Re: should I firewall an open port which isn't used? (was ... Re: Guide(s?) to backup philosophies)

To: Nathan Dorfman <ndorf@rtfm.net>
Cc: debian-user@lists.debian.org, cbannister@slingshot.co.nz
Subject: Re: should I firewall an open port which isn't used? (was ... Re: Guide(s?) to backup philosophies)
From: Dominik George <nik@naturalnet.de>
Date: Fri, 31 Mar 2017 23:19:34 +0200
Message-id: <[🔎] 20170331211933.ret6dqxejyvfeqb3@portux.lan.naturalnet.de>
In-reply-to: <20170331205340.GB32002@rtfm.net>
References: <[🔎] ef34df2b-20d7-e2ed-f9a4-875cc09c9b68@cloud85.net> <[🔎] 1da38dbd-57cc-816a-b108-9b1a54159701@holgerdanske.com> <[🔎] slrnocd4r9.8pl.dan@xps-linux.djph.net> <[🔎] b996cffe-6f59-38df-8aa4-35e62a92c150@holgerdanske.com> <[🔎] 20170331120044.GU8896@localhost.localdomain> <[🔎] 3FC836A7-5C6C-4347-A68C-CCA0D52830DE@naturalnet.de> <20170331205340.GB32002@rtfm.net>

> On Fri, Mar 31, 2017 at 02:07:54PM +0200, Dominik George wrote:
> > That's how w^Hsomeone rooted Dreamhost.
> 
> Are you referring to the 2012 incident, or something more recent?
> 
> I thought the former was an issue with lax filesystem permissions.

(This is getting somewhat OT; if you want to discuss that further, maybe
choose private conversation or another mailing list… I only intended to
provide a scenario that was not made up.)

Something less recent, from late 2010.

The thing I described was reported only to the company themselves, who
still failed to fix the root issue for several years.

After their administrators and CEO (funnily enough, it was his
webhosting account that had the vulnerable PHP application I was talking
about…) had ignored the issue for more than a year, $someone dropped a
note in the Chaos Communication Congress' wiki. What exactly this note
was used for and what it was not used for is beyond my knowledge.

-nik

-- 
PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17  FD26 B79A 3C16 A0C4 F296

Dominik George · Hundeshagenstr. 26 · 53225 Bonn
Mobile: +49-1520-1981389 · https://www.dominik-george.de/

Teckids e.V. · FrOSCon e.V.
Fellowship of the FSFE · Piratenpartei Deutschland
Opencaching Deutschland e.V. · Debian Maintainer

LPIC-3 Linux Enterprise Professional (Security)

Reply to:

References:
- Guide(s?) to backup philosophies
  - From: Richard Owlett <rowlett@cloud85.net>
- Re: Guide(s?) to backup philosophies
  - From: David Christensen <dpchrist@holgerdanske.com>
- Re: Guide(s?) to backup philosophies
  - From: Dan Purgert <dan@djph.net>
- Re: Guide(s?) to backup philosophies
  - From: David Christensen <dpchrist@holgerdanske.com>
- should I firewall an open port which isn't used? (was ... Re: Guide(s?) to backup philosophies)
  - From: cbannister@slingshot.co.nz
- Re: should I firewall an open port which isn't used? (was ... Re: Guide(s?) to backup philosophies)
  - From: Dominik George <nik@naturalnet.de>

Prev by Date: Re: Wan/Lan problem [SOLVED]
Next by Date: Re: Matrox G550 mga driver hangs system
Previous by thread: Re: should I firewall an open port which isn't used? (was ... Re: Guide(s?) to backup philosophies)
Next by thread: Re: should I firewall an open port which isn't used? (was ... Re: Guide(s?) to backup philosophies)
Index(es):
- Date
- Thread