Home page logo

pauldotcom logo PaulDotCom mailing list archives

Getting Your Start Because You Got Hacked
From: mike.patterson at unb.ca (Mike Patterson)
Date: Thu, 14 May 2009 15:00:17 -0400

Hm, what about if our start was because somebody else we knew got hacked?

I'd been running OpenBSD for some time as my home router when I got
pissed off at Debian's nth iteration of "lol upgrade broke libc which
broke everything else, we'll fix it next time for srs", and so liked to
think I had some clue, but had little practical experience.  I ran a
computer store, and one day a fellow walked in and asked if I knew
anything about Linux.  "Sure," I sez, "what's up?"  (It wasn't often you
got questions like that in 1998 from walkins in a small town.)

He said he ran the local community network, RedHat 6.2 or so, and he
thought it might have been hacked by a previous admin, and could I see
what the guy did?

Turns out it had been, fellow was stupid enough to use his own linux.com
account, and the RCMP were politely interested given he was living in a
different province at the time, but didn't take the time to follow up
given no financial damage.  I could see that he'd used an FTP overflow
attack on the running wu-ftpd, looked in the history files to see what
he'd done, last and {passwd,shadow}- showed he'd changed passwords on
people, and so on.  Pretty vanilla and dumb attack, but it made me think
a bit more about how to catch hax0rs.

And that's why I used to carry around "volunteer system administrator:
community network" for a while on my resume.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]