[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: More hacked servers?

On Thu, 27 Nov 2003 04:51, Matt Zimmerman <mdz@debian.org> wrote:
> Big money does not imply big security.  Large corporations with lots of
> money to spend on security are compromised all the time.  Obviously, they
> aren't as forthcoming about it as Debian due to monetary concerns, but even
> those incidents which are publicized are enough to demonstrate this.

You are forgetting one important point.  You have to NOTICE a hack before you 
can fix it.  Big companies have a bad history of not even knowing that they 
are hacked if their web page is not defaced.

One company I worked for had a machine where Apache would SEGV about 10,000 
times per day.  I expect that you could exploit the system to execute 
arbitary code, which could then gain access to the internal network.

In spite of this my colleagues believed that their firewall did everything 
necessary to protect the internal network.  The network was configured such 
that anyone who had access to the internal network effectively had root on 
all machines (there were so many ways of getting root it wasn't funny).

AFAIK that network is still running in the same manner...

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page
Reply to: