[ale] Alas! At long last I've been hacked.

Byron A Jeff byron at cc.gatech.edu
Sun Feb 2 12:28:44 EST 2003


> 
> > -----Original Message-----
> > From: Byron A Jeff
> > Sent: Sunday, February 02, 2003 11:42 AM
> >
> > Slack 7.0 IIRC. No security updates whatsoever.
> 
> Unless you are wanting to be hacked... you need a better attitude about
> security.  Sorry to be blunt, but honesty is better than passive apathy in
> situations like this.

I admit and take responsibility for my mistakes.

> 
> >
> > I was using tcpd to limit access to a couple of spots (Tech,
> > my father's machine). Too many open services (telnet, ftp,
> > finger, ident, sendmail, apache with port 80 closed by ATT/Comcast)
> 
> It your box was hacked, tcpd would no longer have a role in determining
> whether or not someone could get to your father's machine.  Does your father
> know that you have put his data at risk?

Wrong direction. His machine had access to mine, not the other way around.
His is locked down only to limited SSH access on Slack 8.1, while mine was
much more open.

> 
> >
> > As I said before I do believe that the tradeoff between controls
> > and risks where OK for the time period that the machine was sitting
> > on the open Internet and the total lack of maintenance rendered.
> 
> If you buy a car and never check and change the oil what would people think
> of you?
>  I know (sic) think that of you.  Again, sorry for the bluntness.

Not a problem. I'm planning to button down the hatches a bit more this time.

I do feel that your analogy is a bit broken. I took some middle of the road
security measure. It wasn't no security at all. And even those limited security
measures lasted for an quite a long time. 

BTW any suggestions either by product or procedure for the next round?

BAJ
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale






More information about the Ale mailing list