Date: Sun, 21 Mar 1999 01:02:20 -0800 (PST) From: Matthew Dillon <dillon@apollo.backplane.com> To: <mike@seidata.com> Cc: Steven Grady <grady@xcf.berkeley.edu>, freebsd-security@FreeBSD.ORG Subject: Re: question about e-bay breakin last week Message-ID: <199903210902.BAA09799@apollo.backplane.com> References: <Pine.BSF.4.05.9903210314200.1682-100000@ns1.seidata.com>
next in thread | previous in thread | raw e-mail | index | archive | help
:On Sun, 21 Mar 1999, Steven Grady wrote: : :> According to the story, the cracker who got into e-Bay last week got :> in via FreeBSD. Does anyone know anything more about this? : :Does anyone else think the story sounds a bit fishy? The 'hacker' :mentions little more than well-known 'hacking cliches', and the :'proof' that is mentioned (a bogus page placed on one of Ebay's web :servers) could have just as easily been accomplished by spoofed DNS. : :*shrug* : :Later, : : -Mike It's hard to say. It depends how up-to-date EBay's machines are. If they are running too-old versions of (name virtually any third-party server software here) then breaking in would be trivial. If they are uptodate then breaking in would be near impossible. I think the last freebsd-specific hole was in lpd, closed 6+ months ago. But there have been dozens of holes in popular third party programs closed, some quite recently. popper, imapd, wu-ftpd, a couple of possible holes in sshd, named, and so forth. You name it. Most of these holes were fixed months ago, but if a company does not keep their systems uptodate they'd be wide open. Just look at the number of people running older FreeBSD releases -- I wonder how many bother to update their ports installs at all. The problem is even worse for Linux ( though nothing compared to the disaster called 'NT' ). I can say that whenever a new hole is found, ISPs tend to get hit first. I haven't heard anyone at BEST screaming recently so it's doubtful that a new hole has been found. Also suspect is the fact that EBay should be running secure servers --- they shouldn't be running *any* standard services on their servers and they sure as hell don't have consumer shell accounts. Security holes are typically exploited through standard services or consumer shell accounts. The machines should therefore be reasonably secure unless EBay had shit for brains when they wrote the CGI support for their web site. -Matt Matthew Dillon <dillon@backplane.com> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199903210902.BAA09799>