[CLUG] circumvent
Donncha O Caoimh
donncha.ocaoimh at tradesignals.com
Thu Nov 30 13:22:51 GMT 2000
Linux has plenty of security problems too, can't deny that.
You don't need a password to get at the password files on a [INSERT YOUR
FAVOURITE OS] system.
Take a look at the following URL, and be frightened if you're running
Windows on even a dial up account..
http://www.enteract.com/~lspitz/worm.html
On any OS, there are going to be poorly written programs running. Some
of them are well known and patched quickly, but even some of the well
known ones aren't patched for a long time (mailman was it that had a
vulnerability for several years?)
Cause a buffer-overflow in Bind, insert some malicious code, be it x86
asm, or shell script if you manage to get a shell, create a user with
uid 0 and the admin may never know you're on his system... root kits are
available to do all this, script kiddies love it!
Donncha.
"Roycroft, Bryan" wrote:
>
>
>
> -----Original Message-----
> From: Donncha O Caoimh
> To: Roycroft, Bryan; cork at linux.ie
> Sent: 11/30/00 12:14 PM
> Subject: Re: [CLUG] circumvent
>
> .......
> I'd rather handle the encryption in the files themselves at an
> application level than let the OS try and handle it. That way you get
> the maximum flexibility as it's under your control what gets encrypted
> and what doesn't..
>
> but people go on and on about security problems with windows nt, even to
> crack a password you still need to have access to them, getting access to
> them requires a password etc.
>
> also the mysql api is a breeze to use, i thought database access was gonna
> be hard, it handles sockets any everything else, i thought i'd have to
> network my program myself....
More information about the Cork
mailing list