l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
October 20: Web Application Hacking: How to Make and Break Security on the Web
Next Installfest:
TBD
Latest News:
Oct. 10: LUGOD Installfests coming again soon
Page last updated:
2003 Sep 23 14:43

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox] cal.net rant
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox] cal.net rant



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sunday 21 September 2003 07:40 pm, Jeff Newmiller wrote:
> On Sat, 20 Sep 2003, Ryan Castellucci wrote:
> > I would like to see an article published in the enterprise about this, as
> > I am VERY annoyed that they are partly to blame for two of my systems
> > being cracked, and that they are allowing this intruder have free reign
> > on thier system, however, I doubt the entrprise would make a store out of
> > this. If anyone knows of anywhere I can complain to that will bring this
> > to the attention of the public, I would be appreciative.
>
> I am interested to see your analysis of the problem.  Definitely not fun.
>
> However, I am not really sure why this situation is pushing you to switch
> to Omsoft.  They are linux-friendly, but not necessarily
> linux-advocates... they depend heavily on Windows NT.  Davis Community
> Network (which is sort of related to Omsoft) has two (or more?) sun boxen.
> I have an account on one of these, and while I have no information leading
> me to suspect that they are or ever have been 0wned, I would simply never
> make a backward connection into my home box from that shell account, so
> the worst that can happen through that account is defacement of my website
> or perusal of my email.  I would not be particularly happy to encounter
> defacement of my website, but I would most likely simply request the
> sysadmin to review the security of their box and change my password. (I do
> think DCN is competent to do that... you may not have even that level of
> confidence in cal.net anymore.)

Yes, I was foolish to make an outgoing connection from my shell. I should not 
have been doing that from an untrusted system. It was also a bad idea to give 
my personal account unfettered sudo access.

As to why I am planning to switch to omsoft, most people I talk to say they 
are a good ISP, and their static IP DSL pricing is attractive.

> I like Omsoft as an ISP, but I don't have any reason to think they have
> any special claim to better security than cal.net... and I don't hold them
> even partly responsible for the integrity of my LAN.  There are too many
> ways a random computer can be doctored to make remote shell connections to
> my home box permissible to more than my laptop.

Well, my irritation stems mostly from the fact that they seem to be simply 
ignoring the problem, and that they don't seem to be installing patches.

- -- 
PGP/GPG Fingerprint: 3B30 C6BE B1C6 9526 7A90  34E7 11DF 44F3 7217 7BC7
On pgp.mit.edu, import with `gpg --keyserver pgp.mit.edu --recv-key 72177BC7`
Also available at http://www.cal.net/~ryan/ryan_at_mother_dot_com.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/bo+cEd9E83IXe8cRAvjfAJ0QX8N3XoQissGREE0UbBpEgdqvagCgqRbb
99Dcoiqd3JYiRtt8WCijxfo=
=mXvv
-----END PGP SIGNATURE-----
_______________________________________________
vox mailing list
vox@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
EDGE Tech Corp.
For donating some give-aways for our meetings.