[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: Re: Re :[OT] Hackers

To: "Linux India General" <linux-india-general@xxxxxxxxxxxxxxxxxxxxx>
Subject: Re: Re: Re :[OT] Hackers
From: "Mukund Deshmukh" <betacomp@xxxxxxxxxxxxxxxxx>
Date: Wed, 15 Mar 2000 09:17:08 +0530
Cc: "LI Help" <linux-india-help@xxxxxxxxxxxxxxxxxxxxx>, "Raj Mathur" <raju@xxxxxxx>

-----Original Message-----
From: Suresh Ramasubramanian <r.suresh@xxxxxxxxxxxxxxx>
To: Mukund Deshmukh <betacomp@xxxxxxxxxxxxxxxxx>; Linux India General
<linux-india-general@xxxxxxxxxxxxxxxxxxxxx>
Cc: LI Help <linux-india-help@xxxxxxxxxxxxxxxxxxxxx>; Raj Mathur
<raju@xxxxxxx>
Date: Tuesday, March 14, 2000 5:28 PM
Subject: [LIG] Re: Re :[OT] Hackers

>Mukund Deshmukh saw fit to inform LI that:
>
>>I STRONGLY CONDEMN the kind of language of the mail, If some one is
offered
>>an root account on platter he can not be called as cracker, I wonder why
>
>Does that mean that VSNL has called him up and told him the root
>password?  Tell you what - suppose I leave my house loosely locked while I
>go out, do you have any right to break in, just to test how well I have
>locked my house?
>

It was literely on a plater in my case. About a year back when I pointed my
browser to one of the dot server on a particular port , I got server
administration
menu with root priviledge.
Now pointing my browser to an open port on any server can not ammount to
cracking.
Again a few days back when I telneted to an indian server on particuar port
, I
was offered root access without authintaction.

In both cases I promptly informed the server admin.

>
>>I know there are many people on this list who are managing the important
>>server, Do they know ?
>
>8< list ........
>
>Anyone who reads bugtraq / cert / even reads the security updates posted
>on the redhat / any *nix site is welcome to all this info and lots more.
>

How many server admin on linux-india read bugtraq?
Out of 100 million Indian people I had found only one mail from raju on
bugtraq in last one year.

>
>That can be remedied to some extent, and CAUCE India is trying to convince
>VSNL ...  but you cannot sit on your butt and blame vsnl for anything and
>everything.  Check out stuff like Spamicide / Spam Hater (for 'doze) and
>Spam Bouncer <http://www.hrweb.org/spambouncer> for Linux (warning - this
>is advanced procmail).

CAUCE is doing really commendable work, but mail is not the only hackers
target.

>
>Then use vsnl only to connect to the net and get an account elsewhere,
>where you can be sure of having a secured server.  For what it is worth,
>most of the situation is remedied now - at least VSNL has substantially
>upgraded a lot of the software they are running .... you are not likely to
>find h4x0ring VSNL that easy now that they are running 8.9.x /
>postfix, and most servers (at least in the larger cities) have updated
>their kernels etc as well.
>

No I do not agree to this. I can still fetch, using standard commands, user
list file from vsnl /dot servers. This will certianely not ammount to
hacking or cracking as I have valid accounts on these server and the file
permission  is rwxr-xr-x.
I have already sent mail to these server admin 2 months back, but none of
them replied.

>It can't change overnight, but VSNL ~is~ changing, thanks mainly to
>Mr.G.P.Singh, sysadmin of VSNL Bombay, who has been working very closely
>with us.  Several VSNL servers were on the RBL
><http://www.mail-abuse.org/rbl> till he upgraded them and got the
>blacklisting removed.
>

Follow-Ups:
- Re: Re: Re :[OT] Hackers
  - From: Suresh Ramasubramanian

Prev by Subject: Re: Re: Re :[OT] Hackers
Next by Subject: Re: Re: Re :[OT] Hackers
Previous by thread: Re: Re: Re :[OT] Hackers
Next by thread: Re: Re: Re :[OT] Hackers
Index(es):
- Subject
- Thread