Forwarded from: matthew patton <pattonmeat_private> > While driving to work on Interstate 405 Thursday, Mark Eppley > checked his e-mail from his cellphone and saw a message titled > "Break-in attempt." I wouldn't even want to go into the irresponsible behavior that checking email on a cell-phone at speed on an interstate entails. His day, actually somebody else's day could have gotten a lot worse. > The hackers used the login names and passwords of two former LapLink > employees who had moved on to jobs at Renton-based Classmates > Online. So Laplink had a remote-access solution that depended on simple username and passwords? I know it's pitifully common but far better technology exists... How come when security professionals say that 95% of the security problem is organizational failure do we not get any credibility? ===== "Communism has killed 100 million people. So yeah, let's give it another chance!" -=- Forwarded from: Russell Coker <russellat_private> On Mon, 17 Mar 2003 12:14, InfoSec News wrote: > While driving to work on Interstate 405 Thursday, Mark Eppley > checked his e-mail from his cellphone and saw a message titled > "Break-in attempt." First thing if your network is cracked (or believe yourself to be). Don't send an email! If someone has taken over your servers then one of the first things that they are likely to go for is your mail server. If you discuss how to deal with the attack in email then the attacker will know everything that's going on. If you can't contact the important people in any other method then send them an email purporting to be about something else to get their attention (tell them to phone their manager regarding their bonus - that'll get a fast response). > For some companies, the situation becomes more complicated when the > computer-systems people leave. In many cases, they leave with more > knowledge of the system than their replacements. One common problem is that there is often a lack of discipline in the computer services area. Employees use their own personal accounts for running system services, instead of correctly using system accounts, and they don't document what they do either. It's not uncommon to see daemons and critical cron jobs being run from the home directory of the person who wrote them! Due to this the other people are often too scared to remove the account of an ex-employee (even one who has been sacked). -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Mar 19 2003 - 01:27:30 PST