From owner-freebsd-chat Wed Dec 8 10:44:40 1999 Delivered-To: freebsd-chat@freebsd.org Received: from Astrovan.cstone.net (mailstop.cstone.net [205.197.102.13]) by hub.freebsd.org (Postfix) with ESMTP id 4637C158CB for ; Wed, 8 Dec 1999 10:25:23 -0800 (PST) (envelope-from highway@cstone.net) Received: from cstone.net (snowcrash.cstone.net [209.145.66.12]) by Astrovan.cstone.net (Post.Office MTA v3.5.3 release 223 ID# 0-59789U13500L1350S0V35) with ESMTP id net for ; Wed, 8 Dec 1999 12:30:31 -0500 Message-ID: <384E96EA.E9E0833C@cstone.net> Date: Wed, 08 Dec 1999 12:35:38 -0500 From: Sean Michael Whipkey Organization: Cornerstone Networks, Inc. X-Mailer: Mozilla 4.61 [en] (X11; I; FreeBSD 3.3-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-chat Subject: Re: Yahoo hacked last night References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Jonathon McKitrick wrote: > Question: if a site like yahoo has telnet disabled (thus disabling running > commands directly) how could someone gain control of the system or access > to privileged information? There are lots of ways to compromise a system without needing telnet. Buffer overflows in various programs will allow arbitrary commands to be run; some holes in FTP programs, etc., will allow you to FTP as a root user. Any system on the Internet is vulnerable...it's just a question of *how* vulnerable. :) SeanMike -- SeanMike Whipkey - highway@cstone.net - http://www.cstone.net Engineering Department, Cornerstone Networks, Inc. - 804.817.7000 HEY! Lay off the SeanMike! The man's a misunderstood visionary! - Kermit Labmonkey (aka Ryan Kimmet) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message