC bot installed on the system," Marshall said.

So Antioch's Solaris systems were (a) compromised by an old vulnerability, and (b) were being used as botnet clients.  Both of which the slashdot crowd claim only happens on "Windoze" machines.

At what point do people pull their heads out of the sand and realize that computer security and patching disciplines are an industry-wide issue and not just a single platform issue?  Even after the Pwn2Own contest last month was won by a researcher who exploited a flash vulnerability, the vast majority of the people commenting on the ZDNet article claimed that the issue was somehow "windows only".  Ubuntu even published a blog post that claimed that they "won" (IMHO they didn't, because Shane has said that the only reason he chose not to attack the Ubuntu machine was that he was more familiar with Windows).  The reality is that nobody "wins" these contests (except maybe the security researcher who gets a shiny new computer at the end).  It's just a matter of time before the machine will get 0wned.

Ignoring stories like this make people believe that somehow security issues are isolated to a single platform, and that in turn leaves them vulnerable to hackers.  It's far better to acknowledge that the IT industry as a whole has an issue with security and ask how to move forwards.

 

Edit: Ubunto->Ubuntu (oops :))

  • BTW, on the matter of UAC, it is similar enough to sudo that it is basically a clone of sudo.

  • >ygrek: that's actually great! - debian is finally adding NX protection, ASLR

    That all actually existed for years and some other distros had that even before Debian.

    BTW, on the matter of NX in Linux, from http://blogs.msdn.com/oldnewthing/archive/2008/04/10/8374144.aspx#8398520:

    "BTW, not all Linux distros provide a PAE kernel, and some provides it only on server kernels, such as Ubuntu. In Linux, with a non-PAE kernel, you could not even use NX!"

  • "And here I thought that turning UAC annoyance off is the first thing everone and their grandmother does after installing Vista."

    That is a little far, in fact I don't turn UAC off on my Vista machine.

  • >"And here I thought that turning UAC annoyance off is the first thing everone and their grandmother does after installing Vista."

    >That is a little far, in fact I don't turn UAC off on my Vista machine.

    BTW, the class of mistake Igor is making here is called over generalization. Just because geeks do something does not mean that everyone does something

  • So Antioch's Solaris systems were (a) compromised by an old vulnerability, and (b) were being used as botnet clients.

    You don't have _any_ idea what IRC is or what an irc bot usually does do you.. Botnet client? What?

    Hint: logging, auto-oping known users, providing small tools like "!weather new york"

  • nikanj: I know exactly what IRC is and the difference between an IRC bot and a botnet client.

    Sure, an IRC bot does logging, etc, but a botnet client does a smidge more - it does things like launching DDOS attacks and sending spam emails.

    And this wasn't an IRC bot that was on those machines.  My point was simply that the idea that somehow botnet clients are a uniquely windows phenomenon is simply untrue.

Page 5 of 5 (66 items) 12345