Replies are listed 'Best First'.
Quiet in the jungle by Ovid (Cardinal) on Jul 18, 2002 at 16:24 UTC
You say you don't listen, but I want you to listen because maybe you don't care what happens to you, but I don't want your carelessness to affect me! I'm dead serious about that. Maybe the data is backed up and isn't sensitive. That's still a computer you have there and it's obviously hooked up to the net. If a cracker sees this, he or she is going to know that you don't care about security and I'm willing to bet that you have plenty of other security holes on this box. Now, here's a quote from a friend of mine that I've included in my CGI course: [A friend] found I had been running the server for a few months, and asked what kind of security I was running. I chuckled and told him there was no need, since the computer had no valuable information on it. He gave me a funny look, and he started port-scanning my machine. As you would expect, just about everything was open. As we looked further and further in to it, things starting looking bad. There was evidence that someone else had been in my system. The clincher came when we found a SQL server database of news groups on my server. Chances are I was used to spam these news groups. The person quoted above was apparently used to spam newsgroups. That's pretty annoying. It would have been more annoying to find out that his box was a slave participating in DDOS attacks. I strongly urge you to read through my course. It's not the best you'll find, but it's fairly decent and it will give you some background information that you need. I don't mean to sound harsh, but this is pretty serious and I don't want to kid around about it. I'm sick of klez. I'm sick of DDOS attacks. I'm sick of Sub Seven. I'm sick of all of those irritating and costly security issues caused by people thinking "the data's backed up and isn't sensitive so I don't need to worry about security". At the very least, if you truly believe that there's nothing wrong with your point of view, please don't advertise it. A lot of animals are silent in the jungle for a very good reason. Cheers, Ovid Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.	[reply]

Replies are listed 'Best First'.

Quiet in the jungle
by Ovid (Cardinal) on Jul 18, 2002 at 16:24 UTC

You say you don't listen, but I want you to listen because maybe you don't care what happens to you, but I don't want your carelessness to affect me! I'm dead serious about that. Maybe the data is backed up and isn't sensitive. That's still a computer you have there and it's obviously hooked up to the net. If a cracker sees this, he or she is going to know that you don't care about security and I'm willing to bet that you have plenty of other security holes on this box. Now, here's a quote from a friend of mine that I've included in my CGI course:

[A friend] found I had been running the server for a few months, and asked what kind of security I was running. I chuckled and told him there was no need, since the computer had no valuable information on it.

He gave me a funny look, and he started port-scanning my machine. As you would expect, just about everything was open. As we looked further and further in to it, things starting looking bad. There was evidence that someone else had been in my system.

The clincher came when we found a SQL server database of news groups on my server. Chances are I was used to spam these news groups.

The person quoted above was apparently used to spam newsgroups. That's pretty annoying. It would have been more annoying to find out that his box was a slave participating in DDOS attacks.

I strongly urge you to read through my course. It's not the best you'll find, but it's fairly decent and it will give you some background information that you need. I don't mean to sound harsh, but this is pretty serious and I don't want to kid around about it.

I'm sick of klez.

I'm sick of DDOS attacks.

I'm sick of Sub Seven.

I'm sick of all of those irritating and costly security issues caused by people thinking "the data's backed up and isn't sensitive so I don't need to worry about security". At the very least, if you truly believe that there's nothing wrong with your point of view, please don't advertise it. A lot of animals are silent in the jungle for a very good reason.

Cheers,
Ovid

Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.

[reply]