[linux-sec-uk] Secure FTP

Mark linux-sec-uk at mailman.lug.org.uk
Tue Aug 19 11:01:59 2003 

--=-qIW1qyxqfHzcitMuHdMl
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Tue, 2003-08-19 at 10:53, Daniel wrote:
> On 19 Aug 2003, Mark wrote:
>=20
> > Most software has holes, I always feel it's a case of the lesser of the
> > evils. Almost everything in an infrastructure has a security flaw of on=
e
> > description or another, if you cant find one in the software, look at
> > the staff, it's a case of just how feasible it is for it to be abused.
>=20
> lol yes you should see some of the stuff we've seen admins doing, anythin=
g
> from leaving customers in the server rooms to do whatever they want
> (imagine leaving a clinet in a room with 100cabinets some lying
> unlocked..thats asking for trouble right?physical security is just as
> important..) right upto default install boxes..
>=20

heh, well our server room was fine, it was a client who had a leased
line to us.. they didnt run firewalls at their end, so their admins
spent most of the day trying to get into our network via the line...

It was most fascinating watching faces when you pass logs over the
table.


>=20
> > I use sendmail, very happily, but then the reason I feel safe using it
> > is because of the kernel modifications that are done to the host system=
,
> > not convinced I would use it if the box was a default install..(then
> > again, does anyone roll out default installs anywhere?)
>=20
> lol yes i've seen it before and I'll probably see it again..it just one o=
f
> them things that lazy people do. Christ if you dont patch expect to be
> hacked..

Yeah, I know people do, It was more aimed at people on this list really,
the muppets of the world, well they keep me/us in work so who am I to
complain they can't help being inept.

> regs,
ditto
--=20
                          Mark
                   www.wwjh.net/~mark
 "If you know yourself, knowing the enemy does not matter."


--=-qIW1qyxqfHzcitMuHdMl
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQA/QfTvkW8rr2DByCIRAjoYAKCe+4HGu7CSxRlZKjC35i7vxAQhEwCgsal9
RSnuD9e8BcmhoAIP3GtI7gk=
=zPqQ
-----END PGP SIGNATURE-----

--=-qIW1qyxqfHzcitMuHdMl--