__/ [ Robert Newson ] on Tuesday 11 July 2006 09:41 \__
> Roy Schestowitz wrote:
>
> ...
>>>>Maybe we can exchange that with Gary McKinnon. He is, after all, shipped
>>>>over to Washington to be poked at with a big stick. He's a scapegoat, of
>>>>course. They should all thank him for changing the wallpapers on these
>>>>defence/intelligence-oriented systems, pointing out that sysadmins should
>>>>get sacked for neglecting to change the default admin password. Another
>>>>media conspiracy and an attempt at public character assassination!
> ...
>>
>> To be fair, my memory tells me that the boxes were running *nix (Linux
>> likely), but the admin password was something that requires no cracking,
>> let alone much knowledge or patience. If the password is 'mandriva' or
>> 'password', can you blame a youngster for being slightly curious? And how
>> about a firewall to prevent access from 'outside the loop' (United
>> Kingdom)?
>
> A few years ago I heard about someone who *deliberately* chose easy to
> crack passwords[1] - if anything nasty happened it wasn't him, but someone
> who cracked his account...
>
> [1] Probably nothing more than urban myth[2]
> [2] What's a myth? A young lady with a lisp...
At the Computer Science Department over here, the admins occasionally run a
bot which tries to crack passwords of local users. The issue is that access
to just one account enables an intruder to take control over about 10
clusters with 100MBit connections on a thick backbone. This could become a
zombie hazard, which leads to suspension of access during some holidays.
Speaking of which, Windows loopholes are an easier target. Only yesterday
afternoon I bashed a person who posted a request for IP ranges for botnets.
He posted this request to the WordPress hackers mailing list.
Anyhow, hopping back on topic, the Department can confirm many hacking
attempts on the default SSH port. It's very persistent. More sadly, some
'efficient' users (not lazy; not stupid) choose passwords like 'manchester'
or 'good morning'. A dictionary can be run to hammer and break that in a
brute-force fashion. It's truly a ticking bomb. Some time ago, a (in)famous
awstats.pl vulnerability potentially had the system open for intrusion,
including users' account. Some idiot put awstats.pl in /tmp.
Best wishes,
Roy
--
Roy S. Schestowitz, Ph.D. Candidate (Medical Biophysics)
http://Schestowitz.com | SuSE Linux ¦ PGP-Key: 0x74572E8E
1:05pm up 74 days 18:08, 12 users, load average: 0.03, 0.20, 0.28
http://iuron.com - Open Source knowledge engine project
|
|