[ale] Linux Distributions

Tue May 17 19:14:59 EDT 2005

ChangingLINKS.com wrote:
> On Tuesday May 17 2005 15:22, Geoffrey wrote:
> 
>>>I am your opposite here.
>>>My logic was to find out why they made their statements, and then
>>>configure a system that won't have the weaknesses they they point out.
>>>With Linux, I have the luxury of building a system that won't be as
>>>"insecure" as the systems of the "experts." My system is configured so
>>>that even an expert could run it as root and not screw it up. ;) More
>>>importantly, it is setup so that someone like me (who just uses Linux to
>>>get things done) can run the box well without having my poor admin skills
>>>be a factor.
>>
>>If you really believe that, post your ip address, root password to the
>>list and we'll see how long your machine remains available (much less
>>secure).
> 
> 
> OK. I will. When would be a good time? Sunday would be good for me.
> How long do you want me to leave it open?

Why not all the time?  You've got the fullproof solution in place, remember?

> As you know, (you and I) and (Bob Toxen and I) had trouble getting past the 
> first firewall. You will need to help me remember how to open it up again. 
> No, I will wire the modem directly to the computer - to make it easy on you.

Modem?  I want broadband connectivity.

> 
> I will give you all the IP address.
> I will DROP the remaining firewalls.
> I will give you *all* my root password.

Okay, just post the ip and root password to the list.

> 
> 
> CHALLENGE: 
> 1. If no one can down/infect/harm my system for more than 20 minutes TOTAL - 
> you fix (or have fixed) the 6 problems that I posted (and give me exact 
> directions on how to apply the fixes myself.)

You're on.

> 
> 2. IF you (with the help of everyone on this list) CAN down/infect/harm my 
> system for more than 20 minutes - I'll pay you $100.

Fair enough, but I couldn't take your money.
> 
> 
> 
> 
> 
> I would like to extend this challenge in the same way Bob Toxen did. 
> There will be a set time with which you can attempt to hack/harm the system. 
> After that, I will recover the box within 5 minutes (barring the transfer time 
> of data). I will present the facts on exactly HOW I restored the system - and 
> summarily prove that "the system is clean and fully operational."

Unless you've got a hot spare, you will not be able to recover that box 
in 5 minutes.

> 
> (In good faith: 
> I will NOT remove or add any hardware to the system during or after the hack 
> attempt.)
> 
> On the other hand, if you one of you IS able to down my system for more than 
> 20 minutes TOTAL, you will simply give me the information on how it was done.
> (Hopefully, it goes without saying that no one can physically enter my home.)
> 
> I present this challenge to *you* Geoffrey because I believe that you have all 
> that it takes to solve the 6 problems that have stumped so many others.

Really?  Flattery will get you nowhere. :)

> This challenge should be sufficient for the "never run as root" people to 
> prove their point - especially in light of the fact that I will be turning 
> OFF security features and proving you ALL with direct access to /

-- 
Until later, Geoffrey