Re: Write-only devices (Was read only devices)

[Valdis.Kletnieks () vt edu (Valdis.Kletnieks () vt edu)]

--===_-1_Fri_Jun_28_13:53:53_EDT_1996
Content-Type: text/plain; charset=us-ascii

On Fri, 28 Jun 1996 10:36:57 +0700, you said:
>         Crackers do not use old-well-known techiniques. They are constantly
> devising new methods, and you can't know in advance what these will be,
> hence you can't easily discard any information in advance either.

Actually, they *do* use old-well-known techniques.  I'm willing to bet
a large pizza with everything on it that most sucessful attacks are
based on crack, network sniffers, and old well-known security holes
like sendmail exploits.  Remember that the number of truly innovative
crackers is very limited - 99% of them are lame adolescent-minded
wannabe's that just have toolkits of scripts and things to try....

We had a hacker break in to an SGI system here a few weeks ago.  How
did he get in?  Well, the 'lp' userid didnt have a password, and then
there was a known exposure mentioned in a CERT advisory.. Instant
root.

We had somebody break into an AIX machine recently.  How did he get
in?  Well, there was this little unpatched bug with rlogin -froot
mentioned in a CERT advisory...

Now yes.. if you've closed all the usual holes and fixed all the stuff
mentioned in CERT advisories, they'll have to get *clever* to get
in. But most crackers will just give up and go look for an easier
target....

--
                                Valdis Kletnieks
                                Computer Systems Engineer
                                Virginia Tech



--===_-1_Fri_Jun_28_13:53:53_EDT_1996
Content-Type: application/pgp-signature

-----BEGIN PGP MESSAGE-----
Version: 2.6.1

iQCVAwUBMdQcMNQBOOoptg9JAQErtQQAreV2p5Fq3rEsQsJBX45M04jgK79kZiNG
lg3yEl4aRmK2FKgdfu6OWIajZM7OVHvMbPih/BPXzG9xVX7Qyo0REjk6h9+Riq9Q
vImjom03yXzTT1xo1a/24VQU+5fcHKLTlf1W/vYjXs9Lb2MdWt8im/j5MhBW1uOS
hOa4Hcvdzak=
=/OrS
-----END PGP MESSAGE-----

--===_-1_Fri_Jun_28_13:53:53_EDT_1996--