[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]
Re: Re: Re :[OT] Hackers
Mukund Deshmukh saw fit to inform LI that:
>It was literely on a plater in my case. About a year back when I pointed my
>browser to one of the dot server on a particular port , I got server
That is an argument quite often misused ... like Manoj said, just because
a door is open, any xyz does not have the right to walk into it.
>Now pointing my browser to an open port on any server can not ammount to
>cracking.
No. It merely amounts to trespassing.
>In both cases I promptly informed the server admin.
Were you, by any chance portscanning for open ports? I know quite a few
sysadmins who'd be firing off e-mails to your isp demanding you be booted,
if you so much as touched a non-public (whether open or not) port on their
network.
>How many server admin on linux-india read bugtraq?
>Out of 100 million Indian people I had found only one mail from raju on
>bugtraq in last one year.
Even I don't post (or even lurk) on bugtraq - I read the archives whenever
I have any issue to fix. I am sure many sysadmins do exactly that.
>CAUCE is doing really commendable work, but mail is not the only hackers
>target.
NNTP for example ... we were recently working with VSNL, Satyam and
MantraOnline re a series of vicious attacks on usenet (mailbombs etc).
Most of the people sending junk mail (or selling vsnl users
addresses) download the /etc/passwd file. They can, and have, run crack
on it to decipher passwords (esp of those people who set their passwd as
abc123, omsaibaba or something like that).
>No I do not agree to this. I can still fetch, using standard commands, user
>list file from vsnl /dot servers. This will certianely not ammount to
On vsnl hyderabad at least, this is not the case. Anything beyond ls, cp,
rm (and other basic commands) are restricted.
>hacking or cracking as I have valid accounts on these server and the file
>permission is rwxr-xr-x.
Despite badly set permissions - if you are not the owner of the file - you
have no right to touch it or access it.
>I have already sent mail to these server admin 2 months back, but none of
>them replied.
As I said, I will introduce you to G.P.Singh of VSNL Bombay - you can tell
him all the security holes in vsnl ~and~ the fixes available for these
holes. Till then, please don't sniff around their boxes, exploring
security holes. VSNL is quite capable of running cop / nmap etc to fix
their servers ...
--
Suresh Ramasubramanian + President, CAUCE India + www.india.cauce.org
Stopping Spam In India + suresh@xxxxxxxxxxxxxxx + Spammers are Losers
--
Garbage In -- Gospel Out.