Re: Re: Re :[OT] Hackers

["Shanker R Swaminathan" <csewhiz@xxxxxxxxxxx>]

<snip>
----- Original Message -----
From: "Mukund Deshmukh" <betacomp@xxxxxxxxxxxxxxxxx>
To: "Shanker R Swaminathan" <csewhiz@xxxxxxxxxxx>
Sent: Wednesday, March 15, 2000 9:02 AM
Subject: Re: [LIG] Re: Re :[OT] Hackers


>
> With vsnl server the things might be slightly better, but people at dot
> server in nagpur did not knew what is pop lock, before 6 months or so.
> About 2 years back when I found that ls -alR / and cat /etc/passwd
commands
> are working freely with all vsnl server I informed all (about 16 or so)
the
> server admin of vsnl and dot.

</Snip>
Lots more was possible then. The menu script then used to run in cooked mode
, so a simple ^z was enough to suspend it and return to a priviliged prompt.
VSNL has mended it's ways but DOT is yet to learn anything. Thankfully
glaring errors like these are long past!
<snip>
> I recevied only two reply from bom3 and pn01 server. In fact one of the
> Digital's Engineer ( they are providing softaware support to vsnl /dot)
has
> told me that they have advised all server admin, not to check root mail as
> it may have some exploit code.
</snip>
All too right. VSNL calcutta saw it fit to inform us that they do NOT
monitor *any* mailbox other then the one on giascl01. However , they seem to
be getting mail forwarded to the helpdesk so all our queries get attended
to.
<snip>
> >around with the VSNL systems doesn't give you the right to go around
doing
> >so. There are perhaps hundreds of Servers which are similarly configfured
> >servers in University depts around India ( Similar to mine) , where
> students
> >have access . If everyoneof them  starts practicing his /her talents on
the
> >VSNL servers , nobody else would get any work done.
>
>
> This is the reason why Indian sites are being defaced by hackers from the
> neibhouring countries, hackers are having field day, and bringing shame to
> we Indians.
</snip>
1. what has this got to do with VSNL. They have set many things right. -
more than can be said for others. How many of the others have been informed-
by clued people?
2. If you have information that something is not OK then yell , scream etc.
to the concerned people  from the TOP. Action DOES  get taken.The sites you
are talking about got defaced due to the negligence of the sysadmins
concerned. It's nothing new- or specific to India. Happens everywhere. If
you find anthing amiss, report it. However , if you start defending wannabe
crackers  in the name of rousing everyone's attention , I beg to
disagree.IMHO , morally we put ourselves hopelessly in the wrong and come
down to their level. ( The crackers').
> It could be partially true in case of vsnl, but situation with dot is
worst.
> The server admin are the people drawn from the telephone department and do
> not know ABC of *nix.
They are a hopeless lot, from our experience too. However, The VSNL servers
DO seem to be robust from the outside , as much as any server on the net can
be, now-a-days.

<snip>
> If people would have responded to critisism of their server / software
then
> bugtraq would have never existed.
</ Snip>
Posts are made to Bugtraq after it has been seen that a vendor has nopt
responded or after a fix is found. All these presuppose that the vendor is
*always* informed. I doubt that in this case sibiyan had gone around
informing all the concerned in VSNL , from the top.( Correct me if I am
wrong!)

<snip>
> I really wonder why discussion on exploits is being slammed every time. Is
> this list only for video/sound/mail problem only. No wonder bugtraq has
> membership of more than 20,000 and linux-india only 1000.
</snip>
Discussions on security are welcome- Not on Boasts of alleged exploits
without fixes. ONLY Those have been flamed. Check the archives on LI, now
LIH( In my knowledge at least)