[ISN] selling root accounts on IRC

From: InfoSec News (isn@private)
Date: Mon Mar 01 2004 - 03:02:01 PST

  • Next message: InfoSec News: "[ISN] No trade secret status for DeCSS"

    Forwarded from: Russell Coker <russell@private>
    
    For some time I and several other people have been running SE Linux
    play machines: http://www.coker.com.au/selinux/play.html
    
    One purpose of such machines is to demonstrate the security of SE
    Linux by giving root access to an SE Linux machine to the world.  
    People can freely login at any time and try "rm -rf /" or other
    commands and see that no damage is caused.  They can run "ps aux" and
    notice that only their own processes (and those of other users in the
    same context) can be seen.  Commands such as "reboot" don't do
    anything exciting either.
    
    Another purpose of such machines is to serve as a reference to how a
    SE Linux machine can be run.  When a new user starts out with a
    complex new security feature such as SE Linux it can be difficult for
    them to work out how to get it going.  The play machines serve as
    examples of how SE Linux works when correctly configured and seem to
    be helpful when new users have problems getting it going.
    
    One disturbing trend recently has been criminals selling "root access"
    to the play machines for stolen credit card numbers, accounts on other
    servers, or other things.  The people who are selling the accounts
    surely know what the machines are about, but seem to sell the accounts
    anyway.
    
    People involved in running honeypot's might be interested in doing
    something similar.  Run a machine, tell everyone "this is a honeypot
    server, the root password is ..." and then wait for people to
    illegally purchase access to it!
    
    Russell Coker
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Mar 01 2004 - 05:31:19 PST