Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

samhain (System cracked, a story)



> Unfortunately, I think this statement is also patently false.  It
> would likely be more accurate to say something like, "A sophisticated
> cracker could probably write a program to make deinstallation of
> samhain trivial for the next batch of script kiddies; and the effort
> to cover one's tracks is worth it to anyone who really doesn't want to
> get caught."

I have to say that this is not necessarily true. It has been my experience
that the more popular/common the system, the more likely that an
exploit/hacker tool exists. Tripwire is a popular/common system, and
therefore more likely to generate an exploit/crack than samhain (which I
honestly hadn't heard of until yesterday, but plan on testing today). That
is not to say that an exploit won't be created, only that it is less likely.
I have worked with SGI Irix for a while and have discovered that exploits
for these systems are far fewer than for the Solaris systems that I work on
(what idiot would really want to attack an SGI anyway ;-). The same appears
to be true of OSX, which I have also begun to work on in recent months.
    I do subscribe to CERT and regularly watch for stuff that applies to me
(including my home Win2k box), regularly apply patches and maintain my
firewall(s), but understand that if and when I get hacked, it will probably
be for something stupid, so I maintain regular offline backups of my root
drive (tapes at work, CDs at home). Also, as of this week, I will have
SSHV2-only access to my primary machine at work (thanks, everyone). I've
been reasonably diligent over the years (about 20), and honestly have no
stories to tell. Granted, I haven't worked anywhere that is overly
attractive to that crowd either (JPL never called back :-).
Grant M.






BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org