[EMAIL PROTECTED] wrote: > On Mon, 29 Sep 2008 21:44:22 BST, Kyrian said: > > >>> A message left by him on a system: >>> >>> >> Changing the /etc/motd file or equivalent is hardly costly, and hardly >> massive damage, no? Hypothetically speaking, if I wanted to do as little >> damage as possible and make someone get the message I'd been in there, >> that's probably what I'd do. >> > > Look at it from the other end. You logon one day, and find that person or > persons unknown have screwed with your /etc/motd file. > You are quite right, of course. In that particular instance I wasn't seeking to make a technical argument per se, I was more focused on any plausible intent, as that seems to be central to at least some people's arguments.
I apologise if that threw anyone with the context switching. This one's nearly back on topic to tech/security... Personally on a server that I knew was meant to be secure, and had made an effort to secure for the long term , I would make sure that there were two separate checksum databases for every binary file on the system, and hence be able to verify anything "important" had not been tampered with, without having to rely on file timestamps, which I (like most on this list) know can be unreliable after a compromise. I've not to date seen any server maliciously attacked where the binaries or files and processes involved were not either 'important' or 'obvious'. Perhaps I have not run into a high enough calibre of hacker? (NOT an invitation ;-). However. back to the point... One would have assumed that the US military would have taken explicit steps to secure their systems by default, perhaps until this very email thread??? The implications of them not even making such an effort are ludicrous on so very many levels. K. -- Kev Green, aka Kyrian. E: kyrian@ore.org WWW: http://kyrian.ore.org/ Linux/Security Contractor/LAMP Coder/ISP, via http://www.orenet.co.uk/ DJ via http://www.hellnoise.co.uk/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/