> > I agree. But I saw, how hackers intruded into XXX agency (USA's, I mean)
6
> > years ago. Cisco sources never was a great secret
>
> Then you shouldn't be talking about it.
I mean - such things was common even 6 years ago. There was (always) some
level of rooted servers, some level of teen
On Thu, 12 May 2005 01:30:36 PDT, Alexei Roudnev said:
> It is mostly fantasy. DNS security is much much more important and much more
> real issue, vs this fictions.
Very true, but
Sites that have their routers tied down right tend to get the DNS right too,
and sites that are lax with the ro
Alexei Roudnev wrote:
>>>*Your* boxes may be hardened beyond all belief and plausibility, but
>
> you're
>
>>>*STILL* screwed if some teenaged kid on another continent has more
>
> effective
>
>>>control of the router at the other end of your OC-48 than the NOC monkey
>
> you
>
>>>call when
> I agree. But I saw, how hackers intruded into XXX agency (USA's, I mean) 6
> years ago. Cisco sources never was a great secret
Then you shouldn't be talking about it.
> (a lot of people saw them; they are almost useless without Cisco's
> infrastructure; they are interesting for competitors
>
> > *Your* boxes may be hardened beyond all belief and plausibility, but
you're
> > *STILL* screwed if some teenaged kid on another continent has more
effective
> > control of the router at the other end of your OC-48 than the NOC monkey
you
> > call when things get wonky
It is mostly fantasy.
> Alexei Roudnev wrote:
> > O, my god. Primitive hack, primitive ssh exploit I watched it all 6
> > years ago, bnothing changed since this.
> >
> > It is _minor_ incident, in reality.
>
> Primitive I can understand, but _minor_?
>
> First, I don't really see why an attack should be estimated b
On Wed, 11 May 2005 16:59:56 +0400, Gadi Evron said:
> Well, I suppose it's not really a great idea to wait until things get
> wonky to establish good and operational relations with your uplink.
Fortunately for me, we've got such good operational relations with our
primary uplink that I don't eve
[EMAIL PROTECTED] wrote:
[snip]
Hi Vladis!
> Actually, it *is* relevant for the "rest of us".
>
> Given the number of boxen that got whacked, and the number of sites involved,
> "the defender" *is* "the rest of us", and "we as an industry" obviously need
> to get our collective act in gear. R
On Wed, 11 May 2005 13:44:22 +0300, Gadi Evron said:
> First, I don't really see why an attack should be estimated by the tool
> used. If a 10 years old exploit would work, why should an attacker look
> for and use a 0day? It's silly allocation of resources.
>
> Burrowing from that, if the atta
Alexei Roudnev wrote:
O, my god. Primitive hack, primitive ssh exploit I watched it all 6
years ago, bnothing changed since this.
It is _minor_ incident, in reality.
Primitive I can understand, but _minor_?
First, I don't really see why an attack should be estimated by the tool
used. If a 10 y
Internet attack called broad and long lasting
>
>
> Internet Attack Called Broad and Long Lasting by Investigators
> By JOHN MARKOFF and LOWELL BERGMAN
>
> Published: May 10, 2005
>
> SAN FRANCISCO, May 9 - The incident seemed alarming enough: a breach of a
> Cisco
On Tue, 2005-05-10 at 10:24 -1000, Scott Weeks wrote:
> Don't give folks that have access to machines that hold sensitive
> info the ability to download software unless you know they're savvy
> enough to do so safely.
I don't see that as root of the problem.
To me the real problem is in the
: Eventhough this article wasn't specifically regarding network operations, it
: does come down to the most fundamental of network operating practices.
: Create policies and the procedures that enable those policies. Then enforce
: them VERY strictly.
: Folks that handle sensitive info (proprie
es trying to keep things right!
Scott
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Scott Weeks
Sent: Tuesday, May 10, 2005 2:16 AM
To: [EMAIL PROTECTED]
Subject: Re: Internet Attack Called Broad and Long Lasting by Investigators
Eventhough th
NYT:
The crucial element in the password thefts that provided access
at Cisco and elsewhere was the intruder's use of a corrupted
version of a standard software program, SSH. The program is
used in many computer research centers for a variety of tasks,
ranging from administration of rem
This part:
"The crucial element in the password thefts that provided access
at Cisco and elsewhere was the intruder's use of a corrupted
version of a standard software program, SSH. The program is used
in many computer research centers for a variety of tasks,
ranging from
Eventhough this article wasn't specifically regarding network operations,
it does come down to the most fundamental of network operating practices.
Create policies and the procedures that enable those policies. Then
enforce them VERY strictly.
The crucial element in the password thefts that
SAN FRANCISCO, May 9 - The incident seemed alarming enough: a breach
of a Cisco Systems network in which an intruder seized programming
instructions for many of the computers that control the flow of
the Internet.
Now federal officials and computer security investigators have
acknowledged that th
Internet Attack Called Broad and Long Lasting by Investigators
By JOHN MARKOFF and LOWELL BERGMAN
Published: May 10, 2005
SAN FRANCISCO, May 9 - The incident seemed alarming enough: a breach of a
Cisco Systems network in which an intruder seized programming instructions
for many of the
19 matches
Mail list logo