So much for Linux (Ubuntu) being bullet proof.

 

Ubuntu servers hijacked. Used to launch attack.

 

http://www.eweek.com/article2/0,1895,2171318,00.asp

 

People have been saying right along that ***ALL*** operating systems are

vulnerable!

 

--

 

 

Regards,

 

Richard Urban

Microsoft MVP Windows Shell/User

(For email, remove the obvious from my address)

Richard Urban wrote:

> So much for Linux (Ubuntu) being bullet proof.

>

> Ubuntu servers hijacked. Used to launch attack.

>

> http://www.eweek.com/article2/0,1895,2171318,00.asp

>

> People have been saying right along that ***ALL*** operating systems are

> vulnerable!

>

 

 

 

If you thought otherwise then it only exposes a deplorable lack of

knowledge on your part.

 

The article seems to suggest that the machines in question were

extremely poorly maintained and running outdated versions of the OS.

Oh. My. God.

That's it. I'm switching to a more secure operating system!

Does anyone know if Apple still makes Lisa?

 

 

 

"Richard Urban" <richardurbanREMOVETHIS@hotmail.com> wrote in message

news:edxtDq63HHA.948@TK2MSFTNGP06.phx.gbl...

> So much for Linux (Ubuntu) being bullet proof.

>

> Ubuntu servers hijacked. Used to launch attack.

>

> http://www.eweek.com/article2/0,1895,2171318,00.asp

>

> People have been saying right along that ***ALL*** operating systems are

> vulnerable!

>

> --

>

>

> Regards,

>

> Richard Urban

> Microsoft MVP Windows Shell/User

> (For email, remove the obvious from my address)

>

How about an S-100 bus machine running CP/M?

 

I might still have a Timex-Sinclair 1000 hiding in the closet.

 

 

"DP" <nospam@nospam.com> wrote in message

news:u%23eea263HHA.948@TK2MSFTNGP06.phx.gbl...

Oh. My. God.

That's it. I'm switching to a more secure operating system!

Does anyone know if Apple still makes Lisa?

 

 

 

"Richard Urban" <richardurbanREMOVETHIS@hotmail.com> wrote in message

news:edxtDq63HHA.948@TK2MSFTNGP06.phx.gbl...

> So much for Linux (Ubuntu) being bullet proof.

>

> Ubuntu servers hijacked. Used to launch attack.

>

> http://www.eweek.com/article2/0,1895,2171318,00.asp

>

> People have been saying right along that ***ALL*** operating systems are

> vulnerable!

>

> --

>

>

> Regards,

>

> Richard Urban

> Microsoft MVP Windows Shell/User

> (For email, remove the obvious from my address)

>

Do you think the Datasette from my old Vic-20 is compatible with the

Sinclair? Is there a hack, maybe?

 

 

"Val" <vmanes@NOSPAMrap.midco.net> wrote in message

news:cMqdnZtC6pk4WF7bnZ2dnUVZ_qmlnZ2d@midco.net...

> How about an S-100 bus machine running CP/M?

>

> I might still have a Timex-Sinclair 1000 hiding in the closet.

>

>

> "DP" <nospam@nospam.com> wrote in message

> news:u%23eea263HHA.948@TK2MSFTNGP06.phx.gbl...

> Oh. My. God.

> That's it. I'm switching to a more secure operating system!

> Does anyone know if Apple still makes Lisa?

>

>

>

> "Richard Urban" <richardurbanREMOVETHIS@hotmail.com> wrote in message

> news:edxtDq63HHA.948@TK2MSFTNGP06.phx.gbl...

>> So much for Linux (Ubuntu) being bullet proof.

>>

>> Ubuntu servers hijacked. Used to launch attack.

>>

>> http://www.eweek.com/article2/0,1895,2171318,00.asp

>>

>> People have been saying right along that ***ALL*** operating systems are

>> vulnerable!

>>

>> --

>>

>>

>> Regards,

>>

>> Richard Urban

>> Microsoft MVP Windows Shell/User

>> (For email, remove the obvious from my address)

>>

>

>

"Val" <vmanes@NOSPAMrap.midco.net> wrote in message

news:cMqdnZtC6pk4WF7bnZ2dnUVZ_qmlnZ2d@midco.net...

> How about an S-100 bus machine running CP/M?

>

> I might still have a Timex-Sinclair 1000 hiding in the closet.

 

 

My KayPro and TRS-80 model I have never been hacked. They must be superior.

CPM - only way to fly :)

 

"Telstar" <none@none> wrote in message news:evnw9e73HHA.5844@TK2MSFTNGP02.phx.gbl...

>

> "Val" <vmanes@NOSPAMrap.midco.net> wrote in message

> news:cMqdnZtC6pk4WF7bnZ2dnUVZ_qmlnZ2d@midco.net...

>> How about an S-100 bus machine running CP/M?

>>

>> I might still have a Timex-Sinclair 1000 hiding in the closet.

>

>

> My KayPro and TRS-80 model I have never been hacked. They must be superior.

>

>

<snip>

> The article seems to suggest that the machines in question were extremely

> poorly maintained and running outdated versions of the OS.

 

And that doesn't happen with regularity in the real world? You think this is

an extreme exception?

 

Lang

Funny, my calculator never got hacked either.

 

Robert Firth

http://www.winvistainfo.org

 

"Telstar" <none@none> wrote in message

news:evnw9e73HHA.5844@TK2MSFTNGP02.phx.gbl...

>

> "Val" <vmanes@NOSPAMrap.midco.net> wrote in message

> news:cMqdnZtC6pk4WF7bnZ2dnUVZ_qmlnZ2d@midco.net...

>> How about an S-100 bus machine running CP/M?

>>

>> I might still have a Timex-Sinclair 1000 hiding in the closet.

>

>

> My KayPro and TRS-80 model I have never been hacked. They must be

> superior.

>

>

LOL, I have 10,000 feet of mylar tape with the programming for the HP-2000.

But where am I going to find 480,000 vacuum tubes and 25 miles of wire? or a

100 baud modem?

 

"Val" <vmanes@NOSPAMrap.midco.net> wrote in message

news:cMqdnZtC6pk4WF7bnZ2dnUVZ_qmlnZ2d@midco.net...

> How about an S-100 bus machine running CP/M?

>

> I might still have a Timex-Sinclair 1000 hiding in the closet.

>

>

> "DP" <nospam@nospam.com> wrote in message

> news:u%23eea263HHA.948@TK2MSFTNGP06.phx.gbl...

> Oh. My. God.

> That's it. I'm switching to a more secure operating system!

> Does anyone know if Apple still makes Lisa?

"DP" <nospam@nospam.com> wrote in message

news:uuUthc73HHA.1824@TK2MSFTNGP04.phx.gbl...

>

> Do you think the Datasette from my old Vic-20 is compatible with the

> Sinclair? Is there a hack, maybe?

>

>

> "Val" <vmanes@NOSPAMrap.midco.net> wrote in message

> news:cMqdnZtC6pk4WF7bnZ2dnUVZ_qmlnZ2d@midco.net...

>> How about an S-100 bus machine running CP/M?

>>

>> I might still have a Timex-Sinclair 1000 hiding in the closet.

>>

>>

>> "DP" <nospam@nospam.com> wrote in message

>> news:u%23eea263HHA.948@TK2MSFTNGP06.phx.gbl...

>> Oh. My. God.

>> That's it. I'm switching to a more secure operating system!

>> Does anyone know if Apple still makes Lisa?

>>

>>

>>

>> "Richard Urban" <richardurbanREMOVETHIS@hotmail.com> wrote in message

>> news:edxtDq63HHA.948@TK2MSFTNGP06.phx.gbl...

>>> So much for Linux (Ubuntu) being bullet proof.

>>>

>>> Ubuntu servers hijacked. Used to launch attack.

>>>

>>> http://www.eweek.com/article2/0,1895,2171318,00.asp

>>>

>>> People have been saying right along that ***ALL*** operating systems are

>>> vulnerable!

>>>

>>> --

>>>

>>>

>>> Regards,

>>>

>>> Richard Urban

>>> Microsoft MVP Windows Shell/User

>>> (For email, remove the obvious from my address)

>>>

>>

>>

>

 

Well, nobody has successfully hacked into my Atari 800, so I guess TOS is

pretty secure )

"Spirit" <noone@notthere.net> wrote in message

news:%234$wag73HHA.1208@TK2MSFTNGP03.phx.gbl...

CPM - only way to fly :)

 

"Telstar" <none@none> wrote in message

news:evnw9e73HHA.5844@TK2MSFTNGP02.phx.gbl...

>

> "Val" <vmanes@NOSPAMrap.midco.net> wrote in message

> news:cMqdnZtC6pk4WF7bnZ2dnUVZ_qmlnZ2d@midco.net...

>> How about an S-100 bus machine running CP/M?

>>

>> I might still have a Timex-Sinclair 1000 hiding in the closet.

>

>

> My KayPro and TRS-80 model I have never been hacked. They must be

> superior.

>

>

 

Let's start an antique OS religious war! TOS was always better than CP/M!

"Charlie Tame" <charlie@tames.net> wrote in message

news:eYk2p163HHA.1824@TK2MSFTNGP04.phx.gbl...

> Richard Urban wrote:

>> So much for Linux (Ubuntu) being bullet proof.

>>

>> Ubuntu servers hijacked. Used to launch attack.

>>

>> http://www.eweek.com/article2/0,1895,2171318,00.asp

>>

>> People have been saying right along that ***ALL*** operating systems are

>> vulnerable!

>>

>

>

>

> If you thought otherwise then it only exposes a deplorable lack of

> knowledge on your part.

>

> The article seems to suggest that the machines in question were extremely

> poorly maintained and running outdated versions of the OS.

 

 

If Canonical can't maintain a Linux server who can? Can you imagine the

outcry if Microsoft's server's were hacked because they hadn't kept them up

to date? I totally agree that the reason this happened is because the

servers were out of date but it is ironic that they were servers run by

Canonical. It is more a statement of how important it is to stay up to date

with patches than anything else. The OS is really irrelevant.

 

--

Kerry Brown

Microsoft MVP - Shell/User

http://www.vistahelp.ca

Kerry Brown wrote:

> "Charlie Tame" <charlie@tames.net> wrote in message

> news:eYk2p163HHA.1824@TK2MSFTNGP04.phx.gbl...

>> Richard Urban wrote:

>>> So much for Linux (Ubuntu) being bullet proof.

>>>

>>> Ubuntu servers hijacked. Used to launch attack.

>>>

>>> http://www.eweek.com/article2/0,1895,2171318,00.asp

>>>

>>> People have been saying right along that ***ALL*** operating systems

>>> are vulnerable!

>>>

>>

>>

>>

>> If you thought otherwise then it only exposes a deplorable lack of

>> knowledge on your part.

>>

>> The article seems to suggest that the machines in question were

>> extremely poorly maintained and running outdated versions of the OS.

>

>

> If Canonical can't maintain a Linux server who can? Can you imagine the

> outcry if Microsoft's server's were hacked because they hadn't kept them

> up to date? I totally agree that the reason this happened is because the

> servers were out of date but it is ironic that they were servers run by

> Canonical. It is more a statement of how important it is to stay up to

> date with patches than anything else. The OS is really irrelevant.

>

Although it doesn't mitigate the situation, it was local communities

operating and maintaining the servers, not canonical. See the following:

http://www.dslreports.com/forum/r18880277-Ubuntu-servers-hacked-to-attack-others

 

--

norm

norm wrote:

> Kerry Brown wrote:

>

>> "Charlie Tame" <charlie@tames.net> wrote in message

>> news:eYk2p163HHA.1824@TK2MSFTNGP04.phx.gbl...

>>

>>> Richard Urban wrote:

>>>

>>>> So much for Linux (Ubuntu) being bullet proof.

>>>>

>>>> Ubuntu servers hijacked. Used to launch attack.

>>>>

>>>> http://www.eweek.com/article2/0,1895,2171318,00.asp

>>>>

>>>> People have been saying right along that ***ALL*** operating systems

>>>> are vulnerable!

>>>>

>>>

>>>

>>>

>>> If you thought otherwise then it only exposes a deplorable lack of

>>> knowledge on your part.

>>>

>>> The article seems to suggest that the machines in question were

>>> extremely poorly maintained and running outdated versions of the OS.

>>

>>

>>

>> If Canonical can't maintain a Linux server who can? Can you imagine

>> the outcry if Microsoft's server's were hacked because they hadn't

>> kept them up to date? I totally agree that the reason this happened is

>> because the servers were out of date but it is ironic that they were

>> servers run by Canonical. It is more a statement of how important it

>> is to stay up to date with patches than anything else. The OS is

>> really irrelevant.

>>

> Although it doesn't mitigate the situation, it was local communities

> operating and maintaining the servers, not canonical. See the following:

> http://www.dslreports.com/forum/r18880277-Ubuntu-servers-hacked-to-attack-others

>

>

 

The linturd zealots always represent that linux can be run totally

securely by any 6 yr old.

I guess reality is a difficult thing to accept.

Frank

"Richard Urban" <richardurbanREMOVETHIS@hotmail.com> wrote in

news:edxtDq63HHA.948@TK2MSFTNGP06.phx.gbl:

> So much for Linux (Ubuntu) being bullet proof.

>

> Ubuntu servers hijacked. Used to launch attack.

>

> http://www.eweek.com/article2/0,1895,2171318,00.asp

>

> People have been saying right along that ***ALL*** operating systems are

> vulnerable!

 

And Linux Servers are related to Vista how ?

 

(I thought I'd give the old Fanboy 'this is a Vista group, so get out of

here with your Linux crap' line.)

"Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in

news:ucCM0QB4HHA.3400@TK2MSFTNGP03.phx.gbl:

 

>>

>> The article seems to suggest that the machines in question were

>> extremely poorly maintained and running outdated versions of the OS.

>

>

> If Canonical can't maintain a Linux server who can? Can you imagine

> the outcry if Microsoft's server's were hacked because they hadn't

> kept them up to date? I totally agree that the reason this happened is

> because the servers were out of date but it is ironic that they were

> servers run by Canonical. It is more a statement of how important it

> is to stay up to date with patches than anything else. The OS is

> really irrelevant.

 

What's not so irrelevent is the way the 'hack' may have perpetrated.

 

While no absolute method of hacking was given, no 'exploit', this

statement was made...

 

"FTP (not sftp, without SSL) was being used to access the machines, so an

attacker (in the right place) could also have gotten access by sniffing

the clear-text passwords," he said.

 

If that was the method used, there was no 'hacking' or exploit involved,

as it wouldn't have been some internal deficiency, just simply using an

existing sniffed login and password.

 

I've always detested the way Windows Server FTP server could only be

accesssed by users if they have a l/p in AD.

 

People have got to remember, basic SMTP, FTP, POP, and NNTP protocols do

use plain text when sending usernames and passwords.

Richard Urban wrote:

> So much for Linux (Ubuntu) being bullet proof.

 

No one ever said it was. Anyone who thinks ANY system is hack proof is

living in a dream world. Unix and Linux have far fewer wholes to be

exploited by Windows and last I checked, are not exactly the easiest to

hack into.

> Ubuntu servers hijacked. Used to launch attack.

>

> http://www.eweek.com/article2/0,1895,2171318,00.asp

 

 

Maybe you should actually read the article.

 

 

that the source of the troubles might have been a Chinese

IP address trying to log onto the servers by brute force

"for a long time now it seems," said a participant

 

The attacker got in via brute force? If that's so then this is nothing

more than a case of an admin neglecting security. Something as simple as

checking logs from time to time could of prevented that. Most Linux

systems I've used have something called LogWatch that compiles a report

of various logs (that can be customized) for the root admin to see every

morning their inbox.

 

 

the servers were all found to be out of date, stuffed with

Web software, and missing security patches-at least in the

instances where it was easy to determine what version

they're running.

 

In other words these machines were poorly kept and possibly running poor

choices of software or software that was poorly configured, probably by

inexperienced personal.

 

 

It seems that this isn't a case of Linux being vulnerable, but what

happens if admins of live servers don't do their job.

 

In any system theres no replacement for good administrators. Linux is

far more solid and robust than Windows could ever hope to be (if Vista

is any indication.)

 

-saran

Lang Murphy wrote:

> <snip>

>

>> The article seems to suggest that the machines in question were

>> extremely poorly maintained and running outdated versions of the OS.

>

> And that doesn't happen with regularity in the real world?

 

I guess it depends if the admins actually do their job as maintainers.

If they don't, it's no one's fault but their own.

> You think this is an extreme exception?

 

For live servers, yes I do. Any properly maintained live server (like

those in data centers used by hosting companies) should fall prey to

such attacks if the admins do their jobs. If they do then someone wasn't

taking care of things.

 

-saran

Telstar wrote:

> "Val" <vmanes@NOSPAMrap.midco.net> wrote in message

> news:cMqdnZtC6pk4WF7bnZ2dnUVZ_qmlnZ2d@midco.net...

>> How about an S-100 bus machine running CP/M?

>>

>> I might still have a Timex-Sinclair 1000 hiding in the closet.

>

>

> My KayPro and TRS-80 model I have never been hacked. They must be

> superior.

 

Wow, how suprising, considering you've never plugged them into the

Internet :)

 

-saran

On Thu, 16 Aug 2007 11:11:07 -0700, "Saran" <none@nospam> wrote:

 

Unix and Linux have far fewer wholes to be

>exploited by Windows and last I checked, are not exactly the easiest to

>hack into.

 

Is that really true or is just a lot fewer people are trying to hack

them?

On Wed, 15 Aug 2007 22:09:42 -0400, Richard Urban wrote:

> So much for Linux (Ubuntu) being bullet proof.

>

> Ubuntu servers hijacked. Used to launch attack.

>

> http://www.eweek.com/article2/0,1895,2171318,00.asp

>

> People have been saying right along that ***ALL*** operating systems are

> vulnerable!

 

Of course. And some are more vulnerable than others. I note in the article

that security patches, etc. had not been kept up to date on the affected

servers. Yes, that is a recipe for disaster. I keep mine up to date, and

I've not had any problems.

thetruthhurts @homail.com wrote:

> On Thu, 16 Aug 2007 11:11:07 -0700, "Saran" <none@nospam> wrote:

>

>> Unix and Linux have far fewer wholes to be

>> exploited by Windows and last I checked, are not exactly the easiest

>> to hack into.

>

> Is that really true or is just a lot fewer people are trying to hack

> them?

 

Actually it's probably a bit of both. Straight hacking a random Linux

box, good luck. It's when things like root-kits somehow get installed

(usually by a clueless admin being fooled by some advert on the web,

irc, etc) that's the big cause of infiltrations. This is true of any OS

that can be accessed remotely.

 

There are also brute force bots out there, but anyone watching logs and

such can catch those easily enough. There is no excuse for letting

someone "for a long time now it seems" to gai nentry to a system via

brute force. It's as if no one was watching their servers in that

scenario. That's not a product of hacking, that's a product of

incompetent and/or lazy admins.

 

-saran

ray wrote:

> On Wed, 15 Aug 2007 22:09:42 -0400, Richard Urban wrote:

>

>> So much for Linux (Ubuntu) being bullet proof.

>>

>> Ubuntu servers hijacked. Used to launch attack.

>>

>> http://www.eweek.com/article2/0,1895,2171318,00.asp

>>

>> People have been saying right along that ***ALL*** operating systems

>> are vulnerable!

>

> Of course. And some are more vulnerable than others. I note in the

> article that security patches, etc. had not been kept up to date on

> the affected servers. Yes, that is a recipe for disaster. I keep mine

> up to date, and I've not had any problems.

 

While keeping up to date in security patches is important, it's not that

alone that gets things done. Even on a ssytem that's out of date, proper

administration - checking logs, statuses, etc - can keep a a system

break in free. You can have all the patches i nthe world, but ify ou let

someone brute force for somw time to break in, all those security

patches wont have done any good. Patches are worthless when admins

neglect their jobs.

 

-saran

<snipped>

> I guess it depends if the admins actually do their job as maintainers. If

> they don't, it's no one's fault but their own.

>

>> You think this is an extreme exception?

>

> For live servers, yes I do. Any properly maintained live server (like

> those in data centers used by hosting companies) should fall prey to such

> attacks if the admins do their jobs. If they do then someone wasn't taking

> care of things.

 

What you have said up above there makes no sense whatsoever.

 

The bottom line is no matter what it is, as long as Human Beings are

involved with it in some kind of way there is always going to

vulnerabilities.