Attackers infiltrating supercomputer networks

TalkBack 34 of 54:: Next »; « Previous

Thread View
Flat View

Since when was password guessing a OS flaw?: Concerning
http://securecomputing.stanford.edu/alerts/multiple-unix-6apr2004.html

To gain remote access to the systems, the intruder just sniffed network packets and used bruteforce dictionary based password guessing techniques. Neither methord exploits a flaw in the operating system.

To gain root privilege level access, the intruder used vulnerabilities in the kernel. Both vulnerabilities have been fixed, and distributions have released updated kernel packages months before the intrusion. Microsoft itself has stated, it's the responsibility of customer to insure that security updates have been installed.

Having said that, the Linux community have developed solutions which can greatly mitigate the risk of similar vulnerabilities being exploited. Developed by the NSA, SELinux provides mandatory access control,
http://www.crypt.gen.nz/selinux/links.html
which can be deployed to further lock down and secure public exposed servers.; Posted by: David Mohring Posted on: 04/13/04 You are currently: a Guest | Members login | Terms of Use

Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

This is not good... Da-Man | 04/13/04

Here Here!! Mack DaNife | 04/14/04

Spot on post! No_Ax_to_Grind | 04/14/04

Nah, public hangings would be tbetter voska | 04/14/04

Naw, too fast and has no lasting effect. No_Ax_to_Grind | 04/14/04

Shame on the admins! MkIIISupra | 04/13/04

Correct you are... LinuxHippie | 04/13/04

Linux Patching??? Da-Man | 04/13/04

no money is correct nucrash | 04/13/04

Freeware... Da-Man | 04/13/04

Choose your tool for update management... David Mohring | 04/13/04

Also... doe_z | 04/14/04

RedHat Linux 7.1, now thats ancient history Da-Man | 04/14/04

Not Necessarily Mack DaNife | 04/14/04

Linux (and most unix based systems) come with a version control system B.O.F.H. | 04/14/04

Even simpler... Fred Fredrickson | 04/13/04

Bad Passwords Mark Gist | 04/14/04

Not really, simple training and common sense... MkIIISupra | 04/14/04

Completely Unrealistic nikoli | 04/14/04

Your right so read my reply to MkIIISupra | 04/14/04

ROFLMAO Loverock Davidson | 04/13/04

Did you, er... can you read? MkIIISupra | 04/13/04

Section 5.8 of MS Shill book.. Xunil_Sierutuf | 04/14/04

You responded?!? Martin Marvinski | 04/14/04

Linux is not very secure Enterprise Analyst | 04/13/04

IT_Christian aka Southern Pride! MkIIISupra | 04/13/04

No kidding! Martin Marvinski | 04/14/04

Ignorance Exposed... boomslang_z | 04/14/04

Local Access buddy voska | 04/14/04

Even better... Martin Marvinski | 04/14/04

Meanwhile... Mark Gist | 04/14/04

Sounds like an "inside job" wackoae | 04/13/04

Someone on the internal network, yes. Zogg | 04/14/04

Since when was password guessing a OS flaw? David Mohring | 04/13/04

Whatever... Da-Man | 04/14/04

re: whatever Iain_Peters | 04/14/04

Not Just A Password Issue nikoli | 04/14/04

Only some machines were "easy meat"... Zogg | 04/14/04

Every one? Martin Marvinski | 04/14/04

not the only method PA-ITGuy | 04/14/04

Your own quote says "presumably by..." Zogg | 04/14/04

re: not the only method cbradshaw@... | 04/14/04

Windows and Linux MUST keep up with Patches! cancelled@... | 04/13/04

Perhaps that which makes OSS more secure also backfires oldskool | 04/13/04

Give an instance of that comprimise cancelled@... | 04/14/04

But did it slow down and spread to whole Internet? Xunil_Sierutuf | 04/14/04

there is a difference prong@... | 04/14/04

The system WAS compromised, PERIOD... Da-Man | 04/14/04

And we're still waiting for the analysis that will tell us "How?". Zogg | 04/14/04

3/10 Martin Marvinski | 04/14/04

The parrallels are striking! ShadeTree | 04/14/04

FINALLY!! Eggs Ackley_z | 04/14/04

It's all 'gotcha' and 'how cares' until FilledOut | 04/14/04

Reality vs. Sensetionality michael-t | 04/14/04

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Five Steps to Determine When to Virtualize YourServers VMware Server virtualization isn't just for big companies. Entry-level ... Download Now
Three Steps You Need to Know to Stop Data Loss Varonis Sensitive data exposed to misuse or loss... it is the stuff of nightmares ... Download Now
Evaluating Price/Performance of VMware ESX Server on Dell PowerEdge Servers Dell This paper examines the price/performance advantage that enterprises can ... Download Now

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

SmartPlanet

Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
More from IBM
How to Drive Better Business Outcomes with Exceptional Web Experiences Download the eBook
Driving Business Agility through SOA Connectivity & Integration Read the White Paper from IBM
Linking Decisions and Information for Organizational Performance Read the Tom Davenport study

Read the original story

Attackers infiltrating supercomputer networks

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

SmartPlanet

Blogs

Product Reviews

Videos

White Papers and Webcasts

Downloads

More

ZDNet News & Blogs

Product Reviews

Product Blogs

White Papers & Webcasts

Downloads