Cracked
Scott James Remnant
scott at canonical.com
Mon Oct 18 08:38:09 UTC 2004
On Mon, 2004-10-18 at 15:20 +0800, John wrote:
> One can mount partitions etc with various security-enhancing options
> such as ro,nodev,noexec etc. To do so requires more than the
> Ubuntu-standard one filesystem.
>
Easy for any vaguely competent cracker to remove; most rootkits I've
seen do a "mount -o rw,exec,remount -a" before beginning.
> Omitting gcc and other program development tools from a server is
> sensible. Make is sensible (sendmail and ypserv use them), bug gcc, g++,
> -dev packages? I don't think so.
>
As you've already discovered, most crackers know how to use APT.
One of my boxes was once compromised through the samba daemon, the most
amusing thing was the cracked "helpfully" upgraded after afterwards for
me.
> One of the other possible countermeasures is to detect dictionary
> attacks and stop them cold.
>
Another is not to use passwords crackable by dictionary attacks.
Personally I make up little phrases or rhymes, and play them out on the
keyboard. Punctuation is great for this: "&" for "and", "!" for "not",
etc.
Scott
--
Scott James Remnant
scott at canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20041018/c4f2eff4/attachment.sig>
More information about the ubuntu-users
mailing list