Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: Is www.sco.com hacked Ethical?
From: "Jon Dossey" <JDossey () deltahealthgroup com>
Date: Mon, 29 Nov 2004 12:43:43 -0600


This bodes well for the Cyberguard Stock which depends on
SCO UNIX as it's engine for the firewall.  Well again a prank,
as such, but this helps destroy the reputation of many companies.

I think they did a pretty good job of destroying their reputation all by
themselves.

 
The person(s) if and when they're found and they will be(sociopath),
feels
no
responsibility.   Ok well, how was this an ethical attack? It attacks
the stock holders, people who work for the companies affected and the
persons
responsible deserve whatever legal recourse the company has when they
find
this clown(s).

You sure do know a lot about this person, considering at this point
they're completely anonymous.  Maybe they take complete responsibility,
but believe its for the greater good?  Maybe they're completely ready to
face criminal charges.  Maybe they'll turn themselves in tomorrow and
apologize for their grievous mistake?  

Neither you or I have any idea.  The difference is that I don't assume
to know.
 
It is rather amusing, as was the RSA web attack, CIA etc. but the
broader
implications are that the companies involved are a security risk,
though
they are not, they will be perceived as one.

Those aren't security risks?  Are you familiar with the internal design
of SCO's network?  If their web servers are vulnerable, what else is?
You've got no factual basis for any of your claims.
 
Again, I don't agree with SCO and their lawsuits, though some of them
may have some basis for patent or copyright infringement. I do believe
they give
a useful alternative for UNIX.  

I think Linux and BSD make much better UNIX alternatives, don't you?

For certain smaller companies they provide
a valuable service to
the community.  This will only help put a nail in the coffin in a
struggling company that does
provide an alternative. I have no SCO stock, ok.   I do believe the
alternatives are needed to
check the megaliths like our friendly M$, Apple and others.

How many small companies can afford SCO's Unixware?  Not many I'd guess.
Do you realize in how few arenas SCO competes directly with M$ and
Apple?
 
Oh well the fun continues in the absurd world of data security or
insecurity. And how did they hack it
did someone just leave the permissions on the files open or some other
mischief.  

*blank stare*
Regardless of whether or not they "leave the permissions on the files
open" or not, the machine still had to be compromised.  

Look I just chmod 777 a suid root copy of the bash shell!  Come root my
webserver!

Anyone have a  clue on this? Or was a DNS redirection?

At this point, I assume your guess is as good as anyone (outside of SCO
and the attacker).

 
.jon


__________________________________________________________________________

"The information transmitted is intended only for the person or entity to 
which it is addressed and may contain confidential, proprietary, and/or 
privileged material.  Any review, retransmission, dissemination or other 
use of, or taking of any action in reliance upon, this information by 
persons or entities other than the intended recipient is prohibited.  
If you received this in error, please contact the sender and delete 
the material from all computers."

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]