Re: [vox] cal.net rant
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [vox] cal.net rant
-----BEGIN PGP SIGNED MESSAGE-----
On Sunday 21 September 2003 07:40 pm, Jeff Newmiller wrote:
> On Sat, 20 Sep 2003, Ryan Castellucci wrote:
> > I would like to see an article published in the enterprise about this, as
> > I am VERY annoyed that they are partly to blame for two of my systems
> > being cracked, and that they are allowing this intruder have free reign
> > on thier system, however, I doubt the entrprise would make a store out of
> > this. If anyone knows of anywhere I can complain to that will bring this
> > to the attention of the public, I would be appreciative.
> I am interested to see your analysis of the problem. Definitely not fun.
> However, I am not really sure why this situation is pushing you to switch
> to Omsoft. They are linux-friendly, but not necessarily
> linux-advocates... they depend heavily on Windows NT. Davis Community
> Network (which is sort of related to Omsoft) has two (or more?) sun boxen.
> I have an account on one of these, and while I have no information leading
> me to suspect that they are or ever have been 0wned, I would simply never
> make a backward connection into my home box from that shell account, so
> the worst that can happen through that account is defacement of my website
> or perusal of my email. I would not be particularly happy to encounter
> defacement of my website, but I would most likely simply request the
> sysadmin to review the security of their box and change my password. (I do
> think DCN is competent to do that... you may not have even that level of
> confidence in cal.net anymore.)
Yes, I was foolish to make an outgoing connection from my shell. I should not
have been doing that from an untrusted system. It was also a bad idea to give
my personal account unfettered sudo access.
As to why I am planning to switch to omsoft, most people I talk to say they
are a good ISP, and their static IP DSL pricing is attractive.
> I like Omsoft as an ISP, but I don't have any reason to think they have
> any special claim to better security than cal.net... and I don't hold them
> even partly responsible for the integrity of my LAN. There are too many
> ways a random computer can be doctored to make remote shell connections to
> my home box permissible to more than my laptop.
Well, my irritation stems mostly from the fact that they seem to be simply
ignoring the problem, and that they don't seem to be installing patches.
PGP/GPG Fingerprint: 3B30 C6BE B1C6 9526 7A90 34E7 11DF 44F3 7217 7BC7
On pgp.mit.edu, import with `gpg --keyserver pgp.mit.edu --recv-key 72177BC7`
Also available at http://www.cal.net/~ryan/ryan_at_mother_dot_com.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
-----END PGP SIGNATURE-----
vox mailing list