Date: Thu, 30 Nov 100 12:32:41 -0500 (EST) From: mwlucas@exceptionet.com To: scrappy@hub.org (The Hermit Hacker) Cc: kris@FreeBSD.ORG, sriva@gufi.org, security@FreeBSD.ORG Subject: Re: FreeBSD hacked? Message-ID: <200011301732.MAA08853@easeway.com> In-Reply-To: <Pine.BSF.4.21.0011301349580.323-100000@thelab.hub.org> from The Hermit Hacker at "Nov 30, 0 01:50:26 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
[picking this message to respond to in general, not you in particular] Kris has said that it wasn't a FreeBSD bug. Freefall runs *how* many services, CGIs, and so on? If he says it's not a FreeBSD bug, and he'll explain in a couple days when he's had time to complete a post-mortem and confirm it, we'll have to deal. If he's wrong, and it *is* a FreeBSD bug, we'll know it when he figures it out. (Or we'll have a new Security Officer PDQ, but that's not likely.) My journalistic voyeurism^H^H^H^H^H^H^H^H^Hcuriosity is aching like anything, but we have to give him time to be correct. Yep, some of us might be vulnerable. I hope I'm not one of them. (scurry off to check Apache version...) No, I'm not one of them. But unless the hole is confirmed, notification is pretty much useless. :( Besides, the hackers *claim* it was a "harmless" intrusion. Kris must be going nuts finding out what else was changed, or confirming nothing else was. We've all been there. IIRC, Freefall's been rooted before. It'll probably be rooted again. A security admin's job sucks, but life goes on. ==ml PS: For those who are new to intrusion response: If Kris says "Oh, they hacked us via the honketyblatt CGI script," and he turns out to be wrong, he gets bitched out. If Kris says "Oh, they hacked us via the honketyblatt CGI script," and he is correct but can't back it up, he gets bitched out. If Kris says "Let me check things, and I'll tell you later," he gets bitched out. Kris has lots of other possible actions. They all end with, "he gets bitched out." He's basically doomed. Sorry, Kris. Remind me to never volunteer for the security officer position. ==ml -- Michael Lucas | Exceptionet, Inc. | www.exceptionet.com "Exceptional Networking" | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200011301732.MAA08853>