On Wed, Aug 28, 2002 at 05:36:02PM -0700, Andrew Plato wrote: [Andrew, your emails would be far easier to read if you line wrapped at 72 characters. I've wrapped for you in this response. Thanks.] > My favorite story is the consultant who tried to slip into his > employer's network using a stolen root-level account. He would have > made it through and stolen everything, but the HIDS picked it up and > we caught the guy. That company could have invested 92 billion dollars > in secure operating systems, 90000 bit encryption, and a firewall the > size of a refrigerator - and none of that would have spotted this guy > armed with a stolen root account. ssh -p 222 root@private root password is "1234". Knock yourself out. If you find a way to compromise the security of the machine, please join #selinux on irc.freenode.net and tell russell coker how you did it. :) (ObPlug: WireX's SubDomain could also be configured to have prevented this situation, if one doesn't mind specifying some restrictions, such as "root logins from the local network are fine, but not from untrusted networks", or "root must login from the console".) Mandatory access controls are a Good Thing. -- http://immunix.org/
This archive was generated by hypermail 2b30 : Thu Aug 29 2002 - 13:16:25 PDT