Linux servers hacked - who would have thought

[thetruthhurts @homail.com]

On Thu, 16 Aug 2007 11:11:07 -0700, "Saran" <none@nospam> wrote:

Unix and Linux have far fewer wholes to be
>exploited by Windows and last I checked, are not exactly the easiest to
>hack into.

Is that really true or is just a lot fewer people are trying to hack
them?

 

[ray]

On Wed, 15 Aug 2007 22:09:42 -0400, Richard Urban wrote:

> So much for Linux (Ubuntu) being bullet proof.
>
> Ubuntu servers hijacked. Used to launch attack.
>
> http://www.eweek.com/article2/0,1895,2171318,00.asp
>
> People have been saying right along that ***ALL*** operating systems are
> vulnerable!

Of course. And some are more vulnerable than others. I note in the article
that security patches, etc. had not been kept up to date on the affected
servers. Yes, that is a recipe for disaster. I keep mine up to date, and
I've not had any problems.

 

[Saran]

thetruthhurts @homail.com wrote:
> On Thu, 16 Aug 2007 11:11:07 -0700, "Saran" <none@nospam> wrote:
>
>> Unix and Linux have far fewer wholes to be
>> exploited by Windows and last I checked, are not exactly the easiest
>> to hack into.
>
> Is that really true or is just a lot fewer people are trying to hack
> them?

Actually it's probably a bit of both. Straight hacking a random Linux
box, good luck. It's when things like root-kits somehow get installed
(usually by a clueless admin being fooled by some advert on the web,
irc, etc) that's the big cause of infiltrations. This is true of any OS
that can be accessed remotely.

There are also brute force bots out there, but anyone watching logs and
such can catch those easily enough. There is no excuse for letting
someone "for a long time now it seems" to gai nentry to a system via
brute force. It's as if no one was watching their servers in that
scenario. That's not a product of hacking, that's a product of
incompetent and/or lazy admins.

-saran

 

[Saran]

ray wrote:
> On Wed, 15 Aug 2007 22:09:42 -0400, Richard Urban wrote:
>
>> So much for Linux (Ubuntu) being bullet proof.
>>
>> Ubuntu servers hijacked. Used to launch attack.
>>
>> http://www.eweek.com/article2/0,1895,2171318,00.asp
>>
>> People have been saying right along that ***ALL*** operating systems
>> are vulnerable!
>
> Of course. And some are more vulnerable than others. I note in the
> article that security patches, etc. had not been kept up to date on
> the affected servers. Yes, that is a recipe for disaster. I keep mine
> up to date, and I've not had any problems.

While keeping up to date in security patches is important, it's not that
alone that gets things done. Even on a ssytem that's out of date, proper
administration - checking logs, statuses, etc - can keep a a system
break in free. You can have all the patches i nthe world, but ify ou let
someone brute force for somw time to break in, all those security
patches wont have done any good. Patches are worthless when admins
neglect their jobs.

-saran

 

[Mr. Arnold]

<snipped>

> I guess it depends if the admins actually do their job as maintainers. If
> they don't, it's no one's fault but their own.
>
>> You think this is an extreme exception?
>
> For live servers, yes I do. Any properly maintained live server (like
> those in data centers used by hosting companies) should fall prey to such
> attacks if the admins do their jobs. If they do then someone wasn't taking
> care of things.

What you have said up above there makes no sense whatsoever.

The bottom line is no matter what it is, as long as Human Beings are
involved with it in some kind of way there is always going to
vulnerabilities.

 

[Leythos]

In article <ewyqpdD4HHA.2208@TK2MSFTNGP06.phx.gbl>, none@nospam says...
> Actually it's probably a bit of both. Straight hacking a random Linux
> box, good luck. It's when things like root-kits somehow get installed
> (usually by a clueless admin being fooled by some advert on the web,
> irc, etc) that's the big cause of infiltrations. This is true of any OS
> that can be accessed remotely.

But that fits the target audience for Ubuntu, clueless users running as
root.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

 

[Wayne M. Poe]

Leythos wrote:
> In article <ewyqpdD4HHA.2208@TK2MSFTNGP06.phx.gbl>, none@nospam
> says...
>> Actually it's probably a bit of both. Straight hacking a random Linux
>> box, good luck. It's when things like root-kits somehow get installed
>> (usually by a clueless admin being fooled by some advert on the web,
>> irc, etc) that's the big cause of infiltrations. This is true of any
>> OS that can be accessed remotely.
>
> But that fits the target audience for Ubuntu, clueless users running
> as root.


And how is that true? If any system almsot forces you to run as admin
(to really do anything useful) it's Windows. I don't know of an OS with
more clueless people.

 

[Leythos]

In article <5ijn0fF3pja2bU1@mid.individual.net>,
louisREMOVE@REMOVEh4h.com says...
> Leythos wrote:
> > In article <ewyqpdD4HHA.2208@TK2MSFTNGP06.phx.gbl>, none@nospam
> > says...
> >> Actually it's probably a bit of both. Straight hacking a random Linux
> >> box, good luck. It's when things like root-kits somehow get installed
> >> (usually by a clueless admin being fooled by some advert on the web,
> >> irc, etc) that's the big cause of infiltrations. This is true of any
> >> OS that can be accessed remotely.
> >
> > But that fits the target audience for Ubuntu, clueless users running
> > as root.
>
>
> And how is that true? If any system almsot forces you to run as admin
> (to really do anything useful) it's Windows. I don't know of an OS with
> more clueless people.

And those same clueless people hear about a new, great, security driven,
OS that's free and they make the same mistakes that make in Windows -
they run as Root, download anything, compromise their machines, etc...

I've been using PC's since the 70's, never had a virus/malware on any of
My Own computers, never, and that includes about every OS on the market
and some that weren't, so it's not the OS, they all have flaws, it's the
idiots that fall for the marketing crap that tells them this OS will
keep them from getting hacked....

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

 

[norm]

Leythos wrote:
> In article <ewyqpdD4HHA.2208@TK2MSFTNGP06.phx.gbl>, none@nospam says...
>> Actually it's probably a bit of both. Straight hacking a random Linux
>> box, good luck. It's when things like root-kits somehow get installed
>> (usually by a clueless admin being fooled by some advert on the web,
>> irc, etc) that's the big cause of infiltrations. This is true of any OS
>> that can be accessed remotely.
>
> But that fits the target audience for Ubuntu, clueless users running as
> root.
>
Ubuntu, by default, does not run as root. The only default way to gain
root is as superuser, and that access is limited only to the person that
creates the original user account. And the original user is the only one
that can create secondary accounts with ANY privileges. In other words,
clueless users running as root is very much an oxymoron.

--
norm

 

[Frank]

norm wrote:

> Leythos wrote:
>
>> In article <ewyqpdD4HHA.2208@TK2MSFTNGP06.phx.gbl>, none@nospam says...
>>
>>> Actually it's probably a bit of both. Straight hacking a random Linux
>>> box, good luck. It's when things like root-kits somehow get installed
>>> (usually by a clueless admin being fooled by some advert on the web,
>>> irc, etc) that's the big cause of infiltrations. This is true of any
>>> OS that can be accessed remotely.
>>
>>
>> But that fits the target audience for Ubuntu, clueless users running
>> as root.
>>
> Ubuntu, by default, does not run as root. The only default way to gain
> root is as superuser, and that access is limited only to the person that
> creates the original user account. And the original user is the only one
> that can create secondary accounts with ANY privileges. In other words,
> clueless users running as root is very much an oxymoron.
>

Administrator is disabled by default in Vista.
Frank

 

[ray]

On Thu, 16 Aug 2007 13:43:23 -0500, thetruthhurts wrote:

> On Thu, 16 Aug 2007 11:11:07 -0700, "Saran" <none@nospam> wrote:
>
> Unix and Linux have far fewer wholes to be
>>exploited by Windows and last I checked, are not exactly the easiest to
>>hack into.
>
> Is that really true or is just a lot fewer people are trying to hack
> them?

I believe it really is true. The security model is completely different.
But, for practical purposes, does it really matter?

 

[Charlie Tame]

Lang Murphy wrote:
> <snip>
>
>> The article seems to suggest that the machines in question were
>> extremely poorly maintained and running outdated versions of the OS.
>
> And that doesn't happen with regularity in the real world? You think
> this is an extreme exception?
>
> Lang


Not in the least, not me anyway.

 

[Jerry White]

"Mr. Arnold" <MR. Arnold@Arnold.com> wrote in message
news:%23NTPNiD4HHA.4672@TK2MSFTNGP05.phx.gbl...
>
> <snipped>
>
>> I guess it depends if the admins actually do their job as maintainers. If
>> they don't, it's no one's fault but their own.
>>
>>> You think this is an extreme exception?
>>
>> For live servers, yes I do. Any properly maintained live server (like
>> those in data centers used by hosting companies) should fall prey to such
>> attacks if the admins do their jobs. If they do then someone wasn't
>> taking care of things.
>
> What you have said up above there makes no sense whatsoever.
>
> The bottom line is no matter what it is, as long as Human Beings are
> involved with it in some kind of way there is always going to
> vulnerabilities.

That's basically what he said. It was the admins who were at fault in this
case.

 

[Charlie Tame]

Kerry Brown wrote:
> "Charlie Tame" <charlie@tames.net> wrote in message
> news:eYk2p163HHA.1824@TK2MSFTNGP04.phx.gbl...
>> Richard Urban wrote:
>>> So much for Linux (Ubuntu) being bullet proof.
>>>
>>> Ubuntu servers hijacked. Used to launch attack.
>>>
>>> http://www.eweek.com/article2/0,1895,2171318,00.asp
>>>
>>> People have been saying right along that ***ALL*** operating systems
>>> are vulnerable!
>>>
>>
>>
>>
>> If you thought otherwise then it only exposes a deplorable lack of
>> knowledge on your part.
>>
>> The article seems to suggest that the machines in question were
>> extremely poorly maintained and running outdated versions of the OS.
>
>
> If Canonical can't maintain a Linux server who can? Can you imagine the
> outcry if Microsoft's server's were hacked because they hadn't kept them
> up to date? I totally agree that the reason this happened is because the
> servers were out of date but it is ironic that they were servers run by
> Canonical. It is more a statement of how important it is to stay up to
> date with patches than anything else. The OS is really irrelevant.
>


Absolutely in agreement, and yes it is ironic, someone needs their
backside kicked to be honest, but you made the important point that the
OS is not relevant at all.

 

[Jerry White]

"Frank" <fb@nospaner.cnm> wrote in message
news:%23QAcIIC4HHA.948@TK2MSFTNGP06.phx.gbl...
> norm wrote:
>> Kerry Brown wrote:
>>
>>> "Charlie Tame" <charlie@tames.net> wrote in message
>>> news:eYk2p163HHA.1824@TK2MSFTNGP04.phx.gbl...
>>>
>>>> Richard Urban wrote:
>>>>
>>>>> So much for Linux (Ubuntu) being bullet proof.
>>>>>
>>>>> Ubuntu servers hijacked. Used to launch attack.
>>>>>
>>>>> http://www.eweek.com/article2/0,1895,2171318,00.asp
>>>>>
>>>>> People have been saying right along that ***ALL*** operating systems
>>>>> are vulnerable!
>>>>>
>>>>
>>>>
>>>>
>>>> If you thought otherwise then it only exposes a deplorable lack of
>>>> knowledge on your part.
>>>>
>>>> The article seems to suggest that the machines in question were
>>>> extremely poorly maintained and running outdated versions of the OS.
>>>
>>>
>>>
>>> If Canonical can't maintain a Linux server who can? Can you imagine the
>>> outcry if Microsoft's server's were hacked because they hadn't kept them
>>> up to date? I totally agree that the reason this happened is because the
>>> servers were out of date but it is ironic that they were servers run by
>>> Canonical. It is more a statement of how important it is to stay up to
>>> date with patches than anything else. The OS is really irrelevant.
>>>
>> Although it doesn't mitigate the situation, it was local communities
>> operating and maintaining the servers, not canonical. See the following:
>> http://www.dslreports.com/forum/r18880277-Ubuntu-servers-hacked-to-attack-others
>
> The linturd zealots always represent that linux can be run totally
> securely by any 6 yr old.
> I guess reality is a difficult thing to accept.
> Frank

I don't recall anyone ever sayign that of Linux. Linux is overall more
secure than Windows, but it comes down to who is administrating it.

On the other hand, any 6 year old using internet explorer can royally fubar
a Windows system within minutes if not seconds.

 

[Charlie Tame]

Frank wrote:
> norm wrote:
>> Kerry Brown wrote:
>>
>>> "Charlie Tame" <charlie@tames.net> wrote in message
>>> news:eYk2p163HHA.1824@TK2MSFTNGP04.phx.gbl...
>>>
>>>> Richard Urban wrote:
>>>>
>>>>> So much for Linux (Ubuntu) being bullet proof.
>>>>>
>>>>> Ubuntu servers hijacked. Used to launch attack.
>>>>>
>>>>> http://www.eweek.com/article2/0,1895,2171318,00.asp
>>>>>
>>>>> People have been saying right along that ***ALL*** operating
>>>>> systems are vulnerable!
>>>>>
>>>>
>>>>
>>>>
>>>> If you thought otherwise then it only exposes a deplorable lack of
>>>> knowledge on your part.
>>>>
>>>> The article seems to suggest that the machines in question were
>>>> extremely poorly maintained and running outdated versions of the OS.
>>>
>>>
>>>
>>> If Canonical can't maintain a Linux server who can? Can you imagine
>>> the outcry if Microsoft's server's were hacked because they hadn't
>>> kept them up to date? I totally agree that the reason this happened
>>> is because the servers were out of date but it is ironic that they
>>> were servers run by Canonical. It is more a statement of how
>>> important it is to stay up to date with patches than anything else.
>>> The OS is really irrelevant.
>>>
>> Although it doesn't mitigate the situation, it was local communities
>> operating and maintaining the servers, not canonical. See the following:
>> http://www.dslreports.com/forum/r18880277-Ubuntu-servers-hacked-to-attack-others
>>
>>
>
> The linturd zealots always represent that linux can be run totally
> securely by any 6 yr old.
> I guess reality is a difficult thing to accept.
> Frank


I'm always happy to criticize anything Frank

 

[Charlie Tame]

DanS wrote:
> "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in
> news:ucCM0QB4HHA.3400@TK2MSFTNGP03.phx.gbl:
>
>
>>> The article seems to suggest that the machines in question were
>>> extremely poorly maintained and running outdated versions of the OS.
>>
>> If Canonical can't maintain a Linux server who can? Can you imagine
>> the outcry if Microsoft's server's were hacked because they hadn't
>> kept them up to date? I totally agree that the reason this happened is
>> because the servers were out of date but it is ironic that they were
>> servers run by Canonical. It is more a statement of how important it
>> is to stay up to date with patches than anything else. The OS is
>> really irrelevant.
>
> What's not so irrelevent is the way the 'hack' may have perpetrated.
>
> While no absolute method of hacking was given, no 'exploit', this
> statement was made...
>
> "FTP (not sftp, without SSL) was being used to access the machines, so an
> attacker (in the right place) could also have gotten access by sniffing
> the clear-text passwords," he said.
>
> If that was the method used, there was no 'hacking' or exploit involved,
> as it wouldn't have been some internal deficiency, just simply using an
> existing sniffed login and password.
>
> I've always detested the way Windows Server FTP server could only be
> accesssed by users if they have a l/p in AD.
>
> People have got to remember, basic SMTP, FTP, POP, and NNTP protocols do
> use plain text when sending usernames and passwords.


Actually a very very valid observation. Once you hand over the car keys
expect to walk home

 

[Leythos]

In article <uGEM8yD4HHA.3900@TK2MSFTNGP02.phx.gbl>,
noone@afakeddomain.net says...
> Ubuntu, by default, does not run as root. The only default way to gain
> root is as superuser, and that access is limited only to the person that
> creates the original user account. And the original user is the only one
> that can create secondary accounts with ANY privileges. In other words,
> clueless users running as root is very much an oxymoron.

No, since it's being touted as the OS for home users, simple to use,
easy to install, etc... The same target will run as SU all the time,
they were told that you don't need AV, it's not hackable, no security
threats, that's why they will run as root and why they get compromised.



--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

 

[Charlie Tame]

Jerry White wrote:
> "Frank" <fb@nospaner.cnm> wrote in message
>> The linturd zealots always represent that linux can be run totally
>> securely by any 6 yr old.
>> I guess reality is a difficult thing to accept.
>> Frank
>
> I don't recall anyone ever sayign that of Linux. Linux is overall more
> secure than Windows, but it comes down to who is administrating it.
>
> On the other hand, any 6 year old using internet explorer can royally fubar
> a Windows system within minutes if not seconds.


I knew someone once, I swear to God he could have crashed an Abacus...

 

[Ricky]

You miss the sarcasim in the post Charlie!



"Charlie Tame" wrote:

> Richard Urban wrote:
> > So much for Linux (Ubuntu) being bullet proof.
> >
> > Ubuntu servers hijacked. Used to launch attack.
> >
> > http://www.eweek.com/article2/0,1895,2171318,00.asp
> >
> > People have been saying right along that ***ALL*** operating systems are
> > vulnerable!
> >
>
>
>
> If you thought otherwise then it only exposes a deplorable lack of
> knowledge on your part.
>
> The article seems to suggest that the machines in question were
> extremely poorly maintained and running outdated versions of the OS.
>