Dailydave mailing list archives
Re: Advisory Day!
From: "arlen" <arlen () hushmail com>
Date: Thu, 4 Mar 2004 02:29:41 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Philosophical question: suppose a box ships with no shell access by default, but with a linux kernel and a shell installed, and with a mechanism available to get to the shell. Are local shell-based exploits then a realistic attack path?
A vendor came into demo their shiny new mail filtering appliance the other day. Before walking us through the web GUI, they demonstrated how to upgrade the software - during boot, it can be told to go look for a new OS image on a specific IP, which it pulls down and installs. I asked the S.E. about shells - does it have one? Is there any way of getting a full interactive shell on this thing? (We already knew their 'specially hardened, unhackable' [sic] OS was based on FreeBSD from watching the boot messages.) "No, there's no way. Although, to be honest, we do have a special sekrit backdoor that gives a root shell, but only we know about it so there's no _way_ you could get into it. It's only accessible from one IP address in Canada." Riiiiighhhht... There seems to be a trend for appliance startups taking bog standard Linux or BSD code, slapping it onto a 1U Intel box, painting it a funny colour and selling it for $20K or more. Of course most go bust or are absorbed by competitors - eg. Neoteris getting swallowed by Netscreen who are then in turn assimilated by Juniper. (The mail filter box wasn't made by any of these, I hasten to add.) Who knows how many forgotten backdoors will still be lurking in whatever code / products survive in five years' time? BTW - Tiago - most interesting anecdote, did you write an advisory, or let the vendor know? Apart from anything else if they're distributing Linux or GNU code without a license Something Should Be Done ;) - -r_len -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.3 wkYEARECAAYFAkBHBUcACgkQtd50JL6MBE+AwACcDLC7iz+p0DxjE+7X6Wl4N6qhWBwA nRuOfzyUQbBvb9tMSgdxNzIsCpRF =I6/n -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messenger&l=434 Promote security and make money with the Hushmail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Advisory Day! Dave Aitel (Mar 03)
- Re: Advisory Day! Rodney Thayer (Mar 03)
- Re: Advisory Day! Tiago Assumpção (Mar 04)
- Re: Advisory Day! Rodney Thayer (Mar 04)
- Re: Advisory Day! Tiago Assumpção (Mar 04)
- <Possible follow-ups>
- Re: Advisory Day! arlen (Mar 04)
- Re: Advisory Day! Rodney Thayer (Mar 04)
- Re: Advisory Day! Nahual (Mar 04)
- Re: Advisory Day! david maynor (Mar 04)
- Dave Barry on computer security Tri Huynh (Mar 06)
- Re: Advisory Day! Rodney Thayer (Mar 03)