Date: Tue, 21 Jul 1998 22:19:02 -0700 From: "Jordan K. Hubbard" <jkh@time.cdrom.com> To: "Lee Crites (ASC)" <leec@adam.adonai.net> Cc: Drew Derbyshire <ahd@kew.com>, security@FreeBSD.ORG Subject: Re: hacked and don't know why Message-ID: <11754.901084742@time.cdrom.com> In-Reply-To: Your message of "Tue, 21 Jul 1998 19:06:24 CDT." <Pine.BSF.3.96.980721185446.5721A-100000@adam.adonai.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> This is almost a frightening message. We were hacked like this > two weeks ago. How frequently are FreeBSD systems getting hacked > into? Is there even anyone who has stats on this kind of thing? Not frightening, just depressing because once you investigate these incidents you find that in 99.9% of the cases, it was down to one of two things: 1. A security hole introduced through bad administration (someone fumble-fingers a firewall config and now suddenly the entire net is open to the outside). 2. A well-known security hole that has been announced on Bugtrax and other places but is not closed by the local admins. People who remember all the way back to Robert T. Morris's Internet Worm will recall that half the systems attacked were Suns running an ancient version of fingerd for which patches had been available for months and for which Sun had released several public advisories. Did the admins bother to find out about this or, even once it was generally known, apply the patches? No. As long as human factors issues like this remain the biggest security hole of all, I doubt you're going to see an end to this. A FreeBSD (or Linux or Solaris or AIX or ...) box is only as secure as its admins are willing to make it. - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?11754.901084742>