Linux servers hacked - who would have thought

R

Richard Urban

So much for Linux (Ubuntu) being bullet proof.

Ubuntu servers hijacked. Used to launch attack.

http://www.eweek.com/article2/0,1895,2171318,00.asp

People have been saying right along that ***ALL*** operating systems are
vulnerable!

--


Regards,

Richard Urban
Microsoft MVP Windows Shell/User
(For email, remove the obvious from my address)
 
C

Charlie Tame

Richard said:
So much for Linux (Ubuntu) being bullet proof.

Ubuntu servers hijacked. Used to launch attack.

http://www.eweek.com/article2/0,1895,2171318,00.asp

People have been saying right along that ***ALL*** operating systems are
vulnerable!
Click to expand...



If you thought otherwise then it only exposes a deplorable lack of
knowledge on your part.

The article seems to suggest that the machines in question were
extremely poorly maintained and running outdated versions of the OS.
 
D

DP

Oh. My. God.
That's it. I'm switching to a more secure operating system!
Does anyone know if Apple still makes Lisa?
 
V

Val

How about an S-100 bus machine running CP/M?

I might still have a Timex-Sinclair 1000 hiding in the closet.


Oh. My. God.
That's it. I'm switching to a more secure operating system!
Does anyone know if Apple still makes Lisa?
 
D

DP

Do you think the Datasette from my old Vic-20 is compatible with the
Sinclair? Is there a hack, maybe?
 
T

Telstar

Val said:
How about an S-100 bus machine running CP/M?

I might still have a Timex-Sinclair 1000 hiding in the closet.
Click to expand...


My KayPro and TRS-80 model I have never been hacked. They must be superior.
 
L

Lang Murphy

The article seems to suggest that the machines in question were extremely
poorly maintained and running outdated versions of the OS.
Click to expand...

And that doesn't happen with regularity in the real world? You think this is
an extreme exception?

Lang
 
N

Not Me

LOL, I have 10,000 feet of mylar tape with the programming for the HP-2000.
But where am I going to find 480,000 vacuum tubes and 25 miles of wire? or a
100 baud modem?
 
P

PvdG42

DP said:
Do you think the Datasette from my old Vic-20 is compatible with the
Sinclair? Is there a hack, maybe?
Click to expand...

Well, nobody has successfully hacked into my Atari 800, so I guess TOS is
pretty secure ;)
 
P

PvdG42

CPM - only way to fly :)

Telstar said:
My KayPro and TRS-80 model I have never been hacked. They must be
superior.
Click to expand...

Let's start an antique OS religious war! TOS was always better than CP/M!
 
K

Kerry Brown

Charlie Tame said:
If you thought otherwise then it only exposes a deplorable lack of
knowledge on your part.

The article seems to suggest that the machines in question were extremely
poorly maintained and running outdated versions of the OS.
Click to expand...


If Canonical can't maintain a Linux server who can? Can you imagine the
outcry if Microsoft's server's were hacked because they hadn't kept them up
to date? I totally agree that the reason this happened is because the
servers were out of date but it is ironic that they were servers run by
Canonical. It is more a statement of how important it is to stay up to date
with patches than anything else. The OS is really irrelevant.
 
N

norm

Kerry said:
If Canonical can't maintain a Linux server who can? Can you imagine the
outcry if Microsoft's server's were hacked because they hadn't kept them
up to date? I totally agree that the reason this happened is because the
servers were out of date but it is ironic that they were servers run by
Canonical. It is more a statement of how important it is to stay up to
date with patches than anything else. The OS is really irrelevant.
Click to expand...
Although it doesn't mitigate the situation, it was local communities
operating and maintaining the servers, not canonical. See the following:
http://www.dslreports.com/forum/r18880277-Ubuntu-servers-hacked-to-attack-others
 
D

DanS

If Canonical can't maintain a Linux server who can? Can you imagine
the outcry if Microsoft's server's were hacked because they hadn't
kept them up to date? I totally agree that the reason this happened is
because the servers were out of date but it is ironic that they were
servers run by Canonical. It is more a statement of how important it
is to stay up to date with patches than anything else. The OS is
really irrelevant.
Click to expand...

What's not so irrelevent is the way the 'hack' may have perpetrated.

While no absolute method of hacking was given, no 'exploit', this
statement was made...

"FTP (not sftp, without SSL) was being used to access the machines, so an
attacker (in the right place) could also have gotten access by sniffing
the clear-text passwords," he said.

If that was the method used, there was no 'hacking' or exploit involved,
as it wouldn't have been some internal deficiency, just simply using an
existing sniffed login and password.

I've always detested the way Windows Server FTP server could only be
accesssed by users if they have a l/p in AD.

People have got to remember, basic SMTP, FTP, POP, and NNTP protocols do
use plain text when sending usernames and passwords.
 
S

Saran

Richard said:
So much for Linux (Ubuntu) being bullet proof.
Click to expand...

No one ever said it was. Anyone who thinks ANY system is hack proof is
living in a dream world. Unix and Linux have far fewer wholes to be
exploited by Windows and last I checked, are not exactly the easiest to
hack into.
Ubuntu servers hijacked. Used to launch attack.

http://www.eweek.com/article2/0,1895,2171318,00.asp
Click to expand...


Maybe you should actually read the article.


that the source of the troubles might have been a Chinese
IP address trying to log onto the servers by brute force
"for a long time now it seems," said a participant

The attacker got in via brute force? If that's so then this is nothing
more than a case of an admin neglecting security. Something as simple as
checking logs from time to time could of prevented that. Most Linux
systems I've used have something called LogWatch that compiles a report
of various logs (that can be customized) for the root admin to see every
morning their inbox.


the servers were all found to be out of date, stuffed with
Web software, and missing security patches-at least in the
instances where it was easy to determine what version
they're running.

In other words these machines were poorly kept and possibly running poor
choices of software or software that was poorly configured, probably by
inexperienced personal.


It seems that this isn't a case of Linux being vulnerable, but what
happens if admins of live servers don't do their job.

In any system theres no replacement for good administrators. Linux is
far more solid and robust than Windows could ever hope to be (if Vista
is any indication.)

-saran
 
S

Saran

Lang said:
And that doesn't happen with regularity in the real world?
Click to expand...

I guess it depends if the admins actually do their job as maintainers.
If they don't, it's no one's fault but their own.
You think this is an extreme exception?
Click to expand...

For live servers, yes I do. Any properly maintained live server (like
those in data centers used by hosting companies) should fall prey to
such attacks if the admins do their jobs. If they do then someone wasn't
taking care of things.

-saran
 
S

Saran

Telstar said:
My KayPro and TRS-80 model I have never been hacked. They must be
superior.
Click to expand...

Wow, how suprising, considering you've never plugged them into the
Internet :)

-saran
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

EvilGnome. 2
Article: Night of the Living Vista 10
Symantec and McAfee just won't quit 10
Why Linux and open source sucks 27
if (Windows Rules) then (Linux fails) 3
Antivirus Solutions 24
Windows Genuine Advantage 77
Linux is as buggy as Windows 27

Top