Re: [ISN] LapLink says hackers left key clue

From: InfoSec News (isnat_private)
Date: Tue Mar 18 2003 - 23:04:40 PST

  • Next message: InfoSec News: "[ISN] Infrastructure protection looking for home"

    Forwarded from: matthew patton <pattonmeat_private>
    > While driving to work on Interstate 405 Thursday, Mark Eppley
    > checked his e-mail from his cellphone and saw a message titled
    > "Break-in attempt."
    I wouldn't even want to go into the irresponsible behavior that
    checking email on a cell-phone at speed on an interstate entails. His
    day, actually somebody else's day could have gotten a lot worse.
    > The hackers used the login names and passwords of two former LapLink
    > employees who had moved on to jobs at Renton-based Classmates
    > Online.
    So Laplink had a remote-access solution that depended on simple
    username and passwords? I know it's pitifully common but far better
    technology exists... How come when security professionals say that 95%
    of the security problem is organizational failure do we not get any
    "Communism has killed 100 million people. So yeah, let's give it 
    another chance!"
    Forwarded from: Russell Coker <russellat_private>
    On Mon, 17 Mar 2003 12:14, InfoSec News wrote:
    > While driving to work on Interstate 405 Thursday, Mark Eppley
    > checked his e-mail from his cellphone and saw a message titled
    > "Break-in attempt."
    First thing if your network is cracked (or believe yourself to be).  
    Don't send an email!  If someone has taken over your servers then one
    of the first things that they are likely to go for is your mail
    server.  If you discuss how to deal with the attack in email then the
    attacker will know everything that's going on.
    If you can't contact the important people in any other method then
    send them an email purporting to be about something else to get their
    attention (tell them to phone their manager regarding their bonus -
    that'll get a fast response).
    > For some companies, the situation becomes more complicated when the
    > computer-systems people leave. In many cases, they leave with more
    > knowledge of the system than their replacements.
    One common problem is that there is often a lack of discipline in the
    computer services area.  Employees use their own personal accounts for
    running system services, instead of correctly using system accounts,
    and they don't document what they do either.
    It's not uncommon to see daemons and critical cron jobs being run from
    the home directory of the person who wrote them!  Due to this the
    other people are often too scared to remove the account of an
    ex-employee (even one who has been sacked).
    --   My NSA Security Enhanced Linux packages  Bonnie++ hard drive benchmark    Postal SMTP/POP benchmark  My home page
    ISN is currently hosted by
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Wed Mar 19 2003 - 01:27:30 PST