Re: [expert] Linux worm...?
Marc, what you desire and suggest corresponds exactly with the mindset of those powerful entities who want to establish ubiquitous e-commerce on *our* internet: they want to own and control the internet. They represent *big* money and influence *big* government. The collection of "evil" Bologna! Dave, this is akin to saying that Stallman is a sinister entrepeneur, trying to control software distribution with his GPL. There's a wide gap between controlling the internet and expressing frustration over virus distributors. crackers, script kiddies, and spammers is *nothing* compared to the entities that are lobying to rule *our* internet. As you said, there is no relationship between the two. So why are you equating Mark's comments with an e-commerce takeover of the Internet. For that matter, how can you view e-commerce on the Internet to be a problem when the very operating system you use is so dependent upon the Internet for its e-commerce? Maybe a switch to decaf could straighten this out in your mind (grin). There are problems on the Internet. One of them is crackers using other people as targets of their gaming activity. It did my heart good to see the kid that shut down a bunch of major sites with his demand for service antics plead guilty to the 55counts against him. I agree with the other post that suggested that spending time on our own security is important but just as I put my money in the bank, I require that there be laws against people blowing up banks and walking away with the money. Mark has expressed a desire for no more...no less. Cheers --- Larry
(offtopic alert! offtopic alert!) crackers etc (was [expert] Linux worm...?)
b5dave [EMAIL PROTECTED] wrote: Yes, I know this list isn't the forum within which to debate this issue, but there is a great danger in our midst, and I promise to be terse. Well, sure, but its fun ;-) ... such systems and controls. And if this Armageddon comes to be, I'll be pointing the finger at the multitude of Linux distros that even allowed insecure setups, and at the moment, that's just about all Linux distros. And don't forget the IT folks who don't see a problem with security. I don't have the url right now, as my link home just died (bad sector on the hard drive of my firewall - locks up the machine - and I was doing a full backup - which looks at all data, of course. Oh, well, at least I'll be able to find out what file has the problem!), but there was a URL for an article mailed to me that talks about how the IT heads don't think there is any problem with security on the net! Before flaming me or them, let me get my firewall back up and I'll post the url to the article Monday... (Assuming I remember!) rc Rusty Carruth Email: [EMAIL PROTECTED] or [EMAIL PROTECTED] Voice: (480) 345-3621 SnailMail: Schlumberger ATE FAX: (480) 345-8793 7855 S. River Parkway, Suite 116 Ham: N7IKQ @ 146.82+,pl 162.2 Tempe, AZ 85284-1825 ICBM: 33 20' 44"N 111 53' 47"W
[expert] Linux worm...?
Has anyone heard about the latest exploit by script kiddies and what they're doing to RedHat machines? I was wondering if Mandrake 7.2 machines are vulnerable in the same way. -- Mark "If you don't share your concepts and ideals, they end up being worthless," "Sharing is what makes them powerful." Linus Torvalds
Re: [expert] Linux worm...?
Since Mandrake is Redhat based, I would assume that we ARE vulnerable to the same attack, until and unless Mandrake publicly says otherwise. Hopefully Mandrake will announce something, one way or the other, soon. Dave At 10:43 AM 01/18/2001 -0500, you wrote: Has anyone heard about the latest exploit by script kiddies and what they're doing to RedHat machines? I was wondering if Mandrake 7.2 machines are vulnerable in the same way. -- Mark "If you don't share your concepts and ideals, they end up being worthless," "Sharing is what makes them powerful." Linus Torvalds Dave Sherman SoftServ Business Systems, Inc. "Quid quid latine dictum sit, altum viditur."
RE: [expert] Linux worm...?
I don't think so by the wu-ftp versioning. the vuln was in 2.6.0 and earlier. mdk7.2 comes with 2.6.1-7. Derek Stark IT / Linux Admin eSupportNow xt 8952 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Mark Weaver Sent: Thursday, January 18, 2001 10:44 AM To: [EMAIL PROTECTED] Subject: [expert] Linux worm...? Has anyone heard about the latest exploit by script kiddies and what they're doing to RedHat machines? I was wondering if Mandrake 7.2 machines are vulnerable in the same way. -- Mark "If you don't share your concepts and ideals, they end up being worthless," "Sharing is what makes them powerful." Linus Torvalds
RE: [expert] Linux worm...?
I should have added that I'm not sure about the rpc vulnerability that came with. Derek Stark IT / Linux Admin eSupportNow xt 8952 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Mark Weaver Sent: Thursday, January 18, 2001 10:44 AM To: [EMAIL PROTECTED] Subject: [expert] Linux worm...? Has anyone heard about the latest exploit by script kiddies and what they're doing to RedHat machines? I was wondering if Mandrake 7.2 machines are vulnerable in the same way. -- Mark "If you don't share your concepts and ideals, they end up being worthless," "Sharing is what makes them powerful." Linus Torvalds
RE: [expert] Linux worm...?
Its amazing what turns up when you read the Mandrake SECURITY UPDATES page. 7.2 is safe from the worm, but 7.1 is vulerable. 7.1 and earlier need to stop by http://www.linux-mandrake.com/en/security/ and fix thier crap. Derek Stark IT / Linux Admin eSupportNow xt 8952 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Dave Sherman Sent: Thursday, January 18, 2001 12:59 PM To: [EMAIL PROTECTED] Subject: Re: [expert] Linux worm...? Since Mandrake is Redhat based, I would assume that we ARE vulnerable to the same attack, until and unless Mandrake publicly says otherwise. Hopefully Mandrake will announce something, one way or the other, soon. Dave At 10:43 AM 01/18/2001 -0500, you wrote: Has anyone heard about the latest exploit by script kiddies and what they're doing to RedHat machines? I was wondering if Mandrake 7.2 machines are vulnerable in the same way. -- Mark "If you don't share your concepts and ideals, they end up being worthless," "Sharing is what makes them powerful." Linus Torvalds Dave Sherman SoftServ Business Systems, Inc. "Quid quid latine dictum sit, altum viditur."
RE: [expert] Linux worm...?
that's good to know. I too hope that Mandrake has something to say about this. -- Mark "If you don't share your concepts and ideals, they end up being worthless," "Sharing is what makes them powerful." Linus Torvalds On Thu, 18 Jan 2001, D. Stark - eSN wrote: I don't think so by the wu-ftp versioning. the vuln was in 2.6.0 and earlier. mdk7.2 comes with 2.6.1-7. Derek Stark IT / Linux Admin eSupportNow xt 8952 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Mark Weaver Sent: Thursday, January 18, 2001 10:44 AM To: [EMAIL PROTECTED] Subject: [expert] Linux worm...? Has anyone heard about the latest exploit by script kiddies and what they're doing to RedHat machines? I was wondering if Mandrake 7.2 machines are vulnerable in the same way. -- Mark "If you don't share your concepts and ideals, they end up being worthless," "Sharing is what makes them powerful." Linus Torvalds
Re: [expert] Linux worm...?
On Thu Jan 18, 2001 at 10:43:32AM -0500, Mark Weaver wrote: Has anyone heard about the latest exploit by script kiddies and what they're doing to RedHat machines? I was wondering if Mandrake 7.2 machines are vulnerable in the same way. Only if you haven't been updating your system with the security updates supplied. Both of the vulnerabilities this worm takes advantage of were fixed last year. For more information, view: http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-021.php3 http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-014.php3 Both vulnerabilities were fixed last year. FYI, they were fixed by RedHat at the same time, so the servers that were all hit with it *could* have prevented it by being timely in their updates (and by timely I mean they could have updated their system four months after the fix was issued and still been protected!) -- [EMAIL PROTECTED], OpenPGP key available on www.keyserver.net 1024D/FE6F2AFD 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD - Danen Consulting Serviceswww.danen.net, www.freezer-burn.org - MandrakeSoft, Inc. Security www.linux-mandrake.com Current Linux uptime: 1 day 18 hours 13 minutes.
Re: [expert] Linux worm...?
On Fri, 19 Jan 2001 03:23, you wrote: that's good to know. I too hope that Mandrake has something to say about this. Theres a fairly good analysis of the worm at http://members.home.net/dtmartin24/ramen_worm.txt Note a few key points. -It's targeted for RH 6.2 and 7.0 -It's using exploits that were several months old -The involved applications have all had security updates when the race conditions were revealed by both RH and MDK -It's a fairly obvious rootkit (/usr/src/.poop) - It actually closes the hole it came in on!!! As ever...do your security updates and keep smiling Andrew
RE: [expert] Linux worm...?
This poses a question that I have about mandrake: do they continue to issue security fixes after a new version is released? ie: how long do they continue do do updates? Derek Stark IT / Linux Admin eSupportNow xt 8952 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Vincent Danen Sent: Thursday, January 18, 2001 11:59 AM To: [EMAIL PROTECTED] Subject: Re: [expert] Linux worm...? On Thu Jan 18, 2001 at 09:59:15AM -0800, Dave Sherman wrote: Since Mandrake is Redhat based, I would assume that we ARE vulnerable to the same attack, until and unless Mandrake publicly says otherwise. Hopefully Mandrake will announce something, one way or the other, soon. Not true. While I haven't seen the worm itself to know for certain one way or the other, I've been told it specifically targets RH 6.2 and 7.0 machines. This would leave other distributions alone. *However*, since I wouldn't ask anyone to rely on that and/or use it as an excuse, the simple response (for any distribution) is simple: 1) Subscribe to vendor security mailing lists. Announcement lists of a security nature are generally small bandwidth with infrequent posts. 2) Update update update!!! If an update is released, it's for *your* health, not ours. We don't do this kind of work for fun (I know I'd rather spend my time doing other things than back-porting fixes to 6.0!). There is a reason why security updates are released. In other words, all versions of Linux-Mandrake 6.0 to present *with appropriate security updates applied* are not vulnerable. I posted previously the relevant web pages that indicate the vulnerabilities this worm takes advantage of have been fixed last year. -- [EMAIL PROTECTED], OpenPGP key available on www.keyserver.net 1024D/FE6F2AFD 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD - Danen Consulting Serviceswww.danen.net, www.freezer-burn.org - MandrakeSoft, Inc. Security www.linux-mandrake.com Current Linux uptime: 1 day 18 hours 15 minutes.
Re: [expert] Linux worm...?
We are still releasing security fixes back to version 6.x, I think though Vincent can give a more direct answer. -Chris On Thursday 18 January 2001 12:31, D. Stark - eSN wrote: This poses a question that I have about mandrake: do they continue to issue security fixes after a new version is released? ie: how long do they continue do do updates? Derek Stark IT / Linux Admin eSupportNow xt 8952 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Vincent Danen Sent: Thursday, January 18, 2001 11:59 AM To: [EMAIL PROTECTED] Subject: Re: [expert] Linux worm...? On Thu Jan 18, 2001 at 09:59:15AM -0800, Dave Sherman wrote: Since Mandrake is Redhat based, I would assume that we ARE vulnerable to the same attack, until and unless Mandrake publicly says otherwise. Hopefully Mandrake will announce something, one way or the other, soon. Not true. While I haven't seen the worm itself to know for certain one way or the other, I've been told it specifically targets RH 6.2 and 7.0 machines. This would leave other distributions alone. *However*, since I wouldn't ask anyone to rely on that and/or use it as an excuse, the simple response (for any distribution) is simple: 1) Subscribe to vendor security mailing lists. Announcement lists of a security nature are generally small bandwidth with infrequent posts. 2) Update update update!!! If an update is released, it's for *your* health, not ours. We don't do this kind of work for fun (I know I'd rather spend my time doing other things than back-porting fixes to 6.0!). There is a reason why security updates are released. In other words, all versions of Linux-Mandrake 6.0 to present *with appropriate security updates applied* are not vulnerable. I posted previously the relevant web pages that indicate the vulnerabilities this worm takes advantage of have been fixed last year. -- [EMAIL PROTECTED], OpenPGP key available on www.keyserver.net 1024D/FE6F2AFD 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD - Danen Consulting Serviceswww.danen.net, www.freezer-burn.org - MandrakeSoft, Inc. Security www.linux-mandrake.com Current Linux uptime: 1 day 18 hours 15 minutes.
RE: [expert] Linux worm...?
I have an idea. Why don't we just catch these friggin virus writers, ship them off to a tropicl atol, and test one the new atomic bombs that one of the third world countries is developing. Seriously though...it's about darn time that something SERIOUS be done about and WITH these people that are a great big pain in the arse to the rest of the world that HAVE a real life and a descent direction for that life. -- Mark "If you don't share your concepts and ideals, they end up being worthless," "Sharing is what makes them powerful." Linus Torvalds On Thu, 18 Jan 2001, D. Stark - eSN wrote: Its amazing what turns up when you read the Mandrake SECURITY UPDATES page. 7.2 is safe from the worm, but 7.1 is vulerable. 7.1 and earlier need to stop by http://www.linux-mandrake.com/en/security/ and fix thier crap. Derek Stark IT / Linux Admin eSupportNow xt 8952 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Dave Sherman Sent: Thursday, January 18, 2001 12:59 PM To: [EMAIL PROTECTED] Subject: Re: [expert] Linux worm...? Since Mandrake is Redhat based, I would assume that we ARE vulnerable to the same attack, until and unless Mandrake publicly says otherwise. Hopefully Mandrake will announce something, one way or the other, soon. Dave At 10:43 AM 01/18/2001 -0500, you wrote: Has anyone heard about the latest exploit by script kiddies and what they're doing to RedHat machines? I was wondering if Mandrake 7.2 machines are vulnerable in the same way. -- Mark "If you don't share your concepts and ideals, they end up being worthless," "Sharing is what makes them powerful." Linus Torvalds Dave Sherman SoftServ Business Systems, Inc. "Quid quid latine dictum sit, altum viditur."
Re: [expert] Linux worm...?
I agree with you wholeheartedly. I run drakupdate every Monday religiously, although I don't subscribe to the security list for Mandrake. But I think I will now. Dave On Thursday 18 January 2001 10:59, you wrote: On Thu Jan 18, 2001 at 09:59:15AM -0800, Dave Sherman wrote: Since Mandrake is Redhat based, I would assume that we ARE vulnerable to the same attack, until and unless Mandrake publicly says otherwise. Hopefully Mandrake will announce something, one way or the other, soon. Not true. While I haven't seen the worm itself to know for certain one way or the other, I've been told it specifically targets RH 6.2 and 7.0 machines. This would leave other distributions alone. *However*, since I wouldn't ask anyone to rely on that and/or use it as an excuse, the simple response (for any distribution) is simple: 1) Subscribe to vendor security mailing lists. Announcement lists of a security nature are generally small bandwidth with infrequent posts. 2) Update update update!!! If an update is released, it's for *your* health, not ours. We don't do this kind of work for fun (I know I'd rather spend my time doing other things than back-porting fixes to 6.0!). There is a reason why security updates are released. In other words, all versions of Linux-Mandrake 6.0 to present *with appropriate security updates applied* are not vulnerable. I posted previously the relevant web pages that indicate the vulnerabilities this worm takes advantage of have been fixed last year. -- Quid quid latine dictum sit, altum viditur.
Re: [expert] Linux worm...?
I have an idea. Why don't we just catch these friggin virus writers, ship them off to a tropicl atol, and test one the new atomic bombs that one of the third world countries is developing. Well, in the US we don't do that because of something call "Due Process of law" and presumption of innocence. I'm not saying your idea is "bad," it's just that the system which produces these deviants is also the system which porduces much of the inovation. Mostly they're just misguided, pretty bright guys who feel underappreciated. I think the better response, for most of them anyway, is to attract them to do improvements rather than trying to punish them. Still, I don't deny that there are probably a few bastards who only want to wreck thing. These few you can take to the atoll.
Re: [expert] Linux worm...?
On Thu Jan 18, 2001 at 06:37:54PM -0500, Mark Weaver wrote: I did subscribe to the Mandrake security announcement list, but I never get anything from it. Whats up with that? It was broken. Two announcements were released today for glibc and php, both of which I know for fact made it through the list. -- [EMAIL PROTECTED], OpenPGP key available on www.keyserver.net 1024D/FE6F2AFD 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD - Danen Consulting Serviceswww.danen.net, www.freezer-burn.org - MandrakeSoft, Inc. Security www.linux-mandrake.com Current Linux uptime: 2 days 3 hours 23 minutes.
RE: [expert] Linux worm...?
--On Thursday, January 18, 2001 6:28 PM -0500 Mark Weaver [EMAIL PROTECTED] wrote: I have an idea. Why don't we just catch these friggin virus writers, ship them off to a tropicl atol, and test one the new atomic bombs that one of the third world countries is developing. Seriously though...it's about darn time that something SERIOUS be done about and WITH these people that are a great big pain in the arse to the rest of the world that HAVE a real life and a descent direction for that life. A - For those of us born and raised in first world countries we forget that the world is mostly a wild place. The net is mostly a wild place. B - Go ahead. Do that. First, you won't be able to catch most of them. Secondly, you will sacrifice all of _your_ privacy in order to catch any significant percent of them. Each additional percent caught will cost more then the previous. C - Until it costs more to commit one of these crimes than the benefit extracted (money, enjoyment, fame, etc.) people will do it. Right now it's simply too easy. Do you keep your money in a shed and kill everyone that attempts to steal it? No, you keep it in a bank or something more secure (like the stock market? ;-) Until people watch their data like they watch their money this is going to happen all the time. D - It may be fun to talk about atols but securing your box is a better way to spend your time. Cheers, Scott Patten
Re: [expert] Linux worm...?
On Thursday 18 January 2001 10:31, you wrote: This poses a question that I have about mandrake: do they continue to issue security fixes after a new version is released? ie: how long do they continue do do updates? Derek Stark IT / Linux Admin eSupportNow xt 8952 I think I read this in the newbie list and Christopher Molnar said that they are still writing security updates for LM 6.x. -- John W
Re: [expert] Linux worm...?
I did subscribe to the Mandrake security announcement list, but I never get anything from it. Whats up with that? -- Mark "If you don't share your concepts and ideals, they end up being worthless," "Sharing is what makes them powerful." Linus Torvalds On Thu, 18 Jan 2001, Vincent Danen wrote: On Thu Jan 18, 2001 at 09:59:15AM -0800, Dave Sherman wrote: Since Mandrake is Redhat based, I would assume that we ARE vulnerable to the same attack, until and unless Mandrake publicly says otherwise. Hopefully Mandrake will announce something, one way or the other, soon. Not true. While I haven't seen the worm itself to know for certain one way or the other, I've been told it specifically targets RH 6.2 and 7.0 machines. This would leave other distributions alone. *However*, since I wouldn't ask anyone to rely on that and/or use it as an excuse, the simple response (for any distribution) is simple: 1) Subscribe to vendor security mailing lists. Announcement lists of a security nature are generally small bandwidth with infrequent posts. 2) Update update update!!! If an update is released, it's for *your* health, not ours. We don't do this kind of work for fun (I know I'd rather spend my time doing other things than back-porting fixes to 6.0!). There is a reason why security updates are released. In other words, all versions of Linux-Mandrake 6.0 to present *with appropriate security updates applied* are not vulnerable. I posted previously the relevant web pages that indicate the vulnerabilities this worm takes advantage of have been fixed last year.
RE: [expert] Linux worm...?
Yes, I know this list isn't the forum within which to debate this issue, but there is a great danger in our midst, and I promise to be terse. Marc, what you desire and suggest corresponds exactly with the mindset of those powerful entities who want to establish ubiquitous e-commerce on *our* internet: they want to own and control the internet. They represent *big* money and influence *big* government. The collection of "evil" crackers, script kiddies, and spammers is *nothing* compared to the entities that are lobying to rule *our* internet. Those large commercial entities will invoke the "evil" of the crackers and spammers for their purposes only, and you can bet that their proclamations will be cleverly veiled in rhetoric about "maintaining the purity of the Internet". I think we should focus on security. Internet-wide systems and controls designed to hinder crackers are just what big business wants. I think we will be seriousy fucked if big business manages to implement such systems and controls. And if this Armageddon comes to be, I'll be pointing the finger at the multitude of Linux distros that even allowed insecure setups, and at the moment, that's just about all Linux distros. b5dave On 18-Jan-2001 Mark Weaver wrote [snip] Seriously though...it's about darn time that something SERIOUS be done about and WITH these people that are a great big pain in the arse to the rest of the world that HAVE a real life and a descent direction for that life. [snip]
Re: [expert] Linux worm...?
The list went down, although there seem to be conflicting reports just as to when (see the thread "Security Lists"). I received the "slocate" advisory on Dec 18, and then nothing untill today (the glibc advisory). Yet there were very many Mandrake advisories during that period that I would see posted on linuxtoday. Vincent seems to have fixed the problem (god bless him). Personally, I suspect their list software, "sympa", sucks rocks. There are newbies out there administering fairly high volume lists without a hitch, yet I'm sure our gracious Mandrake friends have a far higher level of expertise. All the Mandrake lists seem buggy as hell; there are often long delays is posts being listed (up to 1+ days), so you'll find a buch of people responding to some post, and we end up with a cascade of redundant answers. I've had at least three posts that just fell through some crack. It's got to be the sympa software. I did subscribe to the Mandrake security announcement list, but I never get anything from it. Whats up with that?
