Date: Fri, 14 Jan 2000 16:43:57 -0800 (PST) From: John Wilson <john_wilson100@excite.com> To: Alex Kapranoff <alex@kapran.bitmcnit.bryansk.su> Cc: freebsd-advocacy@FreeBSD.ORG Subject: Re: FreBSD Rulez Message-ID: <15637142.947897037719.JavaMail.imail@prance.excite.com>
next in thread | raw e-mail | index | archive | help
Alex Kapranoff wrote: > > > > Atos: May I ask you a few technical questions? What operating systems were > > they running? [the servers he'd hacked into -J.W.] > > > > Webster: Linux, kernel 2.0.38 with no significant security holes, which is > > absolutely impossible to penetrate from outside without a user account on > > the system. [But he did nonetheless - does it mean he had an account? > > -J.W.] > > Yes, this was a two-stage break-in. First, some less secure server, then > use those accounts on the main target. (people do use identical passwords) > > > Atos: Can you break into any server, or do you use some known security > > holes or exploits? > > > > Webster: I can break into any system. > > Remember, he was just seeking for jobs. He clearly stated it on the spoofed > pages. And he tried to make impression in all his interviews (there're lots of). > Anyway no excuse for cracker. > > > Atos: Can you be sure than no-one will ever be able to hack into a server > > secured by you? > > > > Webster: I am absolutely certain. > > Same thing. This country is still staggering and it's sometimes really hard > to find job for a young professional. I really cannot imagine how this could possibly help someone get a job. Isn't attempting to gain unauthorised access to a computer a criminal offence in Russia? Yes, sometimes customer sites can hire groups of hackers to perform "penetration testing" on their systems, but even then there are some problems. If a company wants to hire someone to hack their own site, they must ensure that the scope of the hacking attempts are clearly defined beforehand, and the people they hire must ensure that they are insured against any accidental damage that they might cause to the system. I don't see it happening here. How can a person break into a computer system, tell everyone he did it and expect to get away with it? I realize that some laws are not enforced, but in this case it's like robbing a bank, killing a bunch of security guards, and then saying, "Hey! Your security's no good - you gotta hire me guys!" > > Atos: This interview is likely to be published on the Internet. Would you > > like to add anything, or give some advice to Internet Service Providers? > > > > Webster: They should follow the example of www.elvis.ru and never install > > Linux on a large number of servers, which is but a recipe for disaster. I > > personally recommend FreeBSD. > > FreeBSD is strong in Russia. It doesn't need any advocacy here. Well it looks like it does - or people wouldn't be running Linux! :) John _______________________________________________________ Get 100% FREE Internet Access powered by Excite Visit http://freeworld.excite.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-advocacy" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15637142.947897037719.JavaMail.imail>