Denial of service attack dissected

[jaguar]

Nope, he was just arrogant/bored.
BUt yea, i've heard of people doing that *many* times. They had one at my school for a short while but it took around 5 days for kids to start picking holes in the pissweak security so the scrapped the idea.

[leif]

I just wanted to throw in my $0.02 security tale...

The local ISP in my area got its shell server's ssh client compromised, and didn't notice for some time. Hundreds of passwords were recorded including several of my own.

Another server that I had a shell account on got hacked a couple months ago, also an ssh hack I believe, and the cracker came in through my account. I was shocked, since I don't connect from anywhere but work, home, and the ISP's shell server, and I only use ssh. It wasn't until much later when the ISP realized that they had been compromised that I realized how my password got stolen. As it turns out, a friend of mine's J.C. shell account also got hacked. He ended up with his account terminated, and the teacher threatened to throw him out of the class for hacking... He later found out this was because there was some sort of root kit in his home directory. He, also, had been connecting via the ISP's shell server using the compromised ssh client.

All in all it was a real eye-opener for me and a lot of other people. Persumably a single person caused so much damage, not just online but in various people's lives as well. Stupid cracks like this seem like a minor annoyance until you get victimized by one.

[jaguar]

With the shear lack of water-tight security around tales like yours scare me, while I’ve never suffered a major crack a recent story about the *almost* cracking of a Californian power company (what power is there to stop?) to the level of control computers scared the shit out of me, cyber terrorism becomes real-world terrorism, i can see combined cyber-real world terrorists attacks with essential services being knocked off...
Scary stuff, I think the world needs more OpenBSD and less stupid admins.

[tw]

Quote:

Originally posted by leif
I just wanted to throw in my $0.02 security tale...

... As it turns out, a friend of mine's J.C. shell account also got hacked. He ended up with his account terminated, and the teacher threatened to throw him out of the class for hacking... He later found out this was because there was some sort of root kit in his home directory. He, also, had been connecting via the ISP's shell server using the compromised ssh client.

I believe the concensus was that personal ID verification is not a problem in America AND it will not get worse. It is the general trend. We have plenty of databases to trace what you supposidly did, but we have no fundamental method so that you and only you can confirm you are who you say you are AND we have no methods so that you can confirm that your ID is safe and uncompromised.

OK, maybe a system could not be created to avoid this particular shell ID and Password violation. But we have virtually no systems for you only to prove you are you AND to verify that others have not compromised your ID. Presently another can steal your ID, you would never know, AND you would suffer consequences from powers that would first look to blame you - all because we don't have a National ID Confirmation system.


[Edited by tw on 06-12-2001 at 02:22 PM]

[jaguar]

Yes, i have to agree, i mean have a *BIG* problem with the govt watching me, but i don't mind being given a number, it doesn’t achieve anything in itself.
The only thing that strikes me is what exactly does it achieve, its how it’s checked that it’s the right person, i.e., verification that is the tricky bit, particularly on the net were *nothing* is secure.