Linux servers hacked - who would have thought

[thetruthhurts]

Unix and Linux have far fewer wholes to be

exploited by Windows and last I checked, are not exactly the easiest to
hack into.

Is that really true or is just a lot fewer people are trying to hack
them?

 

[ray]

So much for Linux (Ubuntu) being bullet proof.

Ubuntu servers hijacked. Used to launch attack.

http://www.eweek.com/article2/0,1895,2171318,00.asp

People have been saying right along that ***ALL*** operating systems are
vulnerable!

Of course. And some are more vulnerable than others. I note in the article
that security patches, etc. had not been kept up to date on the affected
servers. Yes, that is a recipe for disaster. I keep mine up to date, and
I've not had any problems.

 

[Saran]

Is that really true or is just a lot fewer people are trying to hack
them?

Actually it's probably a bit of both. Straight hacking a random Linux
box, good luck. It's when things like root-kits somehow get installed
(usually by a clueless admin being fooled by some advert on the web,
irc, etc) that's the big cause of infiltrations. This is true of any OS
that can be accessed remotely.

There are also brute force bots out there, but anyone watching logs and
such can catch those easily enough. There is no excuse for letting
someone "for a long time now it seems" to gai nentry to a system via
brute force. It's as if no one was watching their servers in that
scenario. That's not a product of hacking, that's a product of
incompetent and/or lazy admins.

-saran

 

[Saran]

Of course. And some are more vulnerable than others. I note in the
article that security patches, etc. had not been kept up to date on
the affected servers. Yes, that is a recipe for disaster. I keep mine
up to date, and I've not had any problems.

While keeping up to date in security patches is important, it's not that
alone that gets things done. Even on a ssytem that's out of date, proper
administration - checking logs, statuses, etc - can keep a a system
break in free. You can have all the patches i nthe world, but ify ou let
someone brute force for somw time to break in, all those security
patches wont have done any good. Patches are worthless when admins
neglect their jobs.

-saran

 

[Mr. Arnold]

I guess it depends if the admins actually do their job as maintainers. If
they don't, it's no one's fault but their own.


For live servers, yes I do. Any properly maintained live server (like
those in data centers used by hosting companies) should fall prey to such
attacks if the admins do their jobs. If they do then someone wasn't taking
care of things.

What you have said up above there makes no sense whatsoever.

The bottom line is no matter what it is, as long as Human Beings are
involved with it in some kind of way there is always going to
vulnerabilities.

 

[Adam Albright]

The linturd zealots always represent that linux can be run totally
securely by any 6 yr old.
I guess reality is a difficult thing to accept.
Frank

The reality is Frank, you are nothing but a useless asswipe.

 

[Leythos]

Actually it's probably a bit of both. Straight hacking a random Linux
box, good luck. It's when things like root-kits somehow get installed
(usually by a clueless admin being fooled by some advert on the web,
irc, etc) that's the big cause of infiltrations. This is true of any OS
that can be accessed remotely.

But that fits the target audience for Ubuntu, clueless users running as
root.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
(e-mail address removed) (remove 999 for proper email address)

 

[Wayne M. Poe]

But that fits the target audience for Ubuntu, clueless users running
as root.

And how is that true? If any system almsot forces you to run as admin
(to really do anything useful) it's Windows. I don't know of an OS with
more clueless people.

 

[Leythos]

And how is that true? If any system almsot forces you to run as admin
(to really do anything useful) it's Windows. I don't know of an OS with
more clueless people.

And those same clueless people hear about a new, great, security driven,
OS that's free and they make the same mistakes that make in Windows -
they run as Root, download anything, compromise their machines, etc...

I've been using PC's since the 70's, never had a virus/malware on any of
My Own computers, never, and that includes about every OS on the market
and some that weren't, so it's not the OS, they all have flaws, it's the
idiots that fall for the marketing crap that tells them this OS will
keep them from getting hacked....

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
(e-mail address removed) (remove 999 for proper email address)

 

[norm]

But that fits the target audience for Ubuntu, clueless users running as
root.

Ubuntu, by default, does not run as root. The only default way to gain
root is as superuser, and that access is limited only to the person that
creates the original user account. And the original user is the only one
that can create secondary accounts with ANY privileges. In other words,
clueless users running as root is very much an oxymoron.

 

[Frank]

Ubuntu, by default, does not run as root. The only default way to gain
root is as superuser, and that access is limited only to the person that
creates the original user account. And the original user is the only one
that can create secondary accounts with ANY privileges. In other words,
clueless users running as root is very much an oxymoron.

Administrator is disabled by default in Vista.
Frank

 

[ray]

Unix and Linux have far fewer wholes to be

Is that really true or is just a lot fewer people are trying to hack
them?

I believe it really is true. The security model is completely different.
But, for practical purposes, does it really matter?

 

[Charlie Tame]

And that doesn't happen with regularity in the real world? You think
this is an extreme exception?

Lang

Not in the least, not me anyway.

 

[Jerry White]

What you have said up above there makes no sense whatsoever.

The bottom line is no matter what it is, as long as Human Beings are
involved with it in some kind of way there is always going to
vulnerabilities.

That's basically what he said. It was the admins who were at fault in this
case.

 

[Charlie Tame]

If Canonical can't maintain a Linux server who can? Can you imagine the
outcry if Microsoft's server's were hacked because they hadn't kept them
up to date? I totally agree that the reason this happened is because the
servers were out of date but it is ironic that they were servers run by
Canonical. It is more a statement of how important it is to stay up to
date with patches than anything else. The OS is really irrelevant.

Absolutely in agreement, and yes it is ironic, someone needs their
backside kicked to be honest, but you made the important point that the
OS is not relevant at all.

 

[Jerry White]

The linturd zealots always represent that linux can be run totally
securely by any 6 yr old.
I guess reality is a difficult thing to accept.
Frank

I don't recall anyone ever sayign that of Linux. Linux is overall more
secure than Windows, but it comes down to who is administrating it.

On the other hand, any 6 year old using internet explorer can royally fubar
a Windows system within minutes if not seconds.

 

[Charlie Tame]

The linturd zealots always represent that linux can be run totally
securely by any 6 yr old.
I guess reality is a difficult thing to accept.
Frank

I'm always happy to criticize anything Frank

 

[Charlie Tame]

What's not so irrelevent is the way the 'hack' may have perpetrated.

While no absolute method of hacking was given, no 'exploit', this
statement was made...

"FTP (not sftp, without SSL) was being used to access the machines, so an
attacker (in the right place) could also have gotten access by sniffing
the clear-text passwords," he said.

If that was the method used, there was no 'hacking' or exploit involved,
as it wouldn't have been some internal deficiency, just simply using an
existing sniffed login and password.

I've always detested the way Windows Server FTP server could only be
accesssed by users if they have a l/p in AD.

People have got to remember, basic SMTP, FTP, POP, and NNTP protocols do
use plain text when sending usernames and passwords.

Actually a very very valid observation. Once you hand over the car keys
expect to walk home

 

[Leythos]

Ubuntu, by default, does not run as root. The only default way to gain
root is as superuser, and that access is limited only to the person that
creates the original user account. And the original user is the only one
that can create secondary accounts with ANY privileges. In other words,
clueless users running as root is very much an oxymoron.

No, since it's being touted as the OS for home users, simple to use,
easy to install, etc... The same target will run as SU all the time,
they were told that you don't need AV, it's not hackable, no security
threats, that's why they will run as root and why they get compromised.



--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
(e-mail address removed) (remove 999 for proper email address)

 

[Charlie Tame]

I don't recall anyone ever sayign that of Linux. Linux is overall more
secure than Windows, but it comes down to who is administrating it.

On the other hand, any 6 year old using internet explorer can royally fubar
a Windows system within minutes if not seconds.

I knew someone once, I swear to God he could have crashed an Abacus...