Date: Sun, 21 Mar 1999 01:02:20 -0800 (PST) From: Matthew Dillon <dillon@apollo.backplane.com> To: <mike@seidata.com> Cc: Steven Grady <grady@xcf.berkeley.edu>, freebsd-security@FreeBSD.ORG Subject: Re: question about e-bay breakin last week Message-ID: <199903210902.BAA09799@apollo.backplane.com> References: <Pine.BSF.4.05.9903210314200.1682-100000@ns1.seidata.com>
next in thread | previous in thread | raw e-mail | index | archive | help
:On Sun, 21 Mar 1999, Steven Grady wrote:
:
:> According to the story, the cracker who got into e-Bay last week got
:> in via FreeBSD. Does anyone know anything more about this?
:
:Does anyone else think the story sounds a bit fishy? The 'hacker'
:mentions little more than well-known 'hacking cliches', and the
:'proof' that is mentioned (a bogus page placed on one of Ebay's web
:servers) could have just as easily been accomplished by spoofed DNS.
:
:*shrug*
:
:Later,
:
: -Mike
It's hard to say. It depends how up-to-date EBay's machines are. If
they are running too-old versions of (name virtually any third-party
server software here) then breaking in would be trivial. If they are
uptodate then breaking in would be near impossible. I think the last
freebsd-specific hole was in lpd, closed 6+ months ago. But there have
been dozens of holes in popular third party programs closed, some quite
recently. popper, imapd, wu-ftpd, a couple of possible holes in sshd,
named, and so forth. You name it.
Most of these holes were fixed months ago, but if a company does not keep
their systems uptodate they'd be wide open. Just look at the number of
people running older FreeBSD releases -- I wonder how many bother to
update their ports installs at all. The problem is even worse for Linux
( though nothing compared to the disaster called 'NT' ).
I can say that whenever a new hole is found, ISPs tend to get hit first.
I haven't heard anyone at BEST screaming recently so it's doubtful that
a new hole has been found. Also suspect is the fact that EBay should be
running secure servers --- they shouldn't be running *any* standard
services on their servers and they sure as hell don't have consumer shell
accounts. Security holes are typically exploited through standard
services or consumer shell accounts. The machines should therefore
be reasonably secure unless EBay had shit for brains when they wrote
the CGI support for their web site.
-Matt
Matthew Dillon
<dillon@backplane.com>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199903210902.BAA09799>