selling root accounts on IRC

[InfoSec News <isn () c4i org>]

Forwarded from: Russell Coker <russell () coker com au>

For some time I and several other people have been running SE Linux
play machines: http://www.coker.com.au/selinux/play.html

One purpose of such machines is to demonstrate the security of SE
Linux by giving root access to an SE Linux machine to the world.  
People can freely login at any time and try "rm -rf /" or other
commands and see that no damage is caused.  They can run "ps aux" and
notice that only their own processes (and those of other users in the
same context) can be seen.  Commands such as "reboot" don't do
anything exciting either.

Another purpose of such machines is to serve as a reference to how a
SE Linux machine can be run.  When a new user starts out with a
complex new security feature such as SE Linux it can be difficult for
them to work out how to get it going.  The play machines serve as
examples of how SE Linux works when correctly configured and seem to
be helpful when new users have problems getting it going.

One disturbing trend recently has been criminals selling "root access"
to the play machines for stolen credit card numbers, accounts on other
servers, or other things.  The people who are selling the accounts
surely know what the machines are about, but seem to sell the accounts
anyway.

People involved in running honeypot's might be interested in doing
something similar.  Run a machine, tell everyone "this is a honeypot
server, the root password is ..." and then wait for people to
illegally purchase access to it!

Russell Coker



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.