Linux Today: Linux News On Internet Time.

More on LinuxToday

LinuxSecurity.com: If It Ain't Broke See If It's Fixed

Dec 18, 2002, 08:30 (0 Talkback[s])
(Other stories by Duane Dunston)

"'He got into the UUCP account. No password protection. Wide open. ...Worse, Elxsi had its UUCP account set up with system privileges, It took the hacker only a minute to realize that he'd stumbled into a privileged account. ...He didn't lose any time. He edited the password file, and added a new account, one with system manager privileges. Named it Mark. 'Keep it bland," I thought.''

That is an excerpt from the book Cuckoo's Egg published in 1989. As far as the principles of how the attacker gained access to the system above, nothing much has changed since that time. Attackers are still exploiting the most well-known vulnerabilities in computer systems. 'This can be attributed to the fact that attackers are opportunistic, take the easiest and most convenient route, and exploit the best-known flaws with the most effective and widely available attack tools.'(www.sans.org)

"This article is nothing new but it has to be reinforced every now and then..."

Complete Story

Related Stories: