[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: Re :[OT] Hackers

To: Mukund Deshmukh <betacomp@xxxxxxxxxxxxxxxxx>, Linux India General <linux-india-general@xxxxxxxxxxxxxxxxxxxxx>
Subject: Re: Re :[OT] Hackers
From: Suresh Ramasubramanian <r.suresh@xxxxxxxxxxxxxxx>
Date: Tue, 14 Mar 2000 16:59:23 +0530
Cc: LI Help <linux-india-help@xxxxxxxxxxxxxxxxxxxxx>, Raj Mathur <raju@xxxxxxx>
In-reply-to: <000c01bf8d8b$98281f00$f201a8c0@default>; from betacomp@nagpur.dot.net.in on Tue, Mar 14, 2000 at 11:10:24AM +0530
Mail-followup-to: Suresh Ramasubramanian <r.suresh@xxxxxxxxxxxxxxx>, Mukund Deshmukh <betacomp@xxxxxxxxxxxxxxxxx>, Linux India General <linux-india-general@xxxxxxxxxxxxxxxxxxxxx>, LI Help <linux-india-help@xxxxxxxxxxxxxxxxxxxxx>, Raj Mathur <raju@xxxxxxx>
Organization: CAUCE India <www.india.cauce.org>

Mukund Deshmukh saw fit to inform LI that: 

>I STRONGLY CONDEMN the kind of language of the mail, If some one is offered
>an root account on platter he can not be called as cracker, I wonder why

Does that mean that VSNL has called him up and told him the root
password?  Tell you what - suppose I leave my house loosely locked while I
go out, do you have any right to break in, just to test how well I have
locked my house?

>And if some one opens with security a related topic, he is threatened to be
>thrown out.

If someone is faced with a breakin attempt on his servers, lots of us here
do help.  In fact, I ~have~ helped a few people (such as Binand) secure
their mailservers.  What I (and doubtless others on the list) don't like
is people breaking into somebody's server and boasting about it on the
list.

>I know there are many people on this list who are managing the important
>server, Do they know ?

8< list ........

Anyone who reads bugtraq / cert / even reads the security updates posted
on the redhat / any *nix site is welcome to all this info and lots more.  

So, what's your point?  Raju has, in the past, posted lots of mails from
the redhat / debian lists, bugtraq etc, warning about these vulnerablities
and detailing the fix.  He has NOT, on the other hand, broken into my (or
anybody else's) server and boasted about it. Raju -- how about resuming
those periodic "security update" posts?

>Why these are not discussed on this list because some will boot his as* from
>the list?

Search the list archives.

>So please do not discourage security related topics to this list even if
>they are posted by a hacker.

I have posted such stuff - but I have detailed the fixes.  I have not
boasted "I have cracked vsnl, I have cracked xyz server" ... (and there is
nothing to boast about downloading lame h4x0r t00lz / learning age old
cracks, and trying them on lamebrain servers).

In fact, another member of LI-H mailed me offlist
just the other day, asking what he should do about people portscanning his
server to look for open ports etc to break in.  That sort of stuff is
perfectly acceptable on the list.

>Most of the lister have an account on vsnl /dot server and any  security
>related discussion can not be out context. I receive an average 10 kb a spam

That can be remedied to some extent, and CAUCE India is trying to convince
VSNL ...  but you cannot sit on your butt and blame vsnl for anything and
everything.  Check out stuff like Spamicide / Spam Hater (for 'doze) and
Spam Bouncer <http://www.hrweb.org/spambouncer> for Linux (warning - this
is advanced procmail).

>mail every day, just because server admin are not in position to maintain
>their server properly. I do not want some one peeking in to my mail box as

Then use vsnl only to connect to the net and get an account elsewhere,
where you can be sure of having a secured server.  For what it is worth,
most of the situation is remedied now - at least VSNL has substantially
upgraded a lot of the software they are running .... you are not likely to
find h4x0ring VSNL that easy now that they are running 8.9.x /
postfix, and most servers (at least in the larger cities) have updated
their kernels etc as well.  

It can't change overnight, but VSNL ~is~ changing, thanks mainly to
Mr.G.P.Singh, sysadmin of VSNL Bombay, who has been working very closely
with us.  Several VSNL servers were on the RBL
<http://www.mail-abuse.org/rbl> till he upgraded them and got the
blacklisting removed.

>If any discussion on this list is going help vsnl to set the things right,
>it will be beneficial to listers only.

Or rather, it will encourage enough people to think that the average linux
user in India is still full of script kiddies (I won't even dignify
breaking into VSNL servers by calling it "cracking").

>And Sibayan can not called as cracker if the root account of cl server is
>offered on platter to him. If you keep doors and lockers of your house open,
>and a burglar strikes, cops will blame you first. It is every ones duty to

If I am as careless as that, they ~will~ blame me first, but that does not
mean they won't arrest the burglar when they find him.  Plus the fact that
cracking (and rooting) a box disrupts services for hundreds of users while
you are sitting playing around - and that does not take into the possible
damage caused by some half baked h4x0r roaming around at will.

If you have anything further to say on this subject - take it to Linux
India General or mail me offlist.  We'll let the list stay with Yamaha
sound cards, SiS cards etc, till something sensible comes out on this
issue.  

-- 
Suresh Ramasubramanian + President, CAUCE India + www.india.cauce.org
Stopping Spam In India + suresh@xxxxxxxxxxxxxxx + Spammers are Losers
--
A successful [software] tool is one that was used to do something
undreamed of by its author.
		-- S. C. Johnson

Prev by Subject: Re: Questionable Characters
Next by Subject: Re: Re: Re :[OT] Hackers
Previous by thread: Linux kernel stuff
Next by thread: Re: Re: Re :[OT] Hackers
Index(es):
- Subject
- Thread