Re: LapLink says hackers left key clue

[InfoSec News <isn () c4i org>]

Forwarded from: matthew patton <pattonme () yahoo com>

> While driving to work on Interstate 405 Thursday, Mark Eppley
> checked his e-mail from his cellphone and saw a message titled
> "Break-in attempt."

I wouldn't even want to go into the irresponsible behavior that
checking email on a cell-phone at speed on an interstate entails. His
day, actually somebody else's day could have gotten a lot worse.

> The hackers used the login names and passwords of two former LapLink
> employees who had moved on to jobs at Renton-based Classmates
> Online.

So Laplink had a remote-access solution that depended on simple
username and passwords? I know it's pitifully common but far better
technology exists... How come when security professionals say that 95%
of the security problem is organizational failure do we not get any
credibility?


=====
"Communism has killed 100 million people. So yeah, let's give it 
another chance!"


-=-


Forwarded from: Russell Coker <russell () coker com au>

On Mon, 17 Mar 2003 12:14, InfoSec News wrote:

> While driving to work on Interstate 405 Thursday, Mark Eppley
> checked his e-mail from his cellphone and saw a message titled
> "Break-in attempt."

First thing if your network is cracked (or believe yourself to be).  
Don't send an email!  If someone has taken over your servers then one
of the first things that they are likely to go for is your mail
server.  If you discuss how to deal with the attack in email then the
attacker will know everything that's going on.

If you can't contact the important people in any other method then
send them an email purporting to be about something else to get their
attention (tell them to phone their manager regarding their bonus -
that'll get a fast response).

> For some companies, the situation becomes more complicated when the
> computer-systems people leave. In many cases, they leave with more
> knowledge of the system than their replacements.

One common problem is that there is often a lack of discipline in the
computer services area.  Employees use their own personal accounts for
running system services, instead of correctly using system accounts,
and they don't document what they do either.

It's not uncommon to see daemons and critical cron jobs being run from
the home directory of the person who wrote them!  Due to this the
other people are often too scared to remove the account of an
ex-employee (even one who has been sacked).


-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page




-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.