[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Moscowchannel.com hack



-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 1 Sep 1996, Igor Chudov @ home wrote:

> snow wrote:
> > 
> > On Sat, 31 Aug 1996, Joel McNamara wrote:
> > 
> > > Not really crypto, but related to the DOJ hack in a way.
> > > 
> > > Moscow Channel is a pretty slick, Russian news/commentary page.  Their Web
> > > site was hacked and altered by someone who didn't seem to like Russians all
> > > Just a matter of time before some builds a dedicated Satan type tool that
> > > scans for  HTTP server holes or messed up file permissions to make locating
> > > potential victims easy.
> > Write your web site to a CD-ROM and hard-code the base directory into the
> > webserver.
> 
> A hacker who has root can forcibly unmount the cdrom and mount another
> directory on that node. Not a good solution.

As soon as the sysadmin finds out, said directory can be unmounted and CD-ROM
device can be remounted.  Besides, if someone manages to get root access on any
machine, the sysadmin of that machine is basically screwed anyway.  It's much
better than having to back up the web page on a tape and having to restore the
data when it is altered.

- -- Mark

PGP encrypted mail prefered.
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMinT7yzIPc7jvyFpAQHe7AgAuRNtTXZeLkuXo0CFoJOgrI+EEfHOKUsI
9KoRm+aesqNOvFpxPcHiE2QypMDjgjFqGozsT+Qb48W82Yt0p10PdqGtq1Ais+M0
b8gwLbnUPY8tnRFL49TqZIvAHl2kyo/7pxViTrXfNtBe+rSA+9FZHPBJgtHzWy2X
LIOQ9P6NPMmdlKuaeZQ3oF1esbvlHInsYOgGTJN0DZQR8ivFyXZ3MA0XjXvnF2pl
4lUDfgUN+BAQzhW56o0cgBnGYetujNJYVAQkzUwCIs2sfxS1Sex305vqfmFHUVkY
HACMhuoVXYZXuF+5NCjfhHsnjEiYgeMczGTZDlwOCbIFTxCc8/t6tQ==
=oxki
-----END PGP SIGNATURE-----