Home page logo

fulldisclosure logo Full Disclosure mailing list archives

US military & motd files... Re: Supporters urge halt to, hacker's, extradition to US
From: Kyrian <kyrian () ore org>
Date: Tue, 30 Sep 2008 16:38:50 +0100

Valdis.Kletnieks () vt edu wrote:
On Mon, 29 Sep 2008 21:44:22 BST, Kyrian said:

  A message left by him on a system:
Changing the /etc/motd file or equivalent is hardly costly, and hardly 
massive damage, no? Hypothetically speaking, if I wanted to do as little 
damage as possible and make someone get the message I'd been in there, 
that's probably what I'd do.

Look at it from the other end.  You logon one day, and find that person or
persons unknown have screwed with your /etc/motd file.
You are quite right, of course. In that particular instance I wasn't 
seeking to make a technical argument per se,
I was more focused on any plausible intent, as that seems to be central 
to at least some people's arguments.

I apologise if that threw anyone with the context switching. This one's 
nearly back on topic to tech/security...

Personally on a server that I knew was meant to be secure, and had made 
an effort to secure for the long term , I would make sure that there 
were two separate checksum databases for every binary file on the 
system, and hence be able to verify anything "important" had not been 
tampered with, without having to rely on file timestamps, which I (like 
most on this list) know can be unreliable after a compromise.

I've not to date seen any server maliciously attacked where the binaries 
or files and processes involved were not either 'important' or 
'obvious'. Perhaps I have not run into a high enough calibre of hacker? 
(NOT an invitation ;-).

However. back to the point... One would have assumed that the US 
military would have taken explicit steps to secure their systems by 
default, perhaps until this very email thread??? The implications of 
them not even making such an effort are ludicrous on so very many levels.


Kev Green, aka Kyrian. E: kyrian&#64;ore.org WWW: http://kyrian.ore.org/
Linux/Security Contractor/LAMP Coder/ISP, via http://www.orenet.co.uk/
                 DJ via http://www.hellnoise.co.uk/

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]