Re: [linux-security] Re: Checking remote servers

[Joey Mitchell Comeau <aw096 chebucto ns ca>]

Hi there. just a quick note.

> Anyway, if you are really hacked by a l33t hacker, he will not damage your
> system, and he may even mail you a fix if he is in a good mood.

That is a gross generalization. Just because someon has (well, whatever 
it is that hackers have, be it talent or just technical knowledge.) does 
not mean that they will all fit the same moral profile. There are plenty 
of talented assholes out there. they may even outnumber your "l33t 
hacker" 's

> It is oubvious that if you are the keeper of valuable data, you cannot even
> allow such intrusion.

Nor can you stop it before it happens. New security holes and bugs are 
found all the time. Odds are that someone out there(leet's?) will know 
about them before it gets posted to bug-traq or linux-security.
	But you should take all the precautions you can if you are in 
charge of confidential valuble info.(or it shouldn't be available via the 
net. standalones are the only 100% unhackable computer types  i know.)

> Of course, those who just try /cgi-bin/php?/etc/passwd and classic holes
> without really understanding what they are doing will not cause you problem
> if you are doing your job seriously.

I believe that it is phf  :P
If you are doing your job seriously phf would not be there. and your 
/etc/passwd would be shadowed.


> But, well, I have seen military servers that let the shadowed password file
> accessible via anonymous ftp (and the passwords worked), so I suppose
> everything is possible...

Why wouldn't they?


Joey Comeau.
aw096 chebucto ns ca